#include "Log.h" extern "C" { NTKERNELAPI NTSTATUS IoCreateDriver(PUNICODE_STRING DriverName, PDRIVER_INITIALIZE InitializationFunction); NTKERNELAPI NTSTATUS MmCopyVirtualMemory(PEPROCESS SourceProcess, PVOID SourceAddress, PEPROCESS TargetPro

Your use of `MmCopyVirtualMemory` in the driver appears to be mostly correct, but there are several reasons why the operations could be failing. Let’s review the possible issues that could prevent `MmCopyVirtualMemory` from working as intended.

### 1. Invalid Parameters
When calling `MmCopyVirtualMemory`, the parameters must be valid:

- **Source Process and Address**: The `targetProcess` in your code is set only when the `attach` control code is received. If the `read` or `write` control codes are called without successfully executing the `attach`, `targetProcess` will be `nullptr`, and thus the operation will fail due to invalid process references.

- **Buffer Address and Size**: Ensure that the address in `request->target` and `request->buffer` are valid virtual memory addresses in their respective processes. Invalid or inaccessible addresses will lead to access violations.

- **Request Size**: Check that `request->size` is correctly set. If the size requested to copy is larger than the memory accessible in either process, or if you are attempting to read or write more than what is allocated, `MmCopyVirtualMemory` will fail.

### 2. Access Rights
The driver runs in kernel mode and may access most memory, but there are still some permissions to consider:

- **Security Context**: If the process being accessed has specific protections, it might restrict operations from another process, even at the kernel level.

- **Kernel Mode and User Mode**: Ensure you are correctly managing the transition between kernel and user modes. In your `MmCopyVirtualMemory` calls, the source and target memory locations must be valid and accessible from the context of each respective process.

### 3. Page Faults
If the addresses you are attempting to access are not currently resident in memory (i.e., they have been swapped out), the operation could fail. `MmCopyVirtualMemory` does not automatically handle page faults that occur in user-mode processes. 

### 4. Incorrect Return Size
Upon a successful call to `MmCopyVirtualMemory`, the `returnSize` parameter should be populated to reflect the number of bytes actually copied. Ensure not only that it is passed correctly, but also that any operations relying on it afterwards are correct.

### 5. Error Handling
In your existing code, there are no checks on the return values of `MmCopyVirtualMemory`. You could enhance debugging and error handling by logging or checking the status after each call to `MmCopyVirtualMemory` to find out why it might be failing.

### 6. Debugging
Consider the following debugging strategies to pinpoint the issue:

- **Logging**: You are already logging when the device control is called. Expand this to include logs before and after calls to `MmCopyVirtualMemory` to capture the parameters being passed and the specific return status.

- **Test Cases**: Ensure you have control code test cases that validate not only successful flows but also boundary conditions and failure scenarios.

### Example of Improved Error Handling:
To enhance your error-checking protocol, your `DeviceControl` function could be modified to log errors based on what `MmCopyVirtualMemory` returns:

```cpp
case codes::read:
    if (targetProcess != nullptr) {
        status = MmCopyVirtualMemory(targetProcess, request->target, PsGetCurrentProcess(), request->buffer, request->size, KernelMode, &request->returnSize);
        if (!NT_SUCCESS(status)) {
            WriteToFile("[-] Read Operation Failed. Status: %08X\n", status);
        }
    }
    break;

case codes::write:
    if (targetProcess != nullptr) {
        status = MmCopyVirtualMemory(PsGetCurrentProcess(), request->buffer, targetProcess, request->target, request->size, KernelMode, &request->returnSize);
        if (!NT_SUCCESS(status)) {
            WriteToFile("[-] Write Operation Failed. Status: %08X\n", status);
        }
    }
    break;
```

### Conclusion
Double-checking the validity of your parameters, handling of access rights, ensuring you're in the right context, and adding thorough error-checking can help diagnose and fix the issues you're encountering with `MmCopyVirtualMemory`.