noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

oh my fgosh we got it working

Browse source
This commit is contained in:
lhodges1 2023-08-20 19:17:03 +10:00
parent 78246338df
commit 9e6b71e5df
5 changed files with 10 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
driver/modules.c
View file

@ -433,7 +433,7 @@ NTSTATUS HandleValidateDriversIOCTL(
report.report_code = REPORT_MODULE_VALIDATION_FAILURE; report.report_code = REPORT_MODULE_VALIDATION_FAILURE;
report.report_type = head->first_entry->reason; report.report_type = head->first_entry->reason;
report.driver_base_address = head->first_entry->driver->DriverStart; report.driver_base_address = head->first_entry->driver->DriverStart;
report.driver_size = head->first_entry->driver->Size; report.driver_size = head->first_entry->driver->DriverSize;
ANSI_STRING string; ANSI_STRING string;
string.Length = 0; string.Length = 0;

12
service/Types.cs
View file

@ -1,6 +1,7 @@
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Linq; using System.Linq;
using System.Numerics;
using System.Runtime.InteropServices; using System.Runtime.InteropServices;
using System.Text; using System.Text;
using System.Threading.Tasks; using System.Threading.Tasks;
@ -53,18 +54,13 @@ namespace service
public UInt64 InvalidRip; public UInt64 InvalidRip;
} }
[StructLayout(LayoutKind.Explicit)] [StructLayout(LayoutKind.Sequential)]
public unsafe struct MODULE_VALIDATION_FAILURE public unsafe struct MODULE_VALIDATION_FAILURE
{ {
[FieldOffset(0)]
public int ReportCode; public int ReportCode;
[FieldOffset(0)]
public int ReportType; public int ReportType;
[FieldOffset(0)] public long DriverBaseAddress;
public UInt64 DriverBaseAddress; public long DriverSize;
[FieldOffset(0)]
public UInt64 DriverSize;
[FieldOffset(0)]
public fixed char ModuleName[128]; public fixed char ModuleName[128];
} }
} }

3
service/Worker.cs
View file

@ -161,8 +161,9 @@ namespace service
var kernelModuleFailure = BytesToStructure<MODULE_VALIDATION_FAILURE>(); var kernelModuleFailure = BytesToStructure<MODULE_VALIDATION_FAILURE>();
_logger.LogInformation("Report code: {0}, DriverBaseAddress: {1}, DriverSize: {2}", _logger.LogInformation("Report code: {0}, REportType: {1}, DriverBaseAddress: {2}, DriverSize: {3}",
kernelModuleFailure.ReportCode, kernelModuleFailure.ReportCode,
kernelModuleFailure.ReportType,
kernelModuleFailure.DriverBaseAddress, kernelModuleFailure.DriverBaseAddress,
kernelModuleFailure.DriverSize); kernelModuleFailure.DriverSize);

2
user/km/driver.cpp
View file

@ -124,7 +124,7 @@ void kernelmode::Driver::VerifySystemModules()
( UINT64 )buffer + sizeof( global::report_structures::MODULE_VALIDATION_FAILURE_HEADER ) + ( UINT64 )buffer + sizeof( global::report_structures::MODULE_VALIDATION_FAILURE_HEADER ) +
i * sizeof( global::report_structures::MODULE_VALIDATION_FAILURE ) ); i * sizeof( global::report_structures::MODULE_VALIDATION_FAILURE ) );
this->report_interface->ReportViolation( &report ); this->report_interface->ReportViolation( report );
} }
free( buffer ); free( buffer );

4
user/report.h
View file

@ -43,8 +43,8 @@ namespace global
header.message_type = REPORT_PACKET_ID; header.message_type = REPORT_PACKET_ID;
memcpy( this->buffer, &header, sizeof( global::headers::PIPE_PACKET_HEADER ) ); memcpy( this->buffer, &header, sizeof( global::headers::PIPE_PACKET_HEADER ) );
memcpy( this->buffer + sizeof( global::headers::PIPE_PACKET_HEADER ), Report, sizeof(T)); memcpy( PVOID( ( UINT64 )this->buffer + sizeof( global::headers::PIPE_PACKET_HEADER ) ), Report, sizeof( T ) );
this->client->WriteToPipe( buffer, sizeof(T) ); this->client->WriteToPipe( buffer, sizeof(T) + sizeof( global::headers::PIPE_PACKET_HEADER ) );
RtlZeroMemory( this->buffer, REPORT_BUFFER_SIZE ); RtlZeroMemory( this->buffer, REPORT_BUFFER_SIZE );
mutex.unlock(); mutex.unlock();