2024-01-21 08:22:06 +01:00
|
|
|
#include "dispatcher.h"
|
|
|
|
|
|
|
|
#include "../client/message_queue.h"
|
2024-05-11 14:54:58 +02:00
|
|
|
#include "../crypt/crypt.h"
|
2024-06-09 09:22:22 +02:00
|
|
|
#include "../helper.h"
|
2024-01-21 08:22:06 +01:00
|
|
|
|
2024-01-28 08:34:09 +01:00
|
|
|
#include <bcrypt.h>
|
2024-01-21 08:22:06 +01:00
|
|
|
#include <chrono>
|
|
|
|
|
|
|
|
dispatcher::dispatcher::dispatcher(LPCWSTR driver_name,
|
2024-06-09 09:22:22 +02:00
|
|
|
client::message_queue &message_queue,
|
|
|
|
module::module_information *module_info)
|
2024-01-21 08:22:06 +01:00
|
|
|
: thread_pool(DISPATCHER_THREAD_COUNT),
|
2024-06-09 09:22:22 +02:00
|
|
|
k_interface(driver_name, message_queue, module_info) {
|
|
|
|
this->module_info = module_info;
|
|
|
|
}
|
2024-01-21 08:22:06 +01:00
|
|
|
|
2024-01-28 08:34:09 +01:00
|
|
|
void dispatcher::dispatcher::request_session_pk() {
|
|
|
|
#ifdef NO_SERVER
|
|
|
|
LOG_INFO("NO_SERVER Build used. Generating local session key pair.");
|
|
|
|
#else
|
|
|
|
LOG_INFO("Requesting session key pair.");
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2024-01-25 12:09:16 +01:00
|
|
|
void dispatcher::dispatcher::write_shared_mapping_operation() {
|
|
|
|
int operation =
|
|
|
|
helper::generate_rand_int(kernel_interface::SHARED_STATE_OPERATION_COUNT);
|
|
|
|
LOG_INFO("Shared mapping operation callback received. operation: %lx",
|
|
|
|
operation);
|
|
|
|
this->k_interface.write_shared_mapping_operation(
|
|
|
|
*reinterpret_cast<kernel_interface::shared_state_operation_id *>(
|
|
|
|
&operation));
|
2024-01-22 14:02:59 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
void dispatcher::dispatcher::init_timer_callbacks() {
|
2024-01-25 12:09:16 +01:00
|
|
|
/* we want to offset when our driver routines are called */
|
|
|
|
this->k_interface.initiate_shared_mapping();
|
2024-01-23 05:15:21 +01:00
|
|
|
std::optional<HANDLE> result = this->timers.insert_callback(
|
2024-01-25 12:09:16 +01:00
|
|
|
std::bind(&dispatcher::dispatcher::write_shared_mapping_operation, this),
|
|
|
|
WRITE_SHARED_MAPPING_DUE_TIME, WRITE_SHARED_MAPPING_PERIOD);
|
|
|
|
helper::sleep_thread(TIMER_CALLBACK_DELAY);
|
2024-01-22 14:02:59 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
void dispatcher::dispatcher::run_timer_thread() {
|
|
|
|
thread_pool.queue_job([this]() { this->timers.run_timer_thread(); });
|
|
|
|
}
|
|
|
|
|
|
|
|
void dispatcher::dispatcher::run_io_port_thread() {
|
|
|
|
thread_pool.queue_job([this]() { k_interface.run_completion_port(); });
|
|
|
|
}
|
|
|
|
|
|
|
|
void dispatcher::dispatcher::run() {
|
2024-05-04 17:43:01 +02:00
|
|
|
// helper::generate_rand_seed();
|
2024-05-11 14:54:58 +02:00
|
|
|
crypt::initialise_provider();
|
2024-02-11 15:34:28 +01:00
|
|
|
std::srand(std::time(nullptr));
|
2024-01-22 14:02:59 +01:00
|
|
|
this->init_timer_callbacks();
|
|
|
|
this->run_timer_thread();
|
|
|
|
this->run_io_port_thread();
|
2024-01-25 12:09:16 +01:00
|
|
|
thread_pool.queue_job([this]() { k_interface.run_completion_port(); });
|
2024-01-21 08:22:06 +01:00
|
|
|
while (true) {
|
2024-06-09 09:22:22 +02:00
|
|
|
LOG_INFO("issueing kernel job!");
|
2024-05-12 09:26:36 +02:00
|
|
|
this->issue_kernel_job();
|
2024-01-25 12:09:16 +01:00
|
|
|
helper::sleep_thread(DISPATCH_LOOP_SLEEP_TIME);
|
2024-01-21 08:22:06 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void dispatcher::dispatcher::issue_kernel_job() {
|
|
|
|
switch (helper::generate_rand_int(KERNEL_DISPATCH_FUNCTION_COUNT)) {
|
|
|
|
case 0:
|
|
|
|
thread_pool.queue_job([this]() { k_interface.enumerate_handle_tables(); });
|
|
|
|
break;
|
|
|
|
case 1:
|
|
|
|
thread_pool.queue_job([this]() { k_interface.perform_integrity_check(); });
|
|
|
|
break;
|
|
|
|
case 2:
|
|
|
|
thread_pool.queue_job(
|
|
|
|
[this]() { k_interface.scan_for_unlinked_processes(); });
|
|
|
|
break;
|
|
|
|
case 3:
|
|
|
|
thread_pool.queue_job(
|
|
|
|
[this]() { k_interface.verify_process_module_executable_regions(); });
|
|
|
|
break;
|
|
|
|
case 4:
|
|
|
|
thread_pool.queue_job(
|
|
|
|
[this]() { k_interface.validate_system_driver_objects(); });
|
|
|
|
break;
|
|
|
|
case 5:
|
|
|
|
thread_pool.queue_job([this]() { k_interface.run_nmi_callbacks(); });
|
|
|
|
break;
|
|
|
|
case 6:
|
|
|
|
thread_pool.queue_job(
|
|
|
|
[this]() { k_interface.scan_for_attached_threads(); });
|
|
|
|
break;
|
|
|
|
case 7:
|
|
|
|
thread_pool.queue_job([this]() { k_interface.initiate_apc_stackwalk(); });
|
|
|
|
break;
|
|
|
|
case 8:
|
|
|
|
thread_pool.queue_job([this]() { k_interface.scan_for_ept_hooks(); });
|
|
|
|
break;
|
|
|
|
case 9:
|
|
|
|
thread_pool.queue_job([this]() { k_interface.perform_dpc_stackwalk(); });
|
|
|
|
break;
|
|
|
|
case 10:
|
|
|
|
thread_pool.queue_job([this]() { k_interface.validate_system_modules(); });
|
|
|
|
break;
|
2024-02-14 17:16:27 +01:00
|
|
|
case 11:
|
|
|
|
thread_pool.queue_job([this]() { k_interface.validate_pci_devices(); });
|
|
|
|
break;
|
2024-05-04 17:43:01 +02:00
|
|
|
case 12:
|
|
|
|
thread_pool.queue_job(
|
|
|
|
[this]() { k_interface.validate_win32k_dispatch_tables(); });
|
|
|
|
break;
|
2024-01-21 08:22:06 +01:00
|
|
|
}
|
|
|
|
}
|