.Hi, I've got a value that a piece of malware is sending to \Device\PhysicalDrive0\DR0 using DeviceIoControl...2d1400. Noticed it using Olly. My first suspicion is that the malware is going to attempt an MBR infection and that it corresponds with "IOCTL_DISK_GET_DRIVE_GEOMETRY". What is the easiest way to find out what Code that IoControlCode value corresponds to?
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}