mirror-ac/service/Worker.cs

199 lines
7.2 KiB
C#
Raw Normal View History

2023-08-18 07:33:13 +02:00
using System.IO.Pipes;
2023-08-18 09:18:00 +02:00
using System.Runtime.InteropServices;
2023-08-18 10:39:21 +02:00
using service.Types;
#pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously
#pragma warning disable CS8600
#pragma warning disable CS8603
2023-08-18 07:33:13 +02:00
namespace service
{
public class Worker : BackgroundService
{
private readonly ILogger<Worker> _logger;
private NamedPipeServerStream _pipeServer;
private byte[] _buffer;
2023-08-18 16:34:15 +02:00
private byte[] _headerBuf;
private int _headerBufSize;
2023-08-18 07:33:13 +02:00
2023-08-19 11:44:42 +02:00
private const int REPORT_PROCESS_MODULE_FAILURE = 10;
private const int REPORT_PROCESS_THREAD_START_ADDRESS_FAILURE = 20;
2023-08-18 15:22:53 +02:00
private const int REPORT_PAGE_PROTECTION_VERIFICATION = 30;
private const int REPORT_PATTERN_SCAN_FAILURE = 40;
2023-08-19 11:44:42 +02:00
private const int REPORT_NMI_CALLBACK_FAILURE = 50;
private const int REPORT_KERNEL_MODULE_FAILURE = 60;
2023-08-18 15:22:53 +02:00
2023-08-18 16:34:15 +02:00
private const int MESSAGE_TYPE_REPORT = 1;
private const int MESSAGE_TYPE_REQUEST = 2;
private int PIPE_BUFFER_READ_SIZE;
struct PIPE_PACKET_HEADER
{
int message_type;
};
2023-08-18 07:33:13 +02:00
public Worker(ILogger<Worker> logger)
{
_logger = logger;
_buffer = new byte[1024];
2023-08-18 16:34:15 +02:00
unsafe { _headerBufSize = sizeof(PIPE_PACKET_HEADER); }
_headerBuf = new byte[_headerBufSize];
2023-08-18 07:33:13 +02:00
_pipeServer = new NamedPipeServerStream("DonnaACPipe", PipeDirection.InOut, 1);
2023-08-18 16:34:15 +02:00
PIPE_BUFFER_READ_SIZE = 1024 - _headerBufSize;
2023-08-18 07:33:13 +02:00
}
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
_logger.LogInformation("Windows service starting, waiting for client to connect");
2023-08-18 16:34:15 +02:00
// to do: verify whos connecting
2023-08-18 09:18:00 +02:00
_pipeServer.WaitForConnection();
2023-08-18 07:33:13 +02:00
2023-08-18 09:18:00 +02:00
_logger.LogInformation("Client connected to the pipe server");
2023-08-18 07:33:13 +02:00
2023-08-18 16:34:15 +02:00
int header = 0;
2023-08-18 09:18:00 +02:00
while (!stoppingToken.IsCancellationRequested)
{
2023-08-18 07:33:13 +02:00
try
{
2023-08-18 16:34:15 +02:00
if (_pipeServer.Read(_headerBuf, 0, _headerBufSize) > 0)
2023-08-18 07:33:13 +02:00
{
2023-08-18 16:34:15 +02:00
// for now the header is only an int... LOL
header = BitConverter.ToInt32(_headerBuf, 0);
_logger.LogInformation("Message received with id: {0}", header);
switch (header)
{
case MESSAGE_TYPE_REPORT:
_pipeServer.Read(_buffer, 0, PIPE_BUFFER_READ_SIZE + _headerBufSize);
await TranslatePipeBuffer();
break;
case MESSAGE_TYPE_REQUEST:
_logger.LogInformation("Request received lLOL");
Array.Clear(_buffer, 0, _buffer.Length);
break;
}
2023-08-18 07:33:13 +02:00
}
}
catch (Exception ex)
{
2023-08-18 09:18:00 +02:00
_logger.LogError("Reading buffer from pipe failed with message: {0}", ex.Message);
2023-08-18 07:33:13 +02:00
}
}
}
2023-08-18 09:18:00 +02:00
private async Task TranslatePipeBuffer()
{
2023-08-18 10:39:21 +02:00
int reportCode = BitConverter.ToInt32(_buffer, 0);
_logger.LogInformation("Report received with code: {0}", reportCode);
switch (reportCode)
{
2023-08-19 11:44:42 +02:00
case REPORT_PROCESS_MODULE_FAILURE:
2023-08-18 15:22:53 +02:00
var checksumFailurePacket = BytesToStructure<MODULE_VERIFICATION_CHECKSUM_FAILURE>();
2023-08-18 10:39:21 +02:00
unsafe
{
_logger.LogInformation("Report code: {0}, Base address: {1}, Size: {2}, Name: ",
2023-08-18 15:22:53 +02:00
checksumFailurePacket.ReportCode,
checksumFailurePacket.ModuleBaseAddress,
checksumFailurePacket.ModuleSize);
2023-08-18 10:39:21 +02:00
}
goto end;
2023-08-19 11:44:42 +02:00
case REPORT_PROCESS_THREAD_START_ADDRESS_FAILURE:
2023-08-18 15:22:53 +02:00
var startAddressFailurePacket = BytesToStructure<PROCESS_THREAD_START_FAILURE>();
_logger.LogInformation("Report code: {0}, Thread Id: {1}, Start Address: {2}",
startAddressFailurePacket.ReportCode,
startAddressFailurePacket.ThreadId,
startAddressFailurePacket.StartAddress);
goto end;
case REPORT_PAGE_PROTECTION_VERIFICATION:
var pageProtectionFailure = BytesToStructure<PAGE_PROTECTION_FAILURE>();
_logger.LogInformation("Report code: {0}, page base address: {1}, allocation protection {2}, allocation state: {3}, allocation type: {4}",
pageProtectionFailure.ReportCode,
pageProtectionFailure.PageBaseAddress,
pageProtectionFailure.AllocationProtection,
pageProtectionFailure.AllocationState,
pageProtectionFailure.AllocationType);
goto end;
case REPORT_PATTERN_SCAN_FAILURE:
var patternScanFailure = BytesToStructure<PATTERN_SCAN_FAILURE>();
_logger.LogInformation("Report code: {0}, signature id: {1}, Address: {2}",
patternScanFailure.ReportCode,
patternScanFailure.SignatureId,
patternScanFailure.Address);
goto end;
2023-08-19 11:44:42 +02:00
case REPORT_NMI_CALLBACK_FAILURE:
var nmiCallbackFailure = BytesToStructure<NMI_CALLBACK_FAILURE>();
_logger.LogInformation("Report code: {0}, WereNmisDisabled: {1}, KThreadAddress: {2}, InvalidRip: {3}",
nmiCallbackFailure.ReportCode,
nmiCallbackFailure.WereNmisDisabled,
nmiCallbackFailure.KThreadAddress,
nmiCallbackFailure.InvalidRip);
goto end;
case REPORT_KERNEL_MODULE_FAILURE:
var kernelModuleFailure = BytesToStructure<MODULE_VALIDATION_FAILURE>();
_logger.LogInformation("Report code: {0}, DriverBaseAddress: {1}, DriverSize: {2}",
kernelModuleFailure.ReportCode,
kernelModuleFailure.DriverBaseAddress,
kernelModuleFailure.DriverSize);
goto end;
2023-08-18 10:39:21 +02:00
default:
_logger.LogError("Invalid report code received");
goto end;
}
end:
2023-08-18 09:18:00 +02:00
Array.Clear(_buffer, 0, _buffer.Length);
}
private T BytesToStructure<T>()
{
int size = Marshal.SizeOf(typeof(T));
IntPtr ptr = Marshal.AllocHGlobal(size);
try
{
2023-08-18 16:34:15 +02:00
unsafe { Marshal.Copy(_buffer, 0, ptr, size); }
2023-08-18 09:18:00 +02:00
return (T)Marshal.PtrToStructure(ptr, typeof(T));
}
finally
{
Marshal.FreeHGlobal(ptr);
}
}
2023-08-18 07:33:13 +02:00
}
}
2023-08-18 10:39:21 +02:00
#pragma warning restore CS1998 // Async method lacks 'await' operators and will run synchronously
#pragma warning restore CS8600
#pragma warning restore CS8603