noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

sss

Browse source
This commit is contained in:
lhodges1 2023-08-19 20:58:07 +10:00
parent 4321236a0f
commit 4684dd2158
1 changed files with 13 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
driver/modules.c
View file

@ -10,7 +10,7 @@ NTSTATUS ValidateDriverIOCTLDispatchRegion(
)
{
NTSTATUS status;
UINT64 current_function;
UINT64 dispatch_function;
UINT64 base = ( UINT64 )Driver->DriverStart;
UINT64 end = base + Driver->DriverSize;
@ -22,26 +22,21 @@ NTSTATUS ValidateDriverIOCTLDispatchRegion(
* the module, report it. Basic check but every effective for catching driver
* dispatch hooking.
*/
dispatch_function = Driver->MajorFunction[ IRP_MJ_DEVICE_CONTROL ];
for ( INT index = 0; index < IRP_MJ_MAXIMUM_FUNCTION + 1; index++ )
if ( dispatch_function == NULL )
return;
DEBUG_LOG( "Current function: %llx", dispatch_function );
if ( dispatch_function >= base && dispatch_function <= end )
{
current_function = *(UINT64*)
( ( UINT64 )Driver->MajorFunction + index * sizeof( PVOID ) );
DEBUG_LOG( "Current function: %llx", current_function );
if ( current_function == NULL )
continue;
if ( current_function >= base && current_function <= end )
{
DEBUG_LOG( "THIS ADDRESS IS INSIDE ITS REGIUON :)" );
continue;
}
DEBUG_ERROR( "Driver with invalid IOCTL dispatch routine found" );
*Flag = FALSE;
DEBUG_LOG( "THIS ADDRESS IS INSIDE ITS REGIUON :)" );
return;
}
DEBUG_ERROR( "Driver with invalid IOCTL dispatch routine found" );
*Flag = FALSE;
}
VOID InitDriverList(