diff --git a/patches/ntoskrnl-METHOD_OUT_DIRECT/0001-ntoskrnl.exe-Defer-deallocation-of-in_buff-in-dispat.patch b/patches/ntoskrnl-METHOD_OUT_DIRECT/0001-ntoskrnl.exe-Defer-deallocation-of-in_buff-in-dispat.patch
new file mode 100644
index 00000000..1ebecc1e
--- /dev/null
+++ b/patches/ntoskrnl-METHOD_OUT_DIRECT/0001-ntoskrnl.exe-Defer-deallocation-of-in_buff-in-dispat.patch
@@ -0,0 +1,41 @@
+From 48fd497bca17fc444f06573af31c8562d8274ddd Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Fri, 14 Oct 2016 21:10:36 +0200
+Subject: ntoskrnl.exe: Defer deallocation of in_buff in dispatch_ioctl.
+
+---
+ dlls/ntoskrnl.exe/ntoskrnl.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c
+index 428e700..3c18ee6 100644
+--- a/dlls/ntoskrnl.exe/ntoskrnl.c
++++ b/dlls/ntoskrnl.exe/ntoskrnl.c
+@@ -417,6 +417,7 @@ static NTSTATUS dispatch_ioctl( const irp_params_t *params, void *in_buff, ULONG
+ {
+     IRP *irp;
+     void *out_buff = NULL;
++    void *to_free = NULL;
+     DEVICE_OBJECT *device;
+     FILE_OBJECT *file = wine_server_get_ptr( params->ioctl.file );
+ 
+@@ -435,7 +436,7 @@ static NTSTATUS dispatch_ioctl( const irp_params_t *params, void *in_buff, ULONG
+         if ((params->ioctl.code & 3) == METHOD_BUFFERED)
+         {
+             memcpy( out_buff, in_buff, in_size );
+-            HeapFree( GetProcessHeap(), 0, in_buff );
++            to_free = in_buff;
+             in_buff = out_buff;
+         }
+     }
+@@ -455,6 +456,7 @@ static NTSTATUS dispatch_ioctl( const irp_params_t *params, void *in_buff, ULONG
+     irp->Flags |= IRP_DEALLOCATE_BUFFER;  /* deallocate in_buff */
+     dispatch_irp( device, irp, irp_handle );
+ 
++    HeapFree( GetProcessHeap(), 0, to_free );
+     return STATUS_SUCCESS;
+ }
+ 
+-- 
+2.9.0
+
diff --git a/patches/ntoskrnl-METHOD_OUT_DIRECT/0002-ntoskrnl.exe-Add-support-for-METHOD_IN_DIRECT-and-ME.patch b/patches/ntoskrnl-METHOD_OUT_DIRECT/0002-ntoskrnl.exe-Add-support-for-METHOD_IN_DIRECT-and-ME.patch
new file mode 100644
index 00000000..7fc31285
--- /dev/null
+++ b/patches/ntoskrnl-METHOD_OUT_DIRECT/0002-ntoskrnl.exe-Add-support-for-METHOD_IN_DIRECT-and-ME.patch
@@ -0,0 +1,73 @@
+From b839b21ed37ea38c1cce82e4c45f5762492742cd Mon Sep 17 00:00:00 2001
+From: Sebastian Lackner <sebastian@fds-team.de>
+Date: Fri, 14 Oct 2016 22:19:27 +0200
+Subject: ntoskrnl.exe: Add support for METHOD_IN_DIRECT and METHOD_OUT_DIRECT
+ ioctls.
+
+---
+ dlls/ntdll/file.c            |  2 ++
+ dlls/ntoskrnl.exe/ntoskrnl.c | 21 +++++++++++++++++----
+ 2 files changed, 19 insertions(+), 4 deletions(-)
+
+diff --git a/dlls/ntdll/file.c b/dlls/ntdll/file.c
+index 7fbde50..cefc1dd 100644
+--- a/dlls/ntdll/file.c
++++ b/dlls/ntdll/file.c
+@@ -1561,6 +1561,8 @@ static NTSTATUS server_ioctl_file( HANDLE handle, HANDLE event,
+         req->async.event    = wine_server_obj_handle( event );
+         req->async.cvalue   = cvalue;
+         wine_server_add_data( req, in_buffer, in_size );
++        if ((code & 3) != METHOD_BUFFERED)
++            wine_server_add_data( req, out_buffer, out_size );
+         wine_server_set_reply( req, out_buffer, out_size );
+         status = wine_server_call( req );
+         wait_handle = wine_server_ptr_handle( reply->wait );
+diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c
+index 3c18ee6..912d084 100644
+--- a/dlls/ntoskrnl.exe/ntoskrnl.c
++++ b/dlls/ntoskrnl.exe/ntoskrnl.c
+@@ -428,17 +428,27 @@ static NTSTATUS dispatch_ioctl( const irp_params_t *params, void *in_buff, ULONG
+     TRACE( "ioctl %x device %p file %p in_size %u out_size %u\n",
+            params->ioctl.code, device, file, in_size, out_size );
+ 
+-    if ((params->ioctl.code & 3) == METHOD_BUFFERED) out_size = max( in_size, out_size );
+-
+     if (out_size)
+     {
+-        if (!(out_buff = HeapAlloc( GetProcessHeap(), 0, out_size ))) return STATUS_NO_MEMORY;
+-        if ((params->ioctl.code & 3) == METHOD_BUFFERED)
++        if ((params->ioctl.code & 3) != METHOD_BUFFERED)
++        {
++            if (in_size < out_size) return STATUS_INVALID_DEVICE_REQUEST;
++            in_size -= out_size;
++            if (!(out_buff = HeapAlloc( GetProcessHeap(), 0, out_size ))) return STATUS_NO_MEMORY;
++            memcpy( out_buff, (char *)in_buff + in_size, out_size );
++        }
++        else if (out_size > in_size)
+         {
++            if (!(out_buff = HeapAlloc( GetProcessHeap(), 0, out_size ))) return STATUS_NO_MEMORY;
+             memcpy( out_buff, in_buff, in_size );
+             to_free = in_buff;
+             in_buff = out_buff;
+         }
++        else
++        {
++            out_buff = in_buff;
++            out_size = in_size;
++        }
+     }
+ 
+     irp = IoBuildDeviceIoControlRequest( params->ioctl.code, device, in_buff, in_size, out_buff, out_size,
+@@ -449,6 +459,9 @@ static NTSTATUS dispatch_ioctl( const irp_params_t *params, void *in_buff, ULONG
+         return STATUS_NO_MEMORY;
+     }
+ 
++    if (out_size && (params->ioctl.code & 3) != METHOD_BUFFERED)
++        HeapReAlloc( GetProcessHeap(), HEAP_REALLOC_IN_PLACE_ONLY, in_buff, in_size );
++
+     irp->Tail.Overlay.OriginalFileObject = file;
+     irp->RequestorMode = UserMode;
+     irp->AssociatedIrp.SystemBuffer = in_buff;
+-- 
+2.9.0
+
diff --git a/patches/ntoskrnl-METHOD_OUT_DIRECT/definition b/patches/ntoskrnl-METHOD_OUT_DIRECT/definition
new file mode 100644
index 00000000..6d37c21c
--- /dev/null
+++ b/patches/ntoskrnl-METHOD_OUT_DIRECT/definition
@@ -0,0 +1 @@
+Fixes: Support for METHOD_OUT_DIRECT ioctls
diff --git a/patches/patchinstall.sh b/patches/patchinstall.sh
index d741f399..e44a4cce 100755
--- a/patches/patchinstall.sh
+++ b/patches/patchinstall.sh
@@ -246,6 +246,7 @@ patch_enable_all ()
 	enable_ntdll_Zero_mod_name="$1"
 	enable_ntdll_call_thread_func_wrapper="$1"
 	enable_ntoskrnl_DriverTest="$1"
+	enable_ntoskrnl_METHOD_OUT_DIRECT="$1"
 	enable_ntoskrnl_Stubs="$1"
 	enable_nvapi_Stub_DLL="$1"
 	enable_nvcuda_CUDA_Support="$1"
@@ -918,6 +919,9 @@ patch_enable ()
 		ntoskrnl-DriverTest)
 			enable_ntoskrnl_DriverTest="$2"
 			;;
+		ntoskrnl-METHOD_OUT_DIRECT)
+			enable_ntoskrnl_METHOD_OUT_DIRECT="$2"
+			;;
 		ntoskrnl-Stubs)
 			enable_ntoskrnl_Stubs="$2"
 			;;
@@ -5429,6 +5433,20 @@ if test "$enable_ntoskrnl_DriverTest" -eq 1; then
 	) >> "$patchlist"
 fi
 
+# Patchset ntoskrnl-METHOD_OUT_DIRECT
+# |
+# | Modified files:
+# |   *	dlls/ntdll/file.c, dlls/ntoskrnl.exe/ntoskrnl.c
+# |
+if test "$enable_ntoskrnl_METHOD_OUT_DIRECT" -eq 1; then
+	patch_apply ntoskrnl-METHOD_OUT_DIRECT/0001-ntoskrnl.exe-Defer-deallocation-of-in_buff-in-dispat.patch
+	patch_apply ntoskrnl-METHOD_OUT_DIRECT/0002-ntoskrnl.exe-Add-support-for-METHOD_IN_DIRECT-and-ME.patch
+	(
+		echo '+    { "Sebastian Lackner", "ntoskrnl.exe: Defer deallocation of in_buff in dispatch_ioctl.", 1 },';
+		echo '+    { "Sebastian Lackner", "ntoskrnl.exe: Add support for METHOD_IN_DIRECT and METHOD_OUT_DIRECT ioctls.", 1 },';
+	) >> "$patchlist"
+fi
+
 # Patchset ntoskrnl-Stubs
 # |
 # | This patchset fixes the following Wine bugs: