Created
October 26, 2018 13:48
-
-
Save DownWithUp/59c15f5b93ac35423fdc140eb34ac244 to your computer and use it in GitHub Desktop.
Use an IOCTL to create a beep from Beep.sys
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| #include <winternl.h> | |
| typedef struct _BEEP_SETTINGS { | |
| ULONG ulFrequency; | |
| ULONG ulDuration; | |
| } BEEP_SETTINGS; | |
| void main() { | |
| // Prep string | |
| UNICODE_STRING uszDeviceName; | |
| OBJECT_ATTRIBUTES BeepObjectAttributes; | |
| RtlInitUnicodeString(&uszDeviceName, L"\\Device\\Beep"); | |
| // Prep object | |
| InitializeObjectAttributes(&BeepObjectAttributes, &uszDeviceName, 0, NULL, NULL); | |
| // Get a handle on beep.sys | |
| PIO_STATUS_BLOCK pOutStatus = 0; | |
| HANDLE hDriver; | |
| IO_STATUS_BLOCK IoStatus; | |
| NTSTATUS ntOut = NtCreateFile(&hDriver, 0x3, &BeepObjectAttributes, &IoStatus, NULL, 0, 0x3, 0x3, 0, 0, 0); | |
| if (ntOut == 0x0) { | |
| DWORD dwIOCTL_BEEP = CTL_CODE(FILE_DEVICE_BEEP, 0, METHOD_BUFFERED, FILE_ANY_ACCESS); | |
| BEEP_SETTINGS BeepSettings; | |
| BeepSettings.ulDuration = 10000; | |
| BeepSettings.ulFrequency = 500; | |
| DWORD dwReturned = 0; | |
| DeviceIoControl(hDriver, dwIOCTL_BEEP, &BeepSettings, sizeof(BEEP_SETTINGS), NULL, 0, dwReturned, NULL); | |
| } // You should add an else statement | |
| ExitProcess(0); | |
| } | |
| // I know this is super useful, so you're welcome! |
Reviewed code to work in Windows 11 (with VS 2022):
#include <Windows.h>
#include <stdio.h>
#include <winternl.h>
typedef struct _BEEP_SETTINGS {
ULONG ulFrequency;
ULONG ulDuration;
} BEEP_SETTINGS;
int main() {
// Prep string
UNICODE_STRING uszDeviceName;
OBJECT_ATTRIBUTES BeepObjectAttributes;
RtlInitUnicodeString(&uszDeviceName, L"\\Device\\Beep");
// Prep object
InitializeObjectAttributes(&BeepObjectAttributes, &uszDeviceName, 0, NULL, NULL);
// Get a handle on beep.sys
HANDLE hDriver;
IO_STATUS_BLOCK IoStatus;
// Added GENERIC_READ | GENERIC_WRITE
NTSTATUS ntOut = NtCreateFile(&hDriver, GENERIC_READ | GENERIC_WRITE, &BeepObjectAttributes, &IoStatus, NULL, 0, 0x3, 0x3, 0, 0, 0);
if (ntOut == 0x0) {
BEEP_SETTINGS BeepSettings;
BeepSettings.ulDuration = 1000;
BeepSettings.ulFrequency = 500;
DWORD dwReturned = 0;
DWORD dwIOCTL_BEEP = CTL_CODE(FILE_DEVICE_BEEP, 0, METHOD_BUFFERED, FILE_ANY_ACCESS);
BOOL result = DeviceIoControl(hDriver, dwIOCTL_BEEP, &BeepSettings, sizeof(BEEP_SETTINGS), NULL, 0, &dwReturned, NULL);
if (!result) {
printf("Error in DeviceIoControl: %d\n", GetLastError());
CloseHandle(hDriver);
return 1;
}
Sleep(BeepSettings.ulDuration); // We need to delay the close of the handle until the beep is done
CloseHandle(hDriver);
} else {
printf("Error in NtCreateFile\n");
}
return 0;
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
any idea how can we hook BeepOpen using another kernel driver?