noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

db structure stuff

Browse source
This commit is contained in:
lhodges1 2023-09-22 00:01:47 +10:00
parent 97eebc652c
commit 737b64e195
14 changed files with 291 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
server/Database/Entity/Report/IReportEntity.cs
View file

@ -6,6 +6,9 @@ using System.Threading.Tasks;
namespace server.Database.Entity.Report
{
/// <summary>
/// Implements the IReport interface
/// </summary>
public interface IReportEntity
{
/// <summary>

8
server/Database/Entity/Report/IllegalHandleOperation.cs → server/Database/Entity/Report/ReportEntity.cs
View file

@ -7,12 +7,12 @@ using System.Threading.Tasks;
namespace server.Database.Entity.Report
{
public class IllegalHandleOperationEntity : ReportIllegalHandleOperation, IReportEntity
public class ReportEntity : Model.Report
{
private readonly ModelContext _modelContext;
public UserEntity UserEntity { get; set; }
private UserEntity UserEntity { get; set; }
public IllegalHandleOperationEntity(ModelContext modelContext)
public ReportEntity(ModelContext modelContext)
{
UserEntity = new UserEntity(modelContext);
_modelContext = modelContext;
@ -20,7 +20,7 @@ namespace server.Database.Entity.Report
public void InsertReport()
{
_modelContext.ReportIllegalHandleOperation.Add(this);
_modelContext.Reports.Add(this);
}
}
}

25
server/Database/Entity/Report/Types/IllegalHandleOperationEntity.cs Normal file
View file

@ -0,0 +1,25 @@
using server.Database.Model;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace server.Database.Entity.Report.Types
{
public class ReportTypeIllegalHandleOperationEntity : ReportTypeIllegalHandleOperation, IReportEntity
{
private readonly ModelContext _modelContext;
public Report.ReportEntity ReportEntity { get; set; }
public ReportTypeIllegalHandleOperationEntity(ModelContext modelContext)
{
ReportEntity = new ReportEntity(modelContext);
_modelContext = modelContext;
}
public void InsertReport()
{
_modelContext.ReportTypeIllegalHandleOperation.Add(this);
}
}
}

12
server/Database/Entity/Report/Types/NmiCallbackEntity.cs Normal file
View file

@ -0,0 +1,12 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace server.Database.Entity.Report.Types
{
internal class NmiCallbackEntity
{
}
}

12
server/Database/Entity/Report/Types/PageProtectionEntity.cs Normal file
View file

@ -0,0 +1,12 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace server.Database.Entity.Report.Types
{
internal class PageProtectionEntity
{
}
}

12
server/Database/Entity/Report/Types/PatternScanEntity.cs Normal file
View file

@ -0,0 +1,12 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace server.Database.Entity.Report.Types
{
internal class PatternScanEntity
{
}
}

12
server/Database/Entity/Report/Types/StartAddressEntity.cs Normal file
View file

@ -0,0 +1,12 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace server.Database.Entity.Report.Types
{
internal class StartAddressEntity
{
}
}

12
server/Database/Entity/Report/Types/SystemModuleValidationEntity.cs Normal file
View file

@ -0,0 +1,12 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace server.Database.Entity.Report.Types
{
internal class SystemModuleValidationEntity
{
}
}

60
server/Database/Model/Model.cs
View file

@ -15,7 +15,7 @@ namespace server.Database.Model
public ulong Steam64Id { get; set; }
public bool IsBanned { get; set; }
public virtual ICollection<HardwareConfiguration> HardwareConfigurations { get; set; }
public virtual ICollection<ReportIllegalHandleOperation> ReportIllegalHandleOperations { get; set; }
public virtual ICollection<Report> Reports { get; set; }
}
public class HardwareConfiguration
@ -27,10 +27,23 @@ namespace server.Database.Model
public string MotherboardSerial { get; set; }
}
public class ReportIllegalHandleOperation
public class Report
{
public int ReportId { get; set; }
public virtual User User { get; set; }
public int ReportCode { get; set; }
public virtual ICollection<ReportTypeIllegalHandleOperation> ReportTypeIllegalHandleOperations { get; set; }
public virtual ICollection<ReportTypeStartAddress> ReportTypeStartAddresses { get; set; }
public virtual ICollection<ReportTypePageProtection> ReportTypePageProtections { get; set; }
public virtual ICollection<ReportTypePatternScan> ReportTypePatternScans { get; set; }
public virtual ICollection<ReportTypeNmiCallback> ReportTypeNmiCallbacks { get; set; }
public virtual ICollection<ReportTypeSystemModuleValidation> ReportTypeSystemModuleValidations { get; set; }
}
public class ReportTypeIllegalHandleOperation
{
public int ReportNumber { get; set; }
public virtual Report Report { get; set; }
public int IsKernelHandle { get; set; }
public uint ProcessId { get; set; }
public uint ThreadId { get; set; }
@ -38,5 +51,48 @@ namespace server.Database.Model
public string ProcessName { get; set; }
}
public class ReportTypeStartAddress
{
public int ReportNumber { get; set; }
public virtual Report Report { get; set; }
public int ThreadId { get; set; }
public long ThreadStartAddress { get; set; }
}
public class ReportTypePageProtection
{
public virtual Report Report { get; set; }
public int ReportNumber { get; set; }
public ulong PageBaseAddress { get; set; }
public long AllocationProtection { get; set; }
public long AllocationState { get; set; }
public long AllocationType { get; set; }
}
public class ReportTypePatternScan
{
public virtual Report Report { get; set; }
public int ReportNumber { get; set; }
public int SignatureId { get; set; }
public ulong Address { get; set; }
}
public class ReportTypeNmiCallback
{
public virtual Report Report { get; set; }
public int ReportNumber { get; set; }
public int WereNmisDisabled { get; set; }
public ulong KThreadAddress { get; set; }
public ulong InvalidRip { get; set; }
}
public class ReportTypeSystemModuleValidation
{
public virtual Report Report { get; set; }
public int ReportNumber { get; set; }
public int ReportType { get; set; }
public long DriverBaseAddress { get; set; }
public long DriverSize { get; set; }
public string ModuleName { get; set; }
}
}

129
server/Database/Model/ModelContext.cs
View file

@ -1,8 +1,10 @@
using Microsoft.EntityFrameworkCore;
using Google.Protobuf.Reflection;
using Microsoft.EntityFrameworkCore;
using MySql.EntityFrameworkCore.Extensions;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Reflection.Emit;
using System.Text;
using System.Threading.Tasks;
@ -12,7 +14,13 @@ namespace server.Database.Model
{
public DbSet<User> Users { get; set; }
public DbSet<HardwareConfiguration> HardwareConfiguration { get; set; }
public DbSet<ReportIllegalHandleOperation> ReportIllegalHandleOperation { get; set; }
public DbSet<Report> Reports { get; set; }
public DbSet<ReportTypeIllegalHandleOperation> ReportTypeIllegalHandleOperation { get; set; }
public DbSet<ReportTypeStartAddress> ReportTypeStartAddress { get; set; }
public DbSet<ReportTypePageProtection> ReportTypePageProtection { get; set; }
public DbSet<ReportTypePatternScan> ReportTypePatternScan { get; set; }
public DbSet<ReportTypeNmiCallback> ReportTypeNmiCallback { get; set; }
public DbSet<ReportTypeSystemModuleValidation> ReportTypeSystemModuleValidation { get; set; }
protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
{
@ -57,13 +65,27 @@ namespace server.Database.Model
.WithMany(f => f.HardwareConfigurations);
});
modelBuilder.Entity<ReportIllegalHandleOperation>(entity =>
modelBuilder.Entity<Report>(entity =>
{
entity.HasKey(e => e.ReportId);
entity.Property(e => e.ReportId)
.UseMySQLAutoIncrementColumn(entity.Property(e => e.ReportId).Metadata.Name);
entity.HasOne(d => d.User)
.WithMany(e => e.Reports);
entity.Property(e => e.ReportCode)
.IsRequired();
});
modelBuilder.Entity<ReportTypeIllegalHandleOperation>(entity =>
{
entity.HasKey(e => e.ReportNumber);
entity.Property(e => e.ReportNumber)
.UseMySQLAutoIncrementColumn(entity.Property(e => e.ReportNumber).Metadata.Name);
entity.Property(e => e.IsKernelHandle)
.IsRequired();
@ -79,8 +101,105 @@ namespace server.Database.Model
entity.Property(e => e.ProcessName)
.IsRequired();
entity.HasOne(d => d.User)
.WithMany(f => f.ReportIllegalHandleOperations);
entity.HasOne(d => d.Report)
.WithMany(f => f.ReportTypeIllegalHandleOperations);
});
modelBuilder.Entity<ReportTypeStartAddress>(entity =>
{
entity.HasKey(e => e.ReportNumber);
entity.Property(e => e.ReportNumber)
.UseMySQLAutoIncrementColumn(entity.Property(e => e.ReportNumber).Metadata.Name);
entity.Property(e => e.ThreadId)
.IsRequired();
entity.Property(e => e.ThreadStartAddress)
.IsRequired();
entity.HasOne(d => d.Report)
.WithMany(f => f.ReportTypeStartAddresses);
});
modelBuilder.Entity<ReportTypePageProtection>(entity =>
{
entity.HasKey(e => e.ReportNumber);
entity.Property(e => e.ReportNumber)
.UseMySQLAutoIncrementColumn(entity.Property(e => e.ReportNumber).Metadata.Name);
entity.Property(e => e.AllocationProtection)
.IsRequired();
entity.Property(e => e.AllocationState)
.IsRequired();
entity.Property(e => e.AllocationType)
.IsRequired();
entity.HasOne(d => d.Report)
.WithMany(f => f.ReportTypePageProtections);
});
modelBuilder.Entity<ReportTypePatternScan>(entity =>
{
entity.HasKey(e => e.ReportNumber);
entity.Property(e => e.ReportNumber)
.UseMySQLAutoIncrementColumn(entity.Property(e => e.ReportNumber).Metadata.Name);
entity.Property(e => e.SignatureId)
.IsRequired();
entity.Property(e => e.Address)
.IsRequired();
entity.HasOne(d => d.Report)
.WithMany(f => f.ReportTypePatternScans);
});
modelBuilder.Entity<ReportTypeNmiCallback>(entity =>
{
entity.HasKey(e => e.ReportNumber);
entity.Property(e => e.ReportNumber)
.UseMySQLAutoIncrementColumn(entity.Property(e => e.ReportNumber).Metadata.Name);
entity.Property(e => e.WereNmisDisabled)
.IsRequired();
entity.Property(e => e.KThreadAddress)
.IsRequired();
entity.Property(e => e.InvalidRip)
.IsRequired();
entity.HasOne(d => d.Report)
.WithMany(f => f.ReportTypeNmiCallbacks);
});
modelBuilder.Entity<ReportTypeSystemModuleValidation>(entity =>
{
entity.HasKey(e => e.ReportNumber);
entity.Property(e => e.ReportNumber)
.UseMySQLAutoIncrementColumn(entity.Property(e => e.ReportNumber).Metadata.Name);
entity.Property(e => e.ReportType)
.IsRequired();
entity.Property(e => e.DriverBaseAddress)
.IsRequired();
entity.Property(e => e.DriverSize)
.IsRequired();
entity.Property(e => e.ModuleName)
.IsRequired();
entity.HasOne(d => d.Report)
.WithMany(f => f.ReportTypeSystemModuleValidations);
});
}
}

18
server/Message/ClientReport.cs
View file

@ -1,6 +1,7 @@
using Serilog;
using server.Database.Entity;
using server.Database.Entity.Report;
using server.Database.Entity.Report.Types;
using server.Database.Model;
using server.Types.ClientReport;
using System;
@ -24,7 +25,7 @@ namespace server.Message
private enum CLIENT_SEND_REPORT_ID
{
MODULE_VERIFICATION = 10,
PROCESS_MODULE_VERIFICATION = 10,
START_ADDRESS_VERIFICATION = 20,
PAGE_PROTECTION_VERIFICATION = 30,
PATTERN_SCAN_FAILURE = 40,
@ -82,7 +83,7 @@ namespace server.Message
switch (this._clientReportPacketHeader.reportCode)
{
case (int)CLIENT_SEND_REPORT_ID.MODULE_VERIFICATION:
case (int)CLIENT_SEND_REPORT_ID.PROCESS_MODULE_VERIFICATION:
_logger.Information("REPORT CODE: MODULE_VERIFICATION");
break;
case (int)CLIENT_SEND_REPORT_ID.START_ADDRESS_VERIFICATION:
@ -140,9 +141,17 @@ namespace server.Message
*/
UserEntity user = new UserEntity(context);
var newReport = new IllegalHandleOperationEntity(context)
var newReport = new ReportEntity(context)
{
User = user.GetUserBySteamId(this._packetHeader.steam64_id),
ReportCode = (int)CLIENT_SEND_REPORT_ID.ILLEGAL_HANDLE_OPERATION
};
newReport.InsertReport();
var reportTypeIllegalHandleOperation = new ReportTypeIllegalHandleOperationEntity(context)
{
Report = newReport,
IsKernelHandle = report.IsKernelHandle,
ProcessId = report.ProcessId,
ThreadId = report.ThreadId,
@ -150,7 +159,8 @@ namespace server.Message
ProcessName = report.ProcessName
};
newReport.InsertReport();
reportTypeIllegalHandleOperation.InsertReport();
context.SaveChanges();
}
}

2
user/client.h
View file

@ -15,7 +15,7 @@
#define MODULE_VALIDATION_FAILURE_MAX_REPORT_COUNT 20
#define REPORT_CODE_MODULE_VERIFICATION 10
#define REPORT_CODE_PROCESS_MODULE_VERIFICATION 10
#define REPORT_CODE_START_ADDRESS_VERIFICATION 20
#define REPORT_PAGE_PROTECTION_VERIFICATION 30
#define REPORT_PATTERN_SCAN_FAILURE 40

2
user/km/driver.cpp
View file

@ -592,7 +592,7 @@ VOID kernelmode::Driver::VerifyProcessLoadedModuleExecutableRegions()
{
/*TODO: copy module aswell from an anomaly offset */
global::report_structures::PROCESS_MODULES_INTEGRITY_CHECK_FAILURE report;
report.report_code = REPORT_CODE_MODULE_VERIFICATION;
report.report_code = REPORT_CODE_PROCESS_MODULE_VERIFICATION;
report.module_base_address = (UINT64)module_entry.modBaseAddr;
report.module_size = module_entry.modBaseSize;
std::wstring wstr( module_entry.szModule );

2
user/main.cpp
View file

@ -41,7 +41,7 @@ DWORD WINAPI Init(HINSTANCE hinstDLL)
while ( !GetAsyncKeyState( VK_DELETE ) )
{
kmanager.ScanPoolsForUnlinkedProcesses();
kmanager.MonitorCallbackReports();
//srand( time( NULL ) );
//int seed = ( rand() % 6 );