noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

eee

Browse source
This commit is contained in:
lhodges1 2023-08-20 18:21:20 +10:00
parent 0cbc214383
commit 78246338df
1 changed files with 7 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
user/km/driver.cpp
View file

@ -67,8 +67,6 @@ void kernelmode::Driver::VerifySystemModules()
PVOID buffer; PVOID buffer;
SIZE_T buffer_size; SIZE_T buffer_size;
SIZE_T header_size; SIZE_T header_size;
global::report_structures::MODULE_VALIDATION_FAILURE_HEADER header;
global::report_structures::MODULE_VALIDATION_FAILURE report;
/* /*
* allocate enough to report 5 invalid driver objects + header. The reason we use a raw * allocate enough to report 5 invalid driver objects + header. The reason we use a raw
@ -116,28 +114,17 @@ void kernelmode::Driver::VerifySystemModules()
* if I am being honest it is just easier in c++ and that way the process * if I am being honest it is just easier in c++ and that way the process
* is streamlined just like all other report packets. * is streamlined just like all other report packets.
*/ */
memcpy( &header, buffer, sizeof( header_size ) ); global::report_structures::MODULE_VALIDATION_FAILURE_HEADER* header =
( global::report_structures::MODULE_VALIDATION_FAILURE_HEADER* )buffer;
LOG_INFO( "module report count: %lx", header.module_count ); for ( int i = 0; i < header->module_count; i++ )
UINT64 base = ( UINT64 )buffer + sizeof( header_size );
for ( int i = 0; i < header.module_count; i++ )
{ {
memcpy( global::report_structures::MODULE_VALIDATION_FAILURE* report =
&report, ( global::report_structures::MODULE_VALIDATION_FAILURE* )(
PVOID( base + i * sizeof( global::report_structures::MODULE_VALIDATION_FAILURE ) ), ( UINT64 )buffer + sizeof( global::report_structures::MODULE_VALIDATION_FAILURE_HEADER ) +
sizeof( global::report_structures::MODULE_VALIDATION_FAILURE ) i * sizeof( global::report_structures::MODULE_VALIDATION_FAILURE ) );
);
std::cout << report.report_code << " " << report.report_type << " "
<< report.driver_base_address << " " << report.driver_size << " "
<< report.driver_name << std::endl;
this->report_interface->ReportViolation( &report ); this->report_interface->ReportViolation( &report );
/* sanity clear just in case ;) */
RtlZeroMemory( &report, sizeof( global::report_structures::MODULE_VALIDATION_FAILURE ) );
} }
free( buffer ); free( buffer );