mirror-ac/driver/integrity.h

#ifndef INTEGRITY_H
#define INTEGRITY_H

#include <ntifs.h>
#include "common.h"

#define SMBIOS_TABLE 'RSMB'
#define SMBIOS_SYSTEM_INFORMATION_TYPE_2_TABLE 2
#define NULL_TERMINATOR '\0'
#define MOTHERBOARD_SERIAL_CODE_TABLE_INDEX 4

/* for testing purposes */
#define VMWARE_SMBIOS_TABLE 1
#define VMWARE_SMBIOS_TABLE_INDEX 3

#define MAX_MODULE_PATH 256

typedef struct _PROCESS_MODULE_INFORMATION
{
	PVOID module_base;
	SIZE_T module_size;
	WCHAR module_path[ MAX_MODULE_PATH ];

}PROCESS_MODULE_INFORMATION, *PPROCESS_MODULE_INFORMATION;

typedef struct _PROCESS_MODULE_VALIDATION_RESULT
{
	INT is_module_valid;

}PROCESS_MODULE_VALIDATION_RESULT, *PPROCESS_MODULE_VALIDATION_RESULT;

NTSTATUS CopyDriverExecutableRegions(
	_In_ PIRP Irp
);

NTSTATUS GetDriverImageSize(
	_In_ PIRP Irp
);

NTSTATUS VerifyInMemoryImageVsDiskImage(
    //_In_ PIRP Irp
);

NTSTATUS RetrieveInMemoryModuleExecutableSections(
    _In_ PIRP Irp
);

NTSTATUS ParseSMBIOSTable(
	_In_ PVOID ConfigMotherboardSerialNumber,
	_In_ SIZE_T ConfigMotherboardSerialMaxNumberSize
);

NTSTATUS ValidateProcessLoadedModule(
	_In_ PIRP Irp
);

NTSTATUS GetHardDiskDriveSerialNumber(
	_In_ PVOID ConfigDrive0Serial,
	_In_ SIZE_T ConfigDrive0MaxSize
);

#endif
AAAAAA 2023-08-22 19:32:25 +02:00			`#ifndef INTEGRITY_H`
			`#define INTEGRITY_H`

			`#include <ntifs.h>`
e 2023-09-02 15:47:15 +02:00			`#include "common.h"`
AAAAAA 2023-08-22 19:32:25 +02:00
bios 2023-09-04 15:36:26 +02:00			`#define SMBIOS_TABLE 'RSMB'`
			`#define SMBIOS_SYSTEM_INFORMATION_TYPE_2_TABLE 2`
			`#define NULL_TERMINATOR '\0'`
we can now get the mobo serial :) 2023-09-04 15:39:28 +02:00			`#define MOTHERBOARD_SERIAL_CODE_TABLE_INDEX 4`
bios 2023-09-04 15:36:26 +02:00
c: 2023-09-05 11:16:32 +02:00			`/* for testing purposes */`
			`#define VMWARE_SMBIOS_TABLE 1`
			`#define VMWARE_SMBIOS_TABLE_INDEX 3`
e 2023-09-04 17:00:36 +02:00
c: 2023-09-05 11:16:32 +02:00			`#define MAX_MODULE_PATH 256`
e 2023-09-04 17:00:36 +02:00
c: 2023-09-05 11:16:32 +02:00			`typedef struct _PROCESS_MODULE_INFORMATION`
			`{`
			`PVOID module_base;`
			`SIZE_T module_size;`
			`WCHAR module_path[ MAX_MODULE_PATH ];`
e 2023-09-04 17:00:36 +02:00
c: 2023-09-05 11:16:32 +02:00			`}PROCESS_MODULE_INFORMATION, *PPROCESS_MODULE_INFORMATION;`
e 2023-09-04 17:00:36 +02:00
c: 2023-09-05 11:16:32 +02:00			`typedef struct _PROCESS_MODULE_VALIDATION_RESULT`
			`{`
			`INT is_module_valid;`
e 2023-09-04 17:00:36 +02:00
c: 2023-09-05 11:16:32 +02:00			`}PROCESS_MODULE_VALIDATION_RESULT, *PPROCESS_MODULE_VALIDATION_RESULT;`
e 2023-09-04 17:00:36 +02:00
AAAAAA 2023-08-22 19:32:25 +02:00			`NTSTATUS CopyDriverExecutableRegions(`
			`_In_ PIRP Irp`
			`);`

working on integrity checks 2023-08-23 14:14:20 +02:00			`NTSTATUS GetDriverImageSize(`
			`_In_ PIRP Irp`
			`);`

bed time :) 2023-08-31 18:42:38 +02:00			`NTSTATUS VerifyInMemoryImageVsDiskImage(`
break time C: 2023-09-01 13:46:31 +02:00			`//_In_ PIRP Irp`
bed time :) 2023-08-31 18:42:38 +02:00			`);`

			`NTSTATUS RetrieveInMemoryModuleExecutableSections(`
			`_In_ PIRP Irp`
			`);`
integrity check ALMOST there fucking stoopid pe bullshit 2023-08-31 17:49:04 +02:00
bios 2023-09-04 15:36:26 +02:00			`NTSTATUS ParseSMBIOSTable(`
			`_In_ PVOID ConfigMotherboardSerialNumber,`
LOL 2023-09-06 17:33:08 +02:00			`_In_ SIZE_T ConfigMotherboardSerialMaxNumberSize`
bios 2023-09-04 15:36:26 +02:00			`);`

c: 2023-09-05 11:16:32 +02:00			`NTSTATUS ValidateProcessLoadedModule(`
			`_In_ PIRP Irp`
			`);`
e 2023-09-04 17:00:36 +02:00
LOL 2023-09-06 17:33:08 +02:00			`NTSTATUS GetHardDiskDriveSerialNumber(`
			`_In_ PVOID ConfigDrive0Serial,`
			`_In_ SIZE_T ConfigDrive0MaxSize`
			`);`

make the integrity checks actually GOOD lolz 2023-08-25 09:38:45 +02:00			`#endif`