noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

reawr

Browse source
This commit is contained in:
lhodges1 2023-08-20 17:32:46 +10:00
parent b991c8892a
commit 0cbc214383
3 changed files with 13 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
driver/modules.c
View file

@ -402,7 +402,10 @@ NTSTATUS HandleValidateDriversIOCTL(
} }
MODULE_VALIDATION_FAILURE_HEADER header; MODULE_VALIDATION_FAILURE_HEADER header;
header.module_count = head->count;
header.module_count = head->count >= MODULE_VALIDATION_FAILURE_MAX_REPORT_COUNT
? MODULE_VALIDATION_FAILURE_MAX_REPORT_COUNT
: head->count;
if ( head->count > 0 ) if ( head->count > 0 )
{ {

8
user/km/driver.cpp
View file

@ -1,5 +1,7 @@
#include "driver.h" #include "driver.h"
#include <iostream>
#include "../common.h" #include "../common.h"
kernelmode::Driver::Driver( LPCWSTR DriverName, std::shared_ptr<global::Report> ReportInterface ) kernelmode::Driver::Driver( LPCWSTR DriverName, std::shared_ptr<global::Report> ReportInterface )
@ -116,6 +118,8 @@ void kernelmode::Driver::VerifySystemModules()
*/ */
memcpy( &header, buffer, sizeof( header_size ) ); memcpy( &header, buffer, sizeof( header_size ) );
LOG_INFO( "module report count: %lx", header.module_count );
UINT64 base = ( UINT64 )buffer + sizeof( header_size ); UINT64 base = ( UINT64 )buffer + sizeof( header_size );
for ( int i = 0; i < header.module_count; i++ ) for ( int i = 0; i < header.module_count; i++ )
@ -126,6 +130,10 @@ void kernelmode::Driver::VerifySystemModules()
sizeof( global::report_structures::MODULE_VALIDATION_FAILURE ) sizeof( global::report_structures::MODULE_VALIDATION_FAILURE )
); );
std::cout << report.report_code << " " << report.report_type << " "
<< report.driver_base_address << " " << report.driver_size << " "
<< report.driver_name << std::endl;
this->report_interface->ReportViolation( &report ); this->report_interface->ReportViolation( &report );
/* sanity clear just in case ;) */ /* sanity clear just in case ;) */

2
user/report.h
View file

@ -103,7 +103,7 @@ namespace global
INT report_type; INT report_type;
UINT64 driver_base_address; UINT64 driver_base_address;
UINT64 driver_size; UINT64 driver_size;
BYTE driver_name[ 128 ]; CHAR driver_name[ 128 ];
}; };
} }
} }