noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity
mirror-ac/service/Worker.cs

222 lines
7.9 KiB
C#
Raw Normal View History

EPIC
2023-08-18 07:33:13 +02:00
using System.IO.Pipes;
excellent progress :)
2023-08-20 16:12:04 +02:00
using System.Runtime.CompilerServices;
got report working YES
2023-08-18 09:18:00 +02:00
using System.Runtime.InteropServices;
OMG
2023-08-18 10:39:21 +02:00
using service.Types;
#pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously
#pragma warning disable CS8600
#pragma warning disable CS8603
EPIC
2023-08-18 07:33:13 +02:00
namespace service
{
public class Worker : BackgroundService
{
private readonly ILogger<Worker> _logger;
private NamedPipeServerStream _pipeServer;
bed time c:
2023-08-23 17:16:13 +02:00
private byte[] _header;
private int _headerSize;
fix sig scan
2023-08-18 15:22:53 +02:00
bed time c:
2023-08-23 17:16:13 +02:00
private enum MESSAGE_TYPE
{
MESSAGE_TYPE_REPORT,
MESSAGE_TYPE_RECEIVE,
MESSAGE_TYPE_SEND,
}
bedtime (:
2023-08-18 16:34:15 +02:00
struct PIPE_PACKET_HEADER
{
int message_type;
};
EPIC
2023-08-18 07:33:13 +02:00
public Worker(ILogger<Worker> logger)
{
_logger = logger;
_pipeServer = new NamedPipeServerStream("DonnaACPipe", PipeDirection.InOut, 1);
bed time c:
2023-08-23 17:16:13 +02:00
unsafe
{
_headerSize = sizeof(PIPE_PACKET_HEADER);
}
_header = new byte[_headerSize];
EPIC
2023-08-18 07:33:13 +02:00
}
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
_logger.LogInformation("Windows service starting, waiting for client to connect");
bedtime (:
2023-08-18 16:34:15 +02:00
// to do: verify whos connecting
got report working YES
2023-08-18 09:18:00 +02:00
_pipeServer.WaitForConnection();
EPIC
2023-08-18 07:33:13 +02:00
got report working YES
2023-08-18 09:18:00 +02:00
_logger.LogInformation("Client connected to the pipe server");
EPIC
2023-08-18 07:33:13 +02:00
got report working YES
2023-08-18 09:18:00 +02:00
while (!stoppingToken.IsCancellationRequested)
{
EPIC
2023-08-18 07:33:13 +02:00
try
{
bed time c:
2023-08-23 17:16:13 +02:00
if (_pipeServer.Read(_header, 0, _headerSize) > 0)
EPIC
2023-08-18 07:33:13 +02:00
{
bedtime (:
2023-08-18 16:34:15 +02:00
// for now the header is only an int... LOL
bed time c:
2023-08-23 17:16:13 +02:00
int header = BitConverter.ToInt32(_header, 0);
bedtime (:
2023-08-18 16:34:15 +02:00
_logger.LogInformation("Message received with id: {0}", header);
switch (header)
{
case MESSAGE_TYPE_REPORT:
_pipeServer.Read(_buffer, 0, PIPE_BUFFER_READ_SIZE + _headerBufSize);
await TranslatePipeBuffer();
break;
case MESSAGE_TYPE_REQUEST:
_logger.LogInformation("Request received lLOL");
Array.Clear(_buffer, 0, _buffer.Length);
break;
}
EPIC
2023-08-18 07:33:13 +02:00
}
}
catch (Exception ex)
{
got report working YES
2023-08-18 09:18:00 +02:00
_logger.LogError("Reading buffer from pipe failed with message: {0}", ex.Message);
EPIC
2023-08-18 07:33:13 +02:00
}
}
}
got report working YES
2023-08-18 09:18:00 +02:00
private async Task TranslatePipeBuffer()
{
OMG
2023-08-18 10:39:21 +02:00
int reportCode = BitConverter.ToInt32(_buffer, 0);
_logger.LogInformation("Report received with code: {0}", reportCode);
switch (reportCode)
{
e
2023-08-19 11:44:42 +02:00
case REPORT_PROCESS_MODULE_FAILURE:
fix sig scan
2023-08-18 15:22:53 +02:00
var checksumFailurePacket = BytesToStructure<MODULE_VERIFICATION_CHECKSUM_FAILURE>();
OMG
2023-08-18 10:39:21 +02:00
unsafe
{
eee
2023-08-21 15:09:41 +02:00
_logger.LogInformation("Report code: {0}, Base address: {1:x}, Size: {2:x}, Name: ",
fix sig scan
2023-08-18 15:22:53 +02:00
checksumFailurePacket.ReportCode,
checksumFailurePacket.ModuleBaseAddress,
checksumFailurePacket.ModuleSize);
OMG
2023-08-18 10:39:21 +02:00
}
goto end;
e
2023-08-19 11:44:42 +02:00
case REPORT_PROCESS_THREAD_START_ADDRESS_FAILURE:
fix sig scan
2023-08-18 15:22:53 +02:00
var startAddressFailurePacket = BytesToStructure<PROCESS_THREAD_START_FAILURE>();
eee
2023-08-21 15:09:41 +02:00
_logger.LogInformation("Report code: {0}, Thread Id: {1:x}, Start Address: {2:x}",
fix sig scan
2023-08-18 15:22:53 +02:00
startAddressFailurePacket.ReportCode,
startAddressFailurePacket.ThreadId,
startAddressFailurePacket.StartAddress);
goto end;
case REPORT_PAGE_PROTECTION_VERIFICATION:
var pageProtectionFailure = BytesToStructure<PAGE_PROTECTION_FAILURE>();
eee
2023-08-21 15:09:41 +02:00
_logger.LogInformation("Report code: {0}, page base address: {1:x}, allocation protection {2:x}, allocation state: {3:x}, allocation type: {4:x}",
fix sig scan
2023-08-18 15:22:53 +02:00
pageProtectionFailure.ReportCode,
pageProtectionFailure.PageBaseAddress,
pageProtectionFailure.AllocationProtection,
pageProtectionFailure.AllocationState,
pageProtectionFailure.AllocationType);
goto end;
case REPORT_PATTERN_SCAN_FAILURE:
var patternScanFailure = BytesToStructure<PATTERN_SCAN_FAILURE>();
eee
2023-08-21 15:09:41 +02:00
_logger.LogInformation("Report code: {0}, signature id: {1:x}, Address: {2:x}",
fix sig scan
2023-08-18 15:22:53 +02:00
patternScanFailure.ReportCode,
patternScanFailure.SignatureId,
patternScanFailure.Address);
goto end;
e
2023-08-19 11:44:42 +02:00
case REPORT_NMI_CALLBACK_FAILURE:
var nmiCallbackFailure = BytesToStructure<NMI_CALLBACK_FAILURE>();
eee
2023-08-21 15:09:41 +02:00
_logger.LogInformation("Report code: {0}, WereNmisDisabled: {1:x}, KThreadAddress: {2:x}, InvalidRip: {3:x}",
e
2023-08-19 11:44:42 +02:00
nmiCallbackFailure.ReportCode,
nmiCallbackFailure.WereNmisDisabled,
nmiCallbackFailure.KThreadAddress,
nmiCallbackFailure.InvalidRip);
goto end;
case REPORT_KERNEL_MODULE_FAILURE:
var kernelModuleFailure = BytesToStructure<MODULE_VALIDATION_FAILURE>();
eee
2023-08-21 15:09:41 +02:00
_logger.LogInformation("Report code: {0}, REportType: {1:x}, DriverBaseAddress: {2:x}, DriverSize: {3:x}",
e
2023-08-19 11:44:42 +02:00
kernelModuleFailure.ReportCode,
oh my fgosh we got it working
2023-08-20 11:17:03 +02:00
kernelModuleFailure.ReportType,
e
2023-08-19 11:44:42 +02:00
kernelModuleFailure.DriverBaseAddress,
kernelModuleFailure.DriverSize);
goto end;
eee
2023-08-20 17:04:53 +02:00
case REPORT_OPEN_HANDLE_FAILURE_REPORT:
var openHandleFailure = BytesToStructure<OPEN_HANDLE_FAILURE_REPORT>();
eee
2023-08-21 15:09:41 +02:00
_logger.LogInformation("Report code: {0}, ProcessID: {1:x}, ThreadId: {2:x}, DesiredAccess{3:x}",
eee
2023-08-20 17:04:53 +02:00
openHandleFailure.ReportCode,
openHandleFailure.ProcessId,
openHandleFailure.ThreadId,
openHandleFailure.DesiredAccess);
goto end;
OMG
2023-08-18 10:39:21 +02:00
default:
_logger.LogError("Invalid report code received");
goto end;
}
end:
got report working YES
2023-08-18 09:18:00 +02:00
Array.Clear(_buffer, 0, _buffer.Length);
}
private T BytesToStructure<T>()
{
int size = Marshal.SizeOf(typeof(T));
IntPtr ptr = Marshal.AllocHGlobal(size);
try
{
bedtime (:
2023-08-18 16:34:15 +02:00
unsafe { Marshal.Copy(_buffer, 0, ptr, size); }
got report working YES
2023-08-18 09:18:00 +02:00
return (T)Marshal.PtrToStructure(ptr, typeof(T));
}
finally
{
Marshal.FreeHGlobal(ptr);
}
}
excellent progress :)
2023-08-20 16:12:04 +02:00
[DllImport("kernel32.dll", SetLastError = true)]
internal static extern bool GetNamedPipeClientProcessId(IntPtr Pipe, out uint ClientProcessId);
public static uint GetNamedPipeClientProcId(NamedPipeServerStream PipeServer)
{
UInt32 procId;
IntPtr pipeHandle = PipeServer.SafePipeHandle.DangerousGetHandle();
if (GetNamedPipeClientProcessId(pipeHandle, out procId))
return procId;
return 0;
}
EPIC
2023-08-18 07:33:13 +02:00
}
}
OMG
2023-08-18 10:39:21 +02:00
#pragma warning restore CS1998 // Async method lacks 'await' operators and will run synchronously
#pragma warning restore CS8600
#pragma warning restore CS8603
Reference in a new issue Copy permalink