2023-08-15 14:02:17 +02:00
|
|
|
#include <iostream>
|
|
|
|
|
#include <Windows.h>
|
|
|
|
|
#include <string>
|
2023-09-15 22:25:02 +02:00
|
|
|
#include <WDBGEXTS.H>
|
2023-08-15 14:02:17 +02:00
|
|
|
|
|
|
|
|
#include "common.h"
|
2023-08-16 11:28:46 +02:00
|
|
|
|
2023-08-17 10:45:50 +02:00
|
|
|
#include "threadpool.h"
|
2023-08-22 19:32:25 +02:00
|
|
|
#include "client.h"
|
2023-08-15 14:02:17 +02:00
|
|
|
|
2023-08-17 10:45:50 +02:00
|
|
|
#include "../user/um/umanager.h"
|
|
|
|
|
#include "../user/km/kmanager.h"
|
|
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
// BOOLEAN IsTestSigningModeEnabled()
|
2023-10-31 15:17:40 +01:00
|
|
|
//{
|
2023-12-25 16:54:35 +01:00
|
|
|
// ULONG return_length = 0;
|
2023-10-31 15:17:40 +01:00
|
|
|
//
|
2023-12-25 16:54:35 +01:00
|
|
|
// SYSTEM_CODEINTEGRITY_INFORMATION info = { 0 };
|
|
|
|
|
// info.Length = sizeof(SYSTEM_CODEINTEGRITY_INFORMATION);
|
|
|
|
|
// info.CodeIntegrityOptions = 0;
|
2023-10-31 15:17:40 +01:00
|
|
|
//
|
2023-12-25 16:54:35 +01:00
|
|
|
// NTSTATUS status = NtQuerySystemInformation(
|
|
|
|
|
// SystemCodeIntegrityInformation,
|
|
|
|
|
// &info,
|
|
|
|
|
// sizeof(info),
|
|
|
|
|
// &return_length
|
|
|
|
|
// );
|
2023-10-31 15:17:40 +01:00
|
|
|
//
|
2023-12-25 16:54:35 +01:00
|
|
|
// if (!NT_SUCCESS(status))
|
|
|
|
|
// {
|
|
|
|
|
// LOG_ERROR("NtQuerySystemInformation failed with status: %lx", status);
|
|
|
|
|
// return FALSE;
|
|
|
|
|
// }
|
2023-10-31 15:17:40 +01:00
|
|
|
//
|
2023-12-25 16:54:35 +01:00
|
|
|
// return info.CodeIntegrityOptions & CODEINTEGRITY_OPTION_TESTSIGN;
|
|
|
|
|
// }
|
2023-10-31 15:17:40 +01:00
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
DWORD WINAPI
|
|
|
|
|
Init(HINSTANCE hinstDLL)
|
2023-08-16 11:28:46 +02:00
|
|
|
{
|
2023-10-06 07:47:01 +02:00
|
|
|
AllocConsole();
|
|
|
|
|
FILE* file;
|
|
|
|
|
freopen_s(&file, "CONOUT$", "w", stdout);
|
|
|
|
|
freopen_s(&file, "CONIN$", "r", stdin);
|
2023-08-17 10:45:50 +02:00
|
|
|
|
2023-10-06 07:47:01 +02:00
|
|
|
std::this_thread::sleep_for(std::chrono::seconds(1));
|
2023-08-17 10:45:50 +02:00
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
LPTSTR pipe_name = (LPTSTR)L"\\\\.\\pipe\\DonnaACPipe";
|
2023-10-06 07:47:01 +02:00
|
|
|
LPCWSTR driver_name = L"\\\\.\\DonnaAC";
|
2023-08-18 07:33:13 +02:00
|
|
|
|
2023-10-06 07:47:01 +02:00
|
|
|
std::shared_ptr<global::ThreadPool> thread_pool = std::make_shared<global::ThreadPool>(4);
|
2023-12-25 16:54:35 +01:00
|
|
|
std::shared_ptr<global::Client> client_interface =
|
|
|
|
|
std::make_shared<global::Client>(thread_pool, pipe_name);
|
2023-08-17 10:45:50 +02:00
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
usermode::UManager umanager(thread_pool, client_interface);
|
2023-10-06 07:47:01 +02:00
|
|
|
kernelmode::KManager kmanager(driver_name, thread_pool, client_interface);
|
2023-09-07 19:49:36 +02:00
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
global::headers::SYSTEM_INFORMATION system_information = {0};
|
2023-10-06 07:47:01 +02:00
|
|
|
kmanager.SendClientHardwareInformation();
|
2023-08-19 04:52:57 +02:00
|
|
|
|
2023-12-27 04:35:46 +01:00
|
|
|
global::report_structures::SYSTEM_INFORMATION_REQUEST_RESPONSE response = {0};
|
2023-09-10 12:20:35 +02:00
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
// client_interface->ServerReceive( &response, sizeof( response ) );
|
2023-09-10 12:20:35 +02:00
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
// std::cout << "RequestID: " << response.RequestId << " CanUserProceed: " <<
|
|
|
|
|
// response.CanUserProceed << " Reason: " << response.reason << std::endl;
|
2023-09-10 12:20:35 +02:00
|
|
|
|
2023-10-30 12:57:24 +01:00
|
|
|
/*
|
2023-12-25 16:54:35 +01:00
|
|
|
* Note that this is really just for testing the methods for extended periods of time.
|
|
|
|
|
* The "real business logic" would execute the methods with varying degrees of uncertaintity
|
2023-12-27 04:35:46 +01:00
|
|
|
* but still allow for bias, i.e we don't want NMI callbacks to be running every 10 seconds.
|
|
|
|
|
* We also need to take into account the performance penalty that some of these routines
|
|
|
|
|
* have, such as the process module validation. At the end of the day an anti cheat that
|
|
|
|
|
* imposes a significant performance pentalty on the game its protecting is useless.
|
2023-12-25 16:54:35 +01:00
|
|
|
*/
|
2023-10-30 12:57:24 +01:00
|
|
|
|
2023-10-06 07:47:01 +02:00
|
|
|
srand(time(NULL));
|
2023-09-24 05:10:13 +02:00
|
|
|
|
2024-01-02 23:29:23 +01:00
|
|
|
while (!GetAsyncKeyState(VK_DELETE))
|
2023-09-28 15:56:07 +02:00
|
|
|
{
|
2024-01-02 23:29:23 +01:00
|
|
|
// int seed = (rand() % 11);
|
|
|
|
|
|
|
|
|
|
// std::cout << "Seed: " << seed << std::endl;
|
|
|
|
|
|
|
|
|
|
// switch (seed)
|
|
|
|
|
//{
|
|
|
|
|
// case 0: kmanager.EnumerateHandleTables(); break;
|
|
|
|
|
// case 1: kmanager.PerformIntegrityCheck(); break;
|
|
|
|
|
// case 2: kmanager.ScanPoolsForUnlinkedProcesses(); break;
|
|
|
|
|
// case 3: kmanager.VerifySystemModuleDriverObjects(); break;
|
|
|
|
|
// case 4: kmanager.ValidateProcessModules(); break;
|
|
|
|
|
// case 5: kmanager.RunNmiCallbacks(); break;
|
|
|
|
|
// case 6: kmanager.CheckForAttachedThreads(); break;
|
|
|
|
|
// case 7: kmanager.InitiateApcStackwalkOperation(); break;
|
|
|
|
|
// case 8: kmanager.CheckForEptHooks(); break;
|
|
|
|
|
// case 9: kmanager.StackwalkThreadsViaDpc(); break;
|
|
|
|
|
// case 10: kmanager.ValidateSystemModules(); break;
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
kmanager.ValidateSystemModules();
|
|
|
|
|
std::this_thread::sleep_for(std::chrono::seconds(2));
|
|
|
|
|
kmanager.PerformIntegrityCheck();
|
|
|
|
|
std::this_thread::sleep_for(std::chrono::seconds(2));
|
|
|
|
|
kmanager.ValidateProcessModules();
|
|
|
|
|
// kmanager.MonitorCallbackReports();
|
2023-10-06 07:47:01 +02:00
|
|
|
std::this_thread::sleep_for(std::chrono::seconds(10));
|
2023-09-28 15:56:07 +02:00
|
|
|
}
|
2023-08-17 10:45:50 +02:00
|
|
|
|
2023-10-06 07:47:01 +02:00
|
|
|
fclose(stdout);
|
|
|
|
|
fclose(stdin);
|
|
|
|
|
FreeConsole();
|
2023-08-16 11:28:46 +02:00
|
|
|
|
2023-10-06 07:47:01 +02:00
|
|
|
FreeLibraryAndExitThread(hinstDLL, 0);
|
|
|
|
|
return 0;
|
2023-08-16 11:28:46 +02:00
|
|
|
}
|
|
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
BOOL WINAPI
|
|
|
|
|
DllMain(HINSTANCE hinstDLL, // handle to DLL module
|
|
|
|
|
DWORD fdwReason, // reason for calling function
|
|
|
|
|
LPVOID lpvReserved) // reserved
|
2023-08-15 14:02:17 +02:00
|
|
|
{
|
2023-10-06 07:47:01 +02:00
|
|
|
// Perform actions based on the reason for calling.
|
|
|
|
|
switch (fdwReason)
|
|
|
|
|
{
|
|
|
|
|
case DLL_PROCESS_ATTACH:
|
|
|
|
|
|
|
|
|
|
DisableThreadLibraryCalls(hinstDLL);
|
|
|
|
|
|
2023-12-25 16:54:35 +01:00
|
|
|
const auto thread = CreateThread(nullptr,
|
|
|
|
|
0,
|
|
|
|
|
reinterpret_cast<LPTHREAD_START_ROUTINE>(Init),
|
|
|
|
|
hinstDLL,
|
|
|
|
|
0,
|
|
|
|
|
nullptr);
|
2023-10-06 07:47:01 +02:00
|
|
|
|
|
|
|
|
if (thread)
|
|
|
|
|
CloseHandle(thread);
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
}
|
2023-12-25 16:54:35 +01:00
|
|
|
return TRUE; // Successful DLL_PROCESS_ATTACH.
|
2023-08-15 14:02:17 +02:00
|
|
|
}
|
