Multiple bugs in the driver's implementation

[repnz]

I know it's a POC, but I thought it would be good to fix this anyway -

1) There is a stack buffer overflow reading the 'pid' from user mode. Replace inBufferLength with sizeof(pid). https://github.com/landhb/HideProcess/blob/99d7a72900191a801925406b678fd1c493fc8e28/driver/irphandlers.c#L60

2) The output buffer's length is not checked https://github.com/landhb/HideProcess/blob/99d7a72900191a801925406b678fd1c493fc8e28/driver/irphandlers.c#L92

3) This memory is not freed anywhere https://github.com/landhb/HideProcess/blob/99d7a72900191a801925406b678fd1c493fc8e28/driver/hideprocess.c#L7

4) This buffer was allocated with length=(sizeof(ULONG) + 20), why is the param to sprintf_s longer? https://github.com/landhb/HideProcess/blob/99d7a72900191a801925406b678fd1c493fc8e28/driver/hideprocess.c#L29

5) This string is not used anywhere (copied from the microsoft ioctl sample:) ) https://github.com/landhb/HideProcess/blob/99d7a72900191a801925406b678fd1c493fc8e28/driver/irphandlers.c#L43

6) Here, you use 'datalen' which is the length of the string from the sample instead of the real result string: https://github.com/landhb/HideProcess/blob/99d7a72900191a801925406b678fd1c493fc8e28/driver/irphandlers.c#L95