mirror-ac/user/main.cpp

83 lines
2.2 KiB
C++
Raw Normal View History

2023-08-15 14:02:17 +02:00
#include <iostream>
#include <Windows.h>
#include <string>
#include "common.h"
2023-08-16 11:28:46 +02:00
2023-08-17 10:45:50 +02:00
#include "threadpool.h"
2023-08-22 19:32:25 +02:00
#include "client.h"
2023-08-15 14:02:17 +02:00
2023-08-17 10:45:50 +02:00
#include "../user/um/umanager.h"
#include "../user/km/kmanager.h"
DWORD WINAPI Init(HINSTANCE hinstDLL)
2023-08-16 11:28:46 +02:00
{
2023-08-17 10:45:50 +02:00
AllocConsole();
FILE* file;
freopen_s( &file, "CONOUT$", "w", stdout );
freopen_s( &file, "CONIN$", "r", stdin );
std::this_thread::sleep_for( std::chrono::seconds( 1 ) );
2023-08-18 09:18:00 +02:00
LPTSTR pipe_name = (LPTSTR)L"\\\\.\\pipe\\DonnaACPipe";
2023-08-19 05:06:09 +02:00
LPCWSTR driver_name = L"\\\\.\\DonnaAC";
2023-08-18 07:33:13 +02:00
2023-08-17 10:45:50 +02:00
std::shared_ptr<global::ThreadPool> thread_pool = std::make_shared<global::ThreadPool>( 4 );
2023-08-22 19:32:25 +02:00
std::shared_ptr<global::Client> report_interface = std::make_shared<global::Client>( thread_pool, pipe_name );
2023-08-17 10:45:50 +02:00
2023-08-18 07:33:13 +02:00
usermode::UManager umanager( thread_pool, report_interface );
2023-08-19 05:06:09 +02:00
kernelmode::KManager kmanager( driver_name, thread_pool, report_interface);
2023-08-19 04:52:57 +02:00
2023-08-17 10:45:50 +02:00
while ( !GetAsyncKeyState( VK_DELETE ) )
{
2023-08-30 13:27:23 +02:00
kmanager.MonitorCallbackReports();
kmanager.RunNmiCallbacks();
kmanager.VerifySystemModules();
kmanager.RequestModuleExecutableRegionsForIntegrityCheck();
kmanager.DetectSystemVirtualization();
kmanager.ScanPoolsForUnlinkedProcesses();
2023-08-30 15:23:04 +02:00
kmanager.EnumerateHandleTables();
2023-08-30 13:27:23 +02:00
umanager.ValidateProcessModules();
umanager.ValidateProcessMemory();
umanager.ValidateProcessThreads();
std::this_thread::sleep_for( std::chrono::milliseconds( 10000 ) );
2023-08-17 10:45:50 +02:00
}
fclose( stdout );
fclose( stdin );
FreeConsole();
2023-08-16 11:28:46 +02:00
2023-08-17 10:45:50 +02:00
FreeLibraryAndExitThread( hinstDLL, 0);
return 0;
2023-08-16 11:28:46 +02:00
}
2023-08-17 10:45:50 +02:00
BOOL WINAPI DllMain(
HINSTANCE hinstDLL, // handle to DLL module
DWORD fdwReason, // reason for calling function
LPVOID lpvReserved ) // reserved
2023-08-15 14:02:17 +02:00
{
2023-08-17 10:45:50 +02:00
// Perform actions based on the reason for calling.
switch ( fdwReason )
{
case DLL_PROCESS_ATTACH:
2023-08-16 11:28:46 +02:00
2023-08-17 10:45:50 +02:00
DisableThreadLibraryCalls( hinstDLL );
2023-08-15 14:02:17 +02:00
2023-08-17 10:45:50 +02:00
const auto thread = CreateThread(
nullptr,
0,
reinterpret_cast< LPTHREAD_START_ROUTINE >( Init ),
hinstDLL,
0,
nullptr
);
2023-08-15 14:02:17 +02:00
2023-08-17 10:45:50 +02:00
if ( thread )
CloseHandle( thread );
2023-08-16 11:28:46 +02:00
2023-08-17 10:45:50 +02:00
break;
}
return TRUE; // Successful DLL_PROCESS_ATTACH.
2023-08-15 14:02:17 +02:00
}