DeviceIOControl Failing #40
Comments
|
I believe the format of the ioctl was changed with the most recent drivers. I don't know that the python code was updated - we don't use it really. Can you successfully image using the c userspace program? |
|
Yes, we can currently use the winpmem exe to image. Do you have any idea what the ioctrl setting would need to be updated to? Or documentation I could look into? |
|
This is the struct that gets passed in the ioctl https://github.com/Velocidex/WinPmem/blob/master/kernel/userspace_interface/winpmem_shared.h You need to update the layout here The ioctl numbers used now are here so you have to change them in the python code |
Hi, We have been using the winpmem.sys drivers to perform memory collections using winpmem.py
On newer windows 10 builds we have been getting error 87 parameter is incorrect at the following line.
win32file.DeviceIoControl(
self.fd, CTRL_IOCTRL, struct.pack("I", mode), 0, None)
Are you aware of which parameter may have changed on the windows end? I can confirm the drivers work on older windows 10 builds.
Thanks
The text was updated successfully, but these errors were encountered: