noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

YESSS

Browse source
This commit is contained in:
lhodges1 2023-08-28 21:10:07 +10:00
parent 4c1a1b63aa
commit a5822fb5cf
1 changed files with 25 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
driver/pool.c
View file

@ -7,15 +7,28 @@
#include <intrin.h> #include <intrin.h>
#define POOL_TAG_LENGTH 4 #define POOL_TAG_LENGTH 4
#define EXECUTIVE_OBJECT_COUNT 8
CHAR PROCESS_POOL_TAG[ POOL_TAG_LENGTH ] = "\x50\x72\x6f\x63"; #define INDEX_PROCESS_POOL_TAG 0
CHAR THREAD_POOL_TAG[ POOL_TAG_LENGTH ] = "\x54\x68\x72\x64"; #define INDEX_THREAD_POOL_TAG 1
CHAR DESKTOP_POOL_TAG[ POOL_TAG_LENGTH ] = "\x44\x65\x73\x6B"; #define INDEX_DESKTOP_POOL_TAG 2
CHAR WINDOW_STATIONS_POOL_TAG[ POOL_TAG_LENGTH ] = "\x57\x69\x6E\x64"; #define INDEX_WINDOW_STATIONS_POOL_TAG 3
CHAR MUTANTS_POOL_TAG[ POOL_TAG_LENGTH ] = "\x4D\x75\x74\x65"; #define INDEX_MUTANTS_POOL_TAG 4
CHAR FILE_OBJECTS_POOL_TAG[ POOL_TAG_LENGTH ] = "\x46\x69\x6C\x65"; #define INDEX_FILE_OBJECTS_POOL_TAG 5
CHAR DRIVERS_POOL_TAG[ POOL_TAG_LENGTH ] = "\x44\x72\x69\x76"; #define INDEX_DRIVERS_POOL_TAG 6
CHAR SYMBOLIC_LINKS_POOL_TAG[ POOL_TAG_LENGTH ] = "\x4C\x69\x6E\x6B"; #define INDEX_SYMBOLIC_LINKS_POOL_TAG7
CHAR EXECUTIVE_OBJECT_POOL_TAGS[ EXECUTIVE_OBJECT_COUNT ][ POOL_TAG_LENGTH ] =
{
"\x50\x72\x6f\x63",
"\x54\x68\x72\x64",
"\x44\x65\x73\x6B",
"\x57\x69\x6E\x64",
"\x4D\x75\x74\x65",
"\x46\x69\x6C\x65",
"\x44\x72\x69\x76",
"\x4C\x69\x6E\x6B"
};
PVOID process_buffer = NULL; PVOID process_buffer = NULL;
ULONG process_count = NULL; ULONG process_count = NULL;
@ -97,7 +110,7 @@ end:
VOID ScanPageForKernelObjectAllocation( VOID ScanPageForKernelObjectAllocation(
_In_ UINT64 PageBase, _In_ UINT64 PageBase,
_In_ ULONG PageSize, _In_ ULONG PageSize,
_In_ LPCSTR ObjectTag, _In_ ULONG ObjectIndex,
_In_ PVOID AddressBuffer _In_ PVOID AddressBuffer
) )
{ {
@ -110,7 +123,7 @@ VOID ScanPageForKernelObjectAllocation(
PUINT64 address_list; PUINT64 address_list;
ULONG allocation_size; ULONG allocation_size;
if ( !PageBase || !PageSize || !ObjectTag) if ( !PageBase || !PageSize)
return; return;
for ( INT offset = 0; offset <= PageSize - POOL_TAG_LENGTH; offset++ ) for ( INT offset = 0; offset <= PageSize - POOL_TAG_LENGTH; offset++ )
@ -121,7 +134,7 @@ VOID ScanPageForKernelObjectAllocation(
break; break;
current_char = *( PCHAR )( PageBase + offset + sig_index ); current_char = *( PCHAR )( PageBase + offset + sig_index );
current_sig_byte = ObjectTag[ sig_index ]; current_sig_byte = EXECUTIVE_OBJECT_POOL_TAGS[ ObjectIndex ][ sig_index ];
if ( sig_index == POOL_TAG_LENGTH ) if ( sig_index == POOL_TAG_LENGTH )
{ {
@ -349,7 +362,7 @@ VOID WalkKernelPageTables(PVOID AddressBuffer)
ScanPageForKernelObjectAllocation( ScanPageForKernelObjectAllocation(
base_virtual_page, base_virtual_page,
PAGE_BASE_SIZE, PAGE_BASE_SIZE,
( LPCSTR )PROCESS_POOL_TAG, INDEX_PROCESS_POOL_TAG,
AddressBuffer AddressBuffer
); );
} }