mirror-ac/user/main.cpp

#include <iostream>
#include <Windows.h>
#include <string>
#include <WDBGEXTS.H>

#include "common.h"

#include "threadpool.h"
#include "client.h"

#include "../user/um/umanager.h"
#include "../user/km/kmanager.h"

//BOOLEAN IsTestSigningModeEnabled()
//{
//        ULONG return_length = 0;
//
//        SYSTEM_CODEINTEGRITY_INFORMATION info = { 0 };
//        info.Length = sizeof(SYSTEM_CODEINTEGRITY_INFORMATION);
//        info.CodeIntegrityOptions = 0;
//
//        NTSTATUS status = NtQuerySystemInformation(
//                SystemCodeIntegrityInformation,
//                &info,
//                sizeof(info),
//                &return_length
//        );
//
//        if (!NT_SUCCESS(status))
//        {
//                LOG_ERROR("NtQuerySystemInformation failed with status: %lx", status);
//                return FALSE;
//        }
//
//        return info.CodeIntegrityOptions & CODEINTEGRITY_OPTION_TESTSIGN;
//}

DWORD WINAPI Init(HINSTANCE hinstDLL)
{
        AllocConsole();
        FILE* file;
        freopen_s(&file, "CONOUT$", "w", stdout);
        freopen_s(&file, "CONIN$", "r", stdin);

        std::this_thread::sleep_for(std::chrono::seconds(1));

        LPTSTR pipe_name = (LPTSTR)L"\\\\.\\pipe\\DonnaACPipe";
        LPCWSTR driver_name = L"\\\\.\\DonnaAC";

        std::shared_ptr<global::ThreadPool> thread_pool = std::make_shared<global::ThreadPool>(4);
        std::shared_ptr<global::Client> client_interface = std::make_shared<global::Client>(thread_pool, pipe_name);

        usermode::UManager umanager(thread_pool, client_interface);
        kernelmode::KManager kmanager(driver_name, thread_pool, client_interface);

        global::headers::SYSTEM_INFORMATION system_information;
        kmanager.SendClientHardwareInformation();

        global::report_structures::SYSTEM_INFORMATION_REQUEST_RESPONSE response;

        //client_interface->ServerReceive( &response, sizeof( response ) );

        //std::cout << "RequestID: " << response.RequestId << " CanUserProceed: " << 
        //    response.CanUserProceed << " Reason: " << response.reason << std::endl;

        /*
        * Note that this is really just for testing the methods for extended periods of time. 
        * The "real business logic" would execute the methods with varying degrees of uncertaintity 
        * but still allow for bias, i.e we don't want NMI callbacks to be running every 10 seconds
        * since they are "dangerous" for the CPU given the IRQL they run at.
        */

        srand(time(NULL));

        while (!GetAsyncKeyState(VK_DELETE))
        {
                int seed = (rand() % 12);

                std::cout << "Seed: " << seed << std::endl;

                switch (seed)
                {
                case 0: { kmanager.EnumerateHandleTables(); break; }
                case 1: { kmanager.PerformIntegrityCheck(); break; }
                case 2: { kmanager.ScanPoolsForUnlinkedProcesses(); break; }
                case 3: { kmanager.VerifySystemModuleDriverObjects(); break; }
                case 4: { kmanager.ValidateProcessModules(); break; }
                case 5: { kmanager.RunNmiCallbacks(); break; }
                case 6: { kmanager.CheckForAttachedThreads(); break; }
                case 7: { kmanager.InitiateApcStackwalkOperation(); break; }
                case 8: { kmanager.CheckForHiddenThreads(); break; }
                case 9: { kmanager.CheckForEptHooks(); break; }
                case 10: { kmanager.LaunchIpiInterrupt(); break; }
                case 11: { kmanager.ValidateSystemModules(); break; }
                }

                kmanager.MonitorCallbackReports();
                std::this_thread::sleep_for(std::chrono::seconds(10));
        }

        fclose(stdout);
        fclose(stdin);
        FreeConsole();

        FreeLibraryAndExitThread(hinstDLL, 0);
        return 0;
}

BOOL WINAPI DllMain(
        HINSTANCE hinstDLL,  // handle to DLL module
        DWORD fdwReason,     // reason for calling function
        LPVOID lpvReserved)  // reserved
{
        // Perform actions based on the reason for calling.
        switch (fdwReason)
        {
        case DLL_PROCESS_ATTACH:

                DisableThreadLibraryCalls(hinstDLL);

                const auto thread = CreateThread(
                        nullptr,
                        0,
                        reinterpret_cast<LPTHREAD_START_ROUTINE>(Init),
                        hinstDLL,
                        0,
                        nullptr
                );

                if (thread)
                        CloseHandle(thread);

                break;
        }
        return TRUE;  // Successful DLL_PROCESS_ATTACH.
}
Add project files. 2023-08-15 14:02:17 +02:00			`#include <iostream>`
			`#include <Windows.h>`
			`#include <string>`
sleep 2023-09-15 22:25:02 +02:00			`#include <WDBGEXTS.H>`
Add project files. 2023-08-15 14:02:17 +02:00
			`#include "common.h"`
some MAJOR changes LOL 2023-08-16 11:28:46 +02:00
e 2023-08-17 10:45:50 +02:00			`#include "threadpool.h"`
AAAAAA 2023-08-22 19:32:25 +02:00			`#include "client.h"`
Add project files. 2023-08-15 14:02:17 +02:00
e 2023-08-17 10:45:50 +02:00			`#include "../user/um/umanager.h"`
			`#include "../user/km/kmanager.h"`

win11 testing + few other tings 2023-10-31 15:17:40 +01:00			`//BOOLEAN IsTestSigningModeEnabled()`
			`//{`
			`// ULONG return_length = 0;`
			`//`
			`// SYSTEM_CODEINTEGRITY_INFORMATION info = { 0 };`
			`// info.Length = sizeof(SYSTEM_CODEINTEGRITY_INFORMATION);`
			`// info.CodeIntegrityOptions = 0;`
			`//`
			`// NTSTATUS status = NtQuerySystemInformation(`
			`// SystemCodeIntegrityInformation,`
			`// &info,`
			`// sizeof(info),`
			`// &return_length`
			`// );`
			`//`
			`// if (!NT_SUCCESS(status))`
			`// {`
			`// LOG_ERROR("NtQuerySystemInformation failed with status: %lx", status);`
			`// return FALSE;`
			`// }`
			`//`
			`// return info.CodeIntegrityOptions & CODEINTEGRITY_OPTION_TESTSIGN;`
			`//}`

e 2023-08-17 10:45:50 +02:00			`DWORD WINAPI Init(HINSTANCE hinstDLL)`
some MAJOR changes LOL 2023-08-16 11:28:46 +02:00			`{`
PLZ no CORRUPT :c 2023-10-06 07:47:01 +02:00			`AllocConsole();`
			`FILE* file;`
			`freopen_s(&file, "CONOUT$", "w", stdout);`
			`freopen_s(&file, "CONIN$", "r", stdin);`
e 2023-08-17 10:45:50 +02:00
PLZ no CORRUPT :c 2023-10-06 07:47:01 +02:00			`std::this_thread::sleep_for(std::chrono::seconds(1));`
e 2023-08-17 10:45:50 +02:00
PLZ no CORRUPT :c 2023-10-06 07:47:01 +02:00			`LPTSTR pipe_name = (LPTSTR)L"\\\\.\\pipe\\DonnaACPipe";`
			`LPCWSTR driver_name = L"\\\\.\\DonnaAC";`
EPIC 2023-08-18 07:33:13 +02:00
PLZ no CORRUPT :c 2023-10-06 07:47:01 +02:00			`std::shared_ptr<global::ThreadPool> thread_pool = std::make_shared<global::ThreadPool>(4);`
			`std::shared_ptr<global::Client> client_interface = std::make_shared<global::Client>(thread_pool, pipe_name);`
e 2023-08-17 10:45:50 +02:00
PLZ no CORRUPT :c 2023-10-06 07:47:01 +02:00			`usermode::UManager umanager(thread_pool, client_interface);`
			`kernelmode::KManager kmanager(driver_name, thread_pool, client_interface);`
e 2023-09-07 19:49:36 +02:00
PLZ no CORRUPT :c 2023-10-06 07:47:01 +02:00			`global::headers::SYSTEM_INFORMATION system_information;`
			`kmanager.SendClientHardwareInformation();`
big money changes to driver 2023-08-19 04:52:57 +02:00
PLZ no CORRUPT :c 2023-10-06 07:47:01 +02:00			`global::report_structures::SYSTEM_INFORMATION_REQUEST_RESPONSE response;`
fucking FINALLY got this BULLSHIT working 2023-09-10 12:20:35 +02:00
PLZ no CORRUPT :c 2023-10-06 07:47:01 +02:00			`//client_interface->ServerReceive( &response, sizeof( response ) );`
fucking FINALLY got this BULLSHIT working 2023-09-10 12:20:35 +02:00
PLZ no CORRUPT :c 2023-10-06 07:47:01 +02:00			`//std::cout << "RequestID: " << response.RequestId << " CanUserProceed: " <<`
			`// response.CanUserProceed << " Reason: " << response.reason << std::endl;`
fucking FINALLY got this BULLSHIT working 2023-09-10 12:20:35 +02:00
ipi interrupt, readme, some bug fix 2023-10-30 12:57:24 +01:00			`/*`
			`* Note that this is really just for testing the methods for extended periods of time.`
			`* The "real business logic" would execute the methods with varying degrees of uncertaintity`
			`* but still allow for bias, i.e we don't want NMI callbacks to be running every 10 seconds`
			`* since they are "dangerous" for the CPU given the IRQL they run at.`
			`*/`

PLZ no CORRUPT :c 2023-10-06 07:47:01 +02:00			`srand(time(NULL));`
e 2023-09-24 05:10:13 +02:00
PLZ no CORRUPT :c 2023-10-06 07:47:01 +02:00			`while (!GetAsyncKeyState(VK_DELETE))`
few changes 2023-09-28 15:56:07 +02:00			`{`
win11 testing + few other tings 2023-10-31 15:17:40 +01:00			`int seed = (rand() % 12);`
PLZ no CORRUPT :c 2023-10-06 07:47:01 +02:00
			`std::cout << "Seed: " << seed << std::endl;`

bed time c: 2023-10-10 19:49:17 +02:00			`switch (seed)`
			`{`
ipi interrupt, readme, some bug fix 2023-10-30 12:57:24 +01:00			`case 0: { kmanager.EnumerateHandleTables(); break; }`
			`case 1: { kmanager.PerformIntegrityCheck(); break; }`
			`case 2: { kmanager.ScanPoolsForUnlinkedProcesses(); break; }`
			`case 3: { kmanager.VerifySystemModuleDriverObjects(); break; }`
			`case 4: { kmanager.ValidateProcessModules(); break; }`
			`case 5: { kmanager.RunNmiCallbacks(); break; }`
			`case 6: { kmanager.CheckForAttachedThreads(); break; }`
			`case 7: { kmanager.InitiateApcStackwalkOperation(); break; }`
			`case 8: { kmanager.CheckForHiddenThreads(); break; }`
			`case 9: { kmanager.CheckForEptHooks(); break; }`
			`case 10: { kmanager.LaunchIpiInterrupt(); break; }`
			`case 11: { kmanager.ValidateSystemModules(); break; }`
bed time c: 2023-10-10 19:49:17 +02:00			`}`
PLZ no CORRUPT :c 2023-10-06 07:47:01 +02:00
bed time c: 2023-10-10 19:49:17 +02:00			`kmanager.MonitorCallbackReports();`
PLZ no CORRUPT :c 2023-10-06 07:47:01 +02:00			`std::this_thread::sleep_for(std::chrono::seconds(10));`
few changes 2023-09-28 15:56:07 +02:00			`}`
e 2023-08-17 10:45:50 +02:00
PLZ no CORRUPT :c 2023-10-06 07:47:01 +02:00			`fclose(stdout);`
			`fclose(stdin);`
			`FreeConsole();`
some MAJOR changes LOL 2023-08-16 11:28:46 +02:00
PLZ no CORRUPT :c 2023-10-06 07:47:01 +02:00			`FreeLibraryAndExitThread(hinstDLL, 0);`
			`return 0;`
some MAJOR changes LOL 2023-08-16 11:28:46 +02:00			`}`

e 2023-08-17 10:45:50 +02:00			`BOOL WINAPI DllMain(`
PLZ no CORRUPT :c 2023-10-06 07:47:01 +02:00			`HINSTANCE hinstDLL, // handle to DLL module`
			`DWORD fdwReason, // reason for calling function`
			`LPVOID lpvReserved) // reserved`
Add project files. 2023-08-15 14:02:17 +02:00			`{`
PLZ no CORRUPT :c 2023-10-06 07:47:01 +02:00			`// Perform actions based on the reason for calling.`
			`switch (fdwReason)`
			`{`
			`case DLL_PROCESS_ATTACH:`

			`DisableThreadLibraryCalls(hinstDLL);`

			`const auto thread = CreateThread(`
			`nullptr,`
			`0,`
			`reinterpret_cast<LPTHREAD_START_ROUTINE>(Init),`
			`hinstDLL,`
			`0,`
			`nullptr`
			`);`

			`if (thread)`
			`CloseHandle(thread);`

			`break;`
			`}`
			`return TRUE; // Successful DLL_PROCESS_ATTACH.`
Add project files. 2023-08-15 14:02:17 +02:00			`}`