noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

erer

Browse source
This commit is contained in:
lhodges1 2023-09-07 17:21:00 +10:00
parent 67d240b20d
commit 4a0bdc262f
8 changed files with 38 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
driver/integrity.c
View file

@ -952,15 +952,14 @@ NTSTATUS ValidateProcessLoadedModule(
&bytes_written
);
KeUnstackDetachProcess( &apc_state );
if ( !NT_SUCCESS( status ) )
{
DEBUG_ERROR( "StoreModuleExecutableRegionsInBuffer failed with status %x", status );
KeUnstackDetachProcess( &apc_state );
goto end;
}
KeUnstackDetachProcess( &apc_state );
status = ComputeHashOfBuffer(
in_memory_buffer,
bytes_written,

10
driver/ioctl.c
View file

@ -115,10 +115,10 @@ NTSTATUS DeviceControl(
goto end;
}
//status = InitiateDriverCallbacks();
status = InitiateDriverCallbacks();
//if ( !NT_SUCCESS( status ) )
// DEBUG_ERROR( "InitiateDriverCallbacks failed with status %x", status );
if ( !NT_SUCCESS( status ) )
DEBUG_ERROR( "InitiateDriverCallbacks failed with status %x", status );
break;
@ -207,7 +207,7 @@ NTSTATUS DeviceControl(
case IOCTL_NOTIFY_DRIVER_ON_PROCESS_TERMINATION:
ClearProcessConfigOnProcessTermination();
//UnregisterCallbacksOnProcessTermination();
UnregisterCallbacksOnProcessTermination();
break;
@ -270,7 +270,7 @@ NTSTATUS DeviceClose(
FreeGlobalReportQueueObjects();
ClearProcessConfigOnProcessTermination();
//UnregisterCallbacksOnProcessTermination();
UnregisterCallbacksOnProcessTermination();
IoCompleteRequest( Irp, IO_NO_INCREMENT );
return Irp->IoStatus.Status;

33
server/Message.cs
View file

@ -17,6 +17,7 @@ namespace server
private int _bufferSize;
private int _messageType;
private ILogger _logger;
private PACKET_HEADER _header;
private enum MESSAGE_TYPE
{
@ -25,14 +26,15 @@ namespace server
MESSAGE_TYPE_RECEIVE = 3
}
struct PACKET_HEADER
public struct PACKET_HEADER
{
int messageType;
}
public int message_type;
public Int64 steam64_id;
};
struct REPORT_PACKET_HEADER
{
int reportId;
public int reportId;
}
public Message(byte[] buffer, int bufferSize, ILogger logger)
@ -40,15 +42,18 @@ namespace server
_buffer = buffer;
_bufferSize = bufferSize;
_logger = logger;
_header = this.GetMessageHeader();
this.GetMessageType();
_logger.Information("Message type: {0}", _messageType);
_logger.Information("SteamID: {0}, Message type: {1}",
_header.steam64_id,
_header.message_type
);
switch (_messageType)
{
case (int)MESSAGE_TYPE.MESSAGE_TYPE_REPORT:
this.HandleReportMessage(this.GetReportType());
int reportId = GetReportType().reportId;
this.HandleReportMessage(reportId);
break;
default:
_logger.Information("This message type is not accepted at the moment.");
@ -56,21 +61,21 @@ namespace server
}
}
private void GetMessageType()
private PACKET_HEADER GetMessageHeader()
{
_messageType = BitConverter.ToInt32(_buffer, 0);
return Helper.BytesToStructure<PACKET_HEADER>(ref _buffer, 0);
}
private int GetReportType()
unsafe private REPORT_PACKET_HEADER GetReportType()
{
return BitConverter.ToInt32(_buffer, sizeof(int));
return Helper.BytesToStructure<REPORT_PACKET_HEADER>(ref _buffer, sizeof(REPORT_PACKET_HEADER));
}
private void HandleReportMessage(int reportId)
unsafe private void HandleReportMessage(int reportId)
{
_logger.Information("Report id: {0}", reportId);
var openHandleFailure = Helper.BytesToStructure<Types.Reports.OPEN_HANDLE_FAILURE_REPORT>(ref _buffer, sizeof(int));
var openHandleFailure = Helper.BytesToStructure<Types.Reports.OPEN_HANDLE_FAILURE_REPORT>(ref _buffer, sizeof(PACKET_HEADER));
_logger.Information("Report code: {0}, Process Name: {4} ProcessID: {1:x}, ThreadId: {2:x}, DesiredAccess{3:x}",
openHandleFailure.ReportCode,

7
server/Server.cs
View file

@ -41,8 +41,13 @@ namespace server
_bufferSize = _stream.Read(_buffer, 0, MAX_BUFFER_SIZE);
Message message = new Message(_buffer, _bufferSize, _logger);
ThreadPool.QueueUserWorkItem(DispatchMessage);
}
}
private void DispatchMessage(Object? stateInfo)
{
Message message = new Message(_buffer, _bufferSize, _logger);
}
}
}

1
service/Worker.cs
View file

@ -33,6 +33,7 @@ namespace service
struct PIPE_PACKET_HEADER
{
int message_type;
Int64 steam64_id;
};
public Worker(ILogger<Worker> logger)

3
user/client.cpp
View file

@ -4,6 +4,8 @@
#include <cmath>
#define TEST_STEAM_64_ID 123456789;
global::Client::Client( std::shared_ptr<global::ThreadPool> ThreadPool, LPTSTR PipeName )
{
this->thread_pool = ThreadPool;
@ -27,6 +29,7 @@ void global::Client::ServerSend(PVOID Buffer, SIZE_T Size, INT RequestId)
global::headers::PIPE_PACKET_HEADER header;
header.message_type = SERVER_SEND_PACKET_ID;
header.steam64_id = TEST_STEAM_64_ID;
memcpy( this->send_buffer, &header, sizeof( global::headers::PIPE_PACKET_HEADER ) );
LONG total_size_of_headers = sizeof( global::headers::PIPE_PACKET_HEADER ) + sizeof( global::headers::PIPE_PACKET_SEND_EXTENSION_HEADER );

3
user/main.cpp
View file

@ -30,10 +30,9 @@ DWORD WINAPI Init(HINSTANCE hinstDLL)
while ( !GetAsyncKeyState( VK_DELETE ) )
{
kmanager.PerformIntegrityCheck();
kmanager.MonitorCallbackReports();
std::this_thread::sleep_for( std::chrono::milliseconds( 5000 ) );
kmanager.ValidateProcessModules();
}
fclose( stdout );

1
user/pipe.h
View file

@ -26,6 +26,7 @@ namespace global
struct PIPE_PACKET_HEADER
{
INT message_type;
UINT64 steam64_id;
};
struct PIPE_PACKET_REQUEST_EXTENSION_HEADER