noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

e

Browse source
This commit is contained in:
lhodges1 2023-09-05 01:00:36 +10:00
parent 9013926996
commit 0cc842d3ee
4 changed files with 257 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
driver/driver.c
View file

@ -227,8 +227,8 @@ NTSTATUS InitialiseDriverConfigOnDriverEntry(
}
status = ParseSMBIOSTable(
&driver_config.system_information.motherboard_uuid,
sizeof(driver_config.system_information.motherboard_uuid)
&driver_config.system_information.motherboard_serial,
sizeof(driver_config.system_information.motherboard_serial)
);
if ( !NT_SUCCESS( status ) )
@ -238,7 +238,7 @@ NTSTATUS InitialiseDriverConfigOnDriverEntry(
return status;
}
DEBUG_LOG( "Motherboard serial: %s", driver_config.system_information.motherboard_uuid );
DEBUG_LOG( "Motherboard serial: %s", driver_config.system_information.motherboard_serial );
return status;
}
@ -332,15 +332,17 @@ NTSTATUS DriverEntry(
BOOLEAN flag = FALSE;
NTSTATUS status;
status = InitialiseDriverConfigOnDriverEntry( RegistryPath );
//status = InitialiseDriverConfigOnDriverEntry( RegistryPath );
if ( !NT_SUCCESS( status ) )
{
DEBUG_ERROR( "InitialiseDriverConfigOnDriverEntry failed with status %x", status );
return status;
}
//if ( !NT_SUCCESS( status ) )
//{
// DEBUG_ERROR( "InitialiseDriverConfigOnDriverEntry failed with status %x", status );
// return status;
//}
InitialiseProcessConfigOnDriverEntry();
//InitialiseProcessConfigOnDriverEntry();
QueryDiskDriverForDiskInformation();
status = IoCreateDevice(
DriverObject,

2
driver/driver.h
View file

@ -11,7 +11,7 @@
typedef struct _SYSTEM_INFORMATION
{
CHAR motherboard_uuid[ MOTHERBOARD_SERIAL_CODE_LENGTH ];
CHAR motherboard_serial[ MOTHERBOARD_SERIAL_CODE_LENGTH ];
}SYSTEM_INFORMATION, * PSYSTEM_INFORMATION;

100
driver/integrity.c
View file

@ -752,6 +752,16 @@ VOID GetNextSMBIOSStructureInTable(
}
}
/*
* Remember that the string index does not start from the beginning of the struct. For example, lets take
* RAW_SMBIOS_TABLE_02: the first string is NOT "Type" at index 0, the first string is Manufacturer. So if we
* want to find the SerialNumber, the string index would be 4, as the previous 3 values (after the header) are
* all strings. So remember, the index is into the number of strings that exist for the given table, NOT the
* size of the structure or a values index into the struct.
*
* Here we count the number of strings by incrementing the string_count each time we pass a null terminator
* so we know when we're at the beginning of the target string.
*/
NTSTATUS GetStringAtIndexFromSMBIOSTable(
_In_ PSMBIOS_TABLE_HEADER Table,
_In_ INT Index,
@ -880,3 +890,93 @@ end:
return status;
}
NTSTATUS QueryDiskDriverForDiskInformation()
{
NTSTATUS status;
HANDLE handle;
PVOID buffer = NULL;
OBJECT_ATTRIBUTES object_attributes;
PIO_STATUS_BLOCK status_block = { 0 };
STORAGE_DESCRIPTOR_HEADER storage_descriptor_header = { 0 };
PSTORAGE_DEVICE_DESCRIPTOR storage_device_descriptor = NULL;
UNICODE_STRING physical_drive_path = RTL_CONSTANT_STRING( L"\\\\.\\PhysicalDrive0" );
InitializeObjectAttributes(
&object_attributes,
&physical_drive_path,
OBJ_CASE_INSENSITIVE,
NULL,
NULL
);
status = ZwOpenFile(
&handle,
OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE,
&object_attributes,
&status_block,
NULL,
NULL
);
if ( !NT_SUCCESS( status ) )
{
DEBUG_ERROR( "Failed to open handle to PhysicalDrive0 with status %x", status );
return status;
}
status = ZwDeviceIoControlFile(
&handle,
NULL,
NULL,
NULL,
&status_block,
IOCTL_STORAGE_QUERY_PROPERTY,
NULL,
NULL,
&storage_descriptor_header,
sizeof( storage_descriptor_header )
);
if ( !NT_SUCCESS( status ) )
{
DEBUG_ERROR( "ZwDeviceIoControlFile failed with status %x", status );
goto end;
}
buffer = ExAllocatePool2( POOL_FLAG_NON_PAGED, storage_descriptor_header.Size, POOL_TAG_INTEGRITY );
if ( !buffer )
goto end;
status = ZwDeviceIoControlFile(
&handle,
NULL,
NULL,
NULL,
&status_block,
IOCTL_STORAGE_QUERY_PROPERTY,
NULL,
NULL,
buffer,
storage_descriptor_header.Size
);
if ( !NT_SUCCESS( status ) )
{
DEBUG_ERROR( "ZwDeviceIoControlFile failed with status %x", status );
goto end;
}
DEBUG_LOG( "Storage descritpr size: %lx", storage_descriptor_header.Size );
storage_device_descriptor = ( PSTORAGE_DEVICE_DESCRIPTOR )buffer;
DEBUG_LOG( "Serial number offset: %lx", storage_device_descriptor->SerialNumberOffset );
end:
if ( buffer )
ExFreePoolWithTag( buffer, POOL_TAG_INTEGRITY );
ZwClose( handle );
}

144
driver/integrity.h
View file

@ -4,11 +4,153 @@
#include <ntifs.h>
#include "common.h"
#define IOCTL_STORAGE_QUERY_PROPERTY CTL_CODE(0x0000002d, 0x0500, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define SMBIOS_TABLE 'RSMB'
#define SMBIOS_SYSTEM_INFORMATION_TYPE_2_TABLE 2
#define NULL_TERMINATOR '\0'
#define MOTHERBOARD_SERIAL_CODE_TABLE_INDEX 4
typedef enum _STORAGE_BUS_TYPE {
BusTypeUnknown = 0x00,
BusTypeScsi,
BusTypeAtapi,
BusTypeAta,
BusType1394,
BusTypeSsa,
BusTypeFibre,
BusTypeUsb,
BusTypeRAID,
BusTypeiScsi,
BusTypeSas,
BusTypeSata,
BusTypeSd,
BusTypeMmc,
BusTypeVirtual,
BusTypeFileBackedVirtual,
BusTypeSpaces,
BusTypeNvme,
BusTypeSCM,
BusTypeUfs,
BusTypeMax,
BusTypeMaxReserved = 0x7F
} STORAGE_BUS_TYPE, * PSTORAGE_BUS_TYPE;
//
// Standard property descriptor header. All property pages should use this
// as their first element or should contain these two elements
//
typedef struct _STORAGE_DESCRIPTOR_HEADER {
UINT32 Version;
UINT32 Size;
} STORAGE_DESCRIPTOR_HEADER, * PSTORAGE_DESCRIPTOR_HEADER;
//
// Device property descriptor - this is really just a rehash of the inquiry
// data retrieved from a scsi device
//
// This may only be retrieved from a target device. Sending this to the bus
// will result in an error
//
typedef struct _STORAGE_DEVICE_DESCRIPTOR {
//
// Sizeof(STORAGE_DEVICE_DESCRIPTOR)
//
UINT32 Version;
//
// Total size of the descriptor, including the space for additional
// data and id strings
//
UINT32 Size;
//
// The SCSI-2 device type
//
BYTE DeviceType;
//
// The SCSI-2 device type modifier (if any) - this may be zero
//
BYTE DeviceTypeModifier;
//
// Flag indicating whether the device's media (if any) is removable. This
// field should be ignored for media-less devices
//
BOOLEAN RemovableMedia;
//
// Flag indicating whether the device can support mulitple outstanding
// commands. The actual synchronization in this case is the responsibility
// of the port driver.
//
BOOLEAN CommandQueueing;
//
// Byte offset to the zero-terminated ascii string containing the device's
// vendor id string. For devices with no such ID this will be zero
//
UINT32 VendorIdOffset;
//
// Byte offset to the zero-terminated ascii string containing the device's
// product id string. For devices with no such ID this will be zero
//
UINT32 ProductIdOffset;
//
// Byte offset to the zero-terminated ascii string containing the device's
// product revision string. For devices with no such string this will be
// zero
//
UINT32 ProductRevisionOffset;
//
// Byte offset to the zero-terminated ascii string containing the device's
// serial number. For devices with no serial number this will be zero
//
UINT32 SerialNumberOffset;
//
// Contains the bus type (as defined above) of the device. It should be
// used to interpret the raw device properties at the end of this structure
// (if any)
//
STORAGE_BUS_TYPE BusType;
//
// The number of bytes of bus-specific data which have been appended to
// this descriptor
//
UINT32 RawPropertiesLength;
//
// Place holder for the first byte of the bus specific property data
//
BYTE RawDeviceProperties[ 1 ];
} STORAGE_DEVICE_DESCRIPTOR, * PSTORAGE_DEVICE_DESCRIPTOR;
NTSTATUS CopyDriverExecutableRegions(
_In_ PIRP Irp
);
@ -30,4 +172,6 @@ NTSTATUS ParseSMBIOSTable(
_In_ SIZE_T ConfigMotherboardSerialNumberSize
);
NTSTATUS QueryDiskDriverForDiskInformation();
#endif