mirror-ac/driver/session.c

156 lines
4.4 KiB
C
Raw Normal View History

2024-01-31 08:32:13 +01:00
#include "session.h"
#include "imports.h"
/* for now, lets just xor the aes key with our cookie */
typedef struct _SESSION_INITIATION_PACKET
{
UINT32 session_cookie;
CHAR session_aes_key[AES_128_KEY_SIZE];
PVOID protected_process_id;
} SESSION_INITIATION_PACKET, *PSESSION_INITIATION_PACKET;
VOID
SessionInitialiseStructure()
{
PAGED_CODE();
ImpKeInitializeGuardedMutex(&GetActiveSession()->lock);
}
VOID
SessionInitialiseCallbackConfiguration()
{
PAGED_CODE();
InitialiseObCallbacksConfiguration(GetActiveSession());
}
VOID
SessionIsActive(_Out_ PBOOLEAN Flag)
{
PAGED_CODE();
ImpKeAcquireGuardedMutex(&GetActiveSession()->lock);
*Flag = GetActiveSession()->is_session_active;
ImpKeReleaseGuardedMutex(&GetActiveSession()->lock);
}
VOID
SessionGetProcess(_Out_ PEPROCESS* Process)
{
PAGED_CODE();
ImpKeAcquireGuardedMutex(&GetActiveSession()->lock);
*Process = GetActiveSession()->process;
ImpKeReleaseGuardedMutex(&GetActiveSession()->lock);
}
VOID
SessionGetProcessId(_Out_ PLONG ProcessId)
{
PAGED_CODE();
ImpKeAcquireGuardedMutex(&GetActiveSession()->lock);
*ProcessId = GetActiveSession()->km_handle;
ImpKeReleaseGuardedMutex(&GetActiveSession()->lock);
}
VOID
SessionGetCallbackConfiguration(_Out_ POB_CALLBACKS_CONFIG* CallbackConfiguration)
{
ImpKeAcquireGuardedMutex(&GetActiveSession()->lock);
*CallbackConfiguration = &GetActiveSession()->callback_configuration;
ImpKeReleaseGuardedMutex(&GetActiveSession()->lock);
}
VOID
SessionTerminate()
{
PAGED_CODE();
DEBUG_INFO("Termination active session.");
PACTIVE_SESSION session = GetActiveSession();
ImpKeAcquireGuardedMutex(&session->lock);
session->km_handle = NULL;
session->um_handle = NULL;
session->process = NULL;
session->is_session_active = FALSE;
ImpKeReleaseGuardedMutex(&session->lock);
}
NTSTATUS
SessionInitialise(_In_ PIRP Irp)
{
PAGED_CODE();
NTSTATUS status = STATUS_UNSUCCESSFUL;
PEPROCESS process = NULL;
PSESSION_INITIATION_PACKET information = NULL;
PACTIVE_SESSION session = GetActiveSession();
DEBUG_VERBOSE("Initialising new session.");
status = ValidateIrpInputBuffer(Irp, sizeof(SESSION_INITIATION_PACKET));
if (!NT_SUCCESS(status))
{
DEBUG_ERROR("ValidateIrpInputBuffer failed with status %x", status);
return status;
}
information = (PSESSION_INITIATION_PACKET)Irp->AssociatedIrp.SystemBuffer;
ImpKeAcquireGuardedMutex(&session->lock);
session->um_handle = information->protected_process_id;
/* What if we pass an invalid handle here? not good. */
status = ImpPsLookupProcessByProcessId(session->um_handle, &process);
if (!NT_SUCCESS(status))
{
status = STATUS_INVALID_PARAMETER;
goto end;
}
session->km_handle = ImpPsGetProcessId(process);
session->process = process;
session->is_session_active = TRUE;
session->session_cookie = information->session_cookie;
RtlCopyMemory(session->session_aes_key, information->session_aes_key, AES_128_KEY_SIZE);
end:
ImpKeReleaseGuardedMutex(&session->lock);
return status;
}
VOID
SessionTerminateProcess()
{
PAGED_CODE();
NTSTATUS status = STATUS_UNSUCCESSFUL;
ULONG process_id = 0;
SessionGetProcessId(&process_id);
if (!process_id)
{
DEBUG_ERROR("Failed to terminate process as process id is null");
return;
}
/* Make sure we pass a km handle to ZwTerminateProcess and NOT a usermode handle. */
status = ZwTerminateProcess(process_id, STATUS_SYSTEM_INTEGRITY_POLICY_VIOLATION);
if (!NT_SUCCESS(status))
{
/*
* We don't want to clear the process config if ZwTerminateProcess fails
* so we can try again.
*/
DEBUG_ERROR("ZwTerminateProcess failed with status %x", status);
return;
}
/* this wont be needed when procloadstuff is implemented */
SessionTerminate();
}