noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

sss

Browse source
This commit is contained in:
lhodges1 2023-08-19 20:58:07 +10:00
parent 4321236a0f
commit 4684dd2158
1 changed files with 13 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
driver/modules.c
View file

@ -10,7 +10,7 @@ NTSTATUS ValidateDriverIOCTLDispatchRegion(
) )
{ {
NTSTATUS status; NTSTATUS status;
UINT64 current_function; UINT64 dispatch_function;
UINT64 base = ( UINT64 )Driver->DriverStart; UINT64 base = ( UINT64 )Driver->DriverStart;
UINT64 end = base + Driver->DriverSize; UINT64 end = base + Driver->DriverSize;
@ -22,27 +22,22 @@ NTSTATUS ValidateDriverIOCTLDispatchRegion(
* the module, report it. Basic check but every effective for catching driver * the module, report it. Basic check but every effective for catching driver
* dispatch hooking. * dispatch hooking.
*/ */
dispatch_function = Driver->MajorFunction[ IRP_MJ_DEVICE_CONTROL ];
for ( INT index = 0; index < IRP_MJ_MAXIMUM_FUNCTION + 1; index++ ) if ( dispatch_function == NULL )
{ return;
current_function = *(UINT64*)
( ( UINT64 )Driver->MajorFunction + index * sizeof( PVOID ) );
DEBUG_LOG( "Current function: %llx", current_function ); DEBUG_LOG( "Current function: %llx", dispatch_function );
if ( current_function == NULL ) if ( dispatch_function >= base && dispatch_function <= end )
continue;
if ( current_function >= base && current_function <= end )
{ {
DEBUG_LOG( "THIS ADDRESS IS INSIDE ITS REGIUON :)" ); DEBUG_LOG( "THIS ADDRESS IS INSIDE ITS REGIUON :)" );
continue; return;
} }
DEBUG_ERROR( "Driver with invalid IOCTL dispatch routine found" ); DEBUG_ERROR( "Driver with invalid IOCTL dispatch routine found" );
*Flag = FALSE; *Flag = FALSE;
} }
}
VOID InitDriverList( VOID InitDriverList(
_In_ PINVALID_DRIVERS_HEAD ListHead _In_ PINVALID_DRIVERS_HEAD ListHead