Can IOCTL be used in sending custom input to a Driver

Question

Sorry If this is a noob question, but I'm developing a software "add on" for a game. I'm doing this through a driver simply because the anti-cheat doesn't support ring 0 detection. I haven't seen much info on how IOCTL can be used and i was wondering if you can send custom inputs like process ids and other information that may change or is it all set in stone like a switch function or something. Once again sorry for noob question.

Answer 1

You can communicate with a kernel-mode device driver via IOCTL using the DeviceIoControl Win32 API routine. This routine internally calls NtDeviceIoControlFile (NTDLL) which performs a system call to get NtDeviceIoControlFile (NTOSKRNL) executed.

The DeviceIoControl routine is documented at MSDN: https://msdn.microsoft.com/en-us/library/windows/desktop/aa363216(v=vs.85).aspx

The kernel-mode device driver will have a prerequisite to fulfill: https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/named-device-objects

I haven't seen much info on how IOCTL can be used and i was wondering if you can send custom inputs like process ids and other information

The answer is yes, you can send custom buffers via IOCTL. You can also receive an output buffer back from your kernel-mode device driver to the user-mode application which initiated the IOCTL operation - this is optional of course.

If you need to send multiple pieces of information at the same time, consider using a structure.

I also recommend you read the following: https://learn.microsoft.com/en-us/windows-hardware/drivers/kernel/methods-for-accessing-data-buffers