From 30ab652a561f13e44f35e37aaa35111a9f963a59 Mon Sep 17 00:00:00 2001
From: donnaskiez <lachiehodges7785@gmail.com>
Date: Sun, 5 May 2024 21:29:32 +1000
Subject: [PATCH] o yeh

---
 driver/integrity.c                         |  2 --
 driver/io.c                                |  9 ++++-----
 module/helper.cpp                          | 14 ++++++++++++++
 module/kernel_interface/kernel_interface.h |  8 ++++++++
 4 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/driver/integrity.c b/driver/integrity.c
index e5cc6bf..50d1ce9 100644
--- a/driver/integrity.c
+++ b/driver/integrity.c
@@ -2117,8 +2117,6 @@ HeartbeatWorkItem(_In_ PDEVICE_OBJECT DeviceObject, _In_opt_ PVOID Context)
     NTSTATUS                 status = STATUS_UNSUCCESSFUL;
     PHEARTBEAT_CONFIGURATION config = (PHEARTBEAT_CONFIGURATION)Context;
 
-    DEBUG_INFO("heartbeat work routine called");
-
     /* Ensure we wait until our heartbeats DPC has terminated. */
     KeFlushQueuedDpcs();
     FreeHeartbeatObjects(config);
diff --git a/driver/io.c b/driver/io.c
index 7812e9a..f81916d 100644
--- a/driver/io.c
+++ b/driver/io.c
@@ -156,11 +156,10 @@ STATIC
 VOID
 IncrementPacketMetics(_In_ PIRP_QUEUE_HEAD Queue, UINT16 Type)
 {
-    if (Type == PACKET_TYPE_REPORT)
-        Queue->total_reports_completed++;
-
-    if (Type == PACKET_TYPE_HEARTBEAT)
-        Queue->total_heartbeats_completed++;
+    switch (Type) {
+    case PACKET_TYPE_HEARTBEAT: Queue->total_heartbeats_completed++; break;
+    case PACKET_TYPE_REPORT: Queue->total_reports_completed++; break;
+    }
 
     Queue->total_irps_completed++;
 }
diff --git a/module/helper.cpp b/module/helper.cpp
index 69389ed..5a7e31e 100644
--- a/module/helper.cpp
+++ b/module/helper.cpp
@@ -53,6 +53,20 @@ void helper::print_kernel_report(void *buffer) {
   kernel_interface::packet_header *header =
       reinterpret_cast<kernel_interface::packet_header *>(buffer);
   LOG_INFO("packet type: %lx", header->packet_type);
+
+  if (header->packet_type == 1)
+  {
+      kernel_interface::heartbeat_packet* hb =
+          reinterpret_cast<kernel_interface::heartbeat_packet*>(buffer);
+      LOG_INFO("Heartbeat Count: %lx", hb->heartbeat_count);
+      LOG_INFO("Total Reports Completed: %lx", hb->total_reports_completed);
+      LOG_INFO("Total IRPs Completed: %lx", hb->total_irps_completed);
+      LOG_INFO("Total Heartbeats Completed: %lx",
+               hb->total_heartbeats_completed);
+      LOG_INFO("********************************");
+      return;
+  }
+
   kernel_interface::report_header *report_header =
       reinterpret_cast<kernel_interface::report_header *>(
           (uint64_t)buffer + sizeof(kernel_interface::packet_header));
diff --git a/module/kernel_interface/kernel_interface.h b/module/kernel_interface/kernel_interface.h
index b07b61a..fd883c0 100644
--- a/module/kernel_interface/kernel_interface.h
+++ b/module/kernel_interface/kernel_interface.h
@@ -123,6 +123,14 @@ struct process_module_validation_report {
   wchar_t module_path[MODULE_PATH_LEN];
 };
 
+struct heartbeat_packet {
+    packet_header header;
+    uint32_t        heartbeat_count;
+    uint32_t        total_reports_completed;
+    uint32_t        total_irps_completed;
+    uint32_t        total_heartbeats_completed;
+};
+
 enum apc_operation { operation_stackwalk = 0x1 };
 
 // clang-format off