noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

c:

Browse source
This commit is contained in:
lhodges1 2023-09-13 20:25:32 +10:00
parent 142ced5845
commit ab26f0cf92
5 changed files with 21 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
driver/callbacks.c
View file

@ -360,7 +360,7 @@ NTSTATUS EnumerateProcessHandles(
*/
VOID EnumerateProcessListWithCallbackFunction(
_In_ PVOID Function,
_In_ PVOID Context
_In_opt_ PVOID Context
)
{
UINT64 current_process;

2
driver/callbacks.h
View file

@ -75,7 +75,7 @@ OB_PREOP_CALLBACK_STATUS ObPreOpCallbackRoutine(
VOID EnumerateProcessListWithCallbackFunction(
_In_ PVOID Function,
_In_ PVOID Context
_In_opt_ PVOID Context
);
NTSTATUS EnumerateProcessHandles(

10
driver/modules.c
View file

@ -765,7 +765,6 @@ NTSTATUS LaunchNonMaskableInterrupt(
KeInitializeAffinityEx( ProcAffinityPool );
KeAddProcessorAffinityEx( ProcAffinityPool, core );
DEBUG_LOG( "Sending NMI" );
HalSendNMI( ProcAffinityPool );
/*
@ -834,9 +833,14 @@ NTSTATUS HandleNmiIOCTL(
DEBUG_ERROR( "Error analysing nmi data" );
ExFreePoolWithTag( system_modules.address, SYSTEM_MODULES_POOL );
ExFreePoolWithTag( nmi_context.stack_frames, STACK_FRAMES_POOL );
ExFreePoolWithTag( nmi_context.thread_data_pool, THREAD_DATA_POOL );
ExFreePoolWithTag( nmi_context.nmi_core_context, NMI_CONTEXT_POOL );
if ( nmi_context.stack_frames )
ExFreePoolWithTag( nmi_context.stack_frames, STACK_FRAMES_POOL );
if (nmi_context.thread_data_pool )
ExFreePoolWithTag( nmi_context.thread_data_pool, THREAD_DATA_POOL );
KeDeregisterNmiCallback( callback_handle );
return status;

13
driver/pool.c
View file

@ -470,21 +470,28 @@ VOID WalkKernelPageTables(
VOID IncrementProcessCounter(
_In_ PEPROCESS Process,
_In_ PVOID Context
_Inout_opt_ PVOID Context
)
{
PPROCESS_SCAN_CONTEXT context = ( PPROCESS_SCAN_CONTEXT )Context;
if ( !context )
return;
context->process_count += 1;
}
VOID CheckIfProcessAllocationIsInProcessList(
_In_ PEPROCESS Process,
_In_ PVOID Context
_Inout_opt_ PVOID Context
)
{
PUINT64 allocation_address;
PPROCESS_SCAN_CONTEXT context = ( PPROCESS_SCAN_CONTEXT )Context;
if ( !context )
return;
for ( INT i = 0; i < context->process_count; i++ )
{
allocation_address = ( PUINT64 )context->process_buffer;
@ -531,7 +538,7 @@ NTSTATUS FindUnlinkedProcesses(
ExAllocatePool2( POOL_FLAG_NON_PAGED, context.process_count * 2 * sizeof( UINT64 ), PROCESS_ADDRESS_LIST_TAG );
if ( !context.process_buffer )
return STATUS_ABANDONED;
return STATUS_MEMORY_NOT_ALLOCATED;
WalkKernelPageTables( &context );

4
driver/thread.c
View file

@ -18,7 +18,7 @@ typedef struct _KPRCB_THREAD_VALIDATION_CTX
VOID KPRCBThreadValidationProcessCallback(
_In_ PEPROCESS Process,
_In_ PVOID Context
_Inout_ PVOID Context
)
{
NTSTATUS status;
@ -134,7 +134,7 @@ VOID DetectAttachedThreadsProcessCallback(
_In_ PVOID Context
)
{
UNREFERENCED_PARAMTER( Context );
UNREFERENCED_PARAMETER( Context );
NTSTATUS status;
PLIST_ENTRY thread_list_head;