mirror of
https://github.com/donnaskiez/ac.git
synced 2024-11-21 22:24:08 +01:00
e c:
This commit is contained in:
lhodges1
parent
40180d030a
commit
abfce7ddf7
7 changed files with 47 additions and 35 deletions
|
|
@ -84,7 +84,6 @@ VOID GetPsActiveProcessHead(
|
|||
_In_ PUINT64 Address
|
||||
)
|
||||
{
|
||||
/* TODO: have a global debugger pool here since shit aint really change */
|
||||
PKDDEBUGGER_DATA64 debugger_data = GetGlobalDebuggerData();
|
||||
|
||||
if ( !debugger_data )
|
||||
|
|
@ -192,6 +191,9 @@ VOID ScanPageForKernelObjectAllocation(
|
|||
|
||||
address_list = ( PUINT64 )AddressBuffer;
|
||||
|
||||
/*
|
||||
* Find the first free entry in the process address list and store the address.
|
||||
*/
|
||||
for ( INT i = 0; i < process_count; i++ )
|
||||
{
|
||||
if ( address_list[ i ] == NULL )
|
||||
|
|
|
|||
|
|
@ -37,4 +37,6 @@ namespace server.Database.Model
|
|||
public uint DesiredAccess { get; set; }
|
||||
public string ProcessName { get; set; }
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
@ -24,16 +24,16 @@ namespace server.Message
|
|||
|
||||
private enum CLIENT_SEND_REPORT_ID
|
||||
{
|
||||
REPORT_CODE_MODULE_VERIFICATION = 10,
|
||||
REPORT_CODE_START_ADDRESS_VERIFICATION = 20,
|
||||
REPORT_PAGE_PROTECTION_VERIFICATION = 30,
|
||||
REPORT_PATTERN_SCAN_FAILURE = 40,
|
||||
REPORT_NMI_CALLBACK_FAILURE = 50,
|
||||
REPORT_MODULE_VALIDATION_FAILURE = 60,
|
||||
REPORT_ILLEGAL_HANDLE_OPERATION = 70,
|
||||
REPORT_INVALID_PROCESS_ALLOCATION = 80,
|
||||
REPORT_HIDDEN_SYSTEM_THREAD = 90,
|
||||
REPORT_ILLEGAL_ATTACH_PROCESS = 100
|
||||
MODULE_VERIFICATION = 10,
|
||||
START_ADDRESS_VERIFICATION = 20,
|
||||
PAGE_PROTECTION_VERIFICATION = 30,
|
||||
PATTERN_SCAN_FAILURE = 40,
|
||||
NMI_CALLBACK_FAILURE = 50,
|
||||
MODULE_VALIDATION_FAILURE = 60,
|
||||
ILLEGAL_HANDLE_OPERATION = 70,
|
||||
INVALID_PROCESS_ALLOCATION = 80,
|
||||
HIDDEN_SYSTEM_THREAD = 90,
|
||||
ILLEGAL_ATTACH_PROCESS = 100
|
||||
}
|
||||
|
||||
private struct CLIENT_REPORT_PACKET_HEADER
|
||||
|
|
@ -82,34 +82,34 @@ namespace server.Message
|
|||
|
||||
switch (this._clientReportPacketHeader.reportCode)
|
||||
{
|
||||
case (int)CLIENT_SEND_REPORT_ID.REPORT_CODE_MODULE_VERIFICATION:
|
||||
_logger.Information("REPORT_CODE_MODULE_VERIFICATION");
|
||||
case (int)CLIENT_SEND_REPORT_ID.MODULE_VERIFICATION:
|
||||
_logger.Information("REPORT CODE: MODULE_VERIFICATION");
|
||||
break;
|
||||
case (int)CLIENT_SEND_REPORT_ID.REPORT_CODE_START_ADDRESS_VERIFICATION:
|
||||
case (int)CLIENT_SEND_REPORT_ID.START_ADDRESS_VERIFICATION:
|
||||
_logger.Information("REPORT_CODE_START_ADDRESS_VERIFICATION");
|
||||
break;
|
||||
case (int)CLIENT_SEND_REPORT_ID.REPORT_PAGE_PROTECTION_VERIFICATION:
|
||||
case (int)CLIENT_SEND_REPORT_ID.PAGE_PROTECTION_VERIFICATION:
|
||||
_logger.Information("REPORT_PAGE_PROTECTION_VERIFICATION");
|
||||
break;
|
||||
case (int)CLIENT_SEND_REPORT_ID.REPORT_PATTERN_SCAN_FAILURE:
|
||||
case (int)CLIENT_SEND_REPORT_ID.PATTERN_SCAN_FAILURE:
|
||||
_logger.Information("REPORT_PATTERN_SCAN_FAILURE");
|
||||
break;
|
||||
case (int)CLIENT_SEND_REPORT_ID.REPORT_NMI_CALLBACK_FAILURE:
|
||||
case (int)CLIENT_SEND_REPORT_ID.NMI_CALLBACK_FAILURE:
|
||||
_logger.Information("REPORT_NMI_CALLBACK_FAILURE");
|
||||
break;
|
||||
case (int)CLIENT_SEND_REPORT_ID.REPORT_MODULE_VALIDATION_FAILURE:
|
||||
case (int)CLIENT_SEND_REPORT_ID.MODULE_VALIDATION_FAILURE:
|
||||
_logger.Information("REPORT_MODULE_VALIDATION_FAILURE");
|
||||
break;
|
||||
case (int)CLIENT_SEND_REPORT_ID.REPORT_ILLEGAL_HANDLE_OPERATION:
|
||||
case (int)CLIENT_SEND_REPORT_ID.ILLEGAL_HANDLE_OPERATION:
|
||||
HandleReportIllegalHandleOperation();
|
||||
break;
|
||||
case (int)CLIENT_SEND_REPORT_ID.REPORT_INVALID_PROCESS_ALLOCATION:
|
||||
case (int)CLIENT_SEND_REPORT_ID.INVALID_PROCESS_ALLOCATION:
|
||||
_logger.Information("REPORT_INVALID_PROCESS_ALLOCATION");
|
||||
break;
|
||||
case (int)CLIENT_SEND_REPORT_ID.REPORT_HIDDEN_SYSTEM_THREAD:
|
||||
case (int)CLIENT_SEND_REPORT_ID.HIDDEN_SYSTEM_THREAD:
|
||||
_logger.Information("REPORT_HIDDEN_SYSTEM_THREAD");
|
||||
break;
|
||||
case (int)CLIENT_SEND_REPORT_ID.REPORT_ILLEGAL_ATTACH_PROCESS:
|
||||
case (int)CLIENT_SEND_REPORT_ID.ILLEGAL_ATTACH_PROCESS:
|
||||
_logger.Information("REPORT_ILLEGAL_ATTACH_PROCESS");
|
||||
break;
|
||||
default:
|
||||
|
|
|
|||
|
|
@ -103,11 +103,15 @@ namespace server.Message
|
|||
* 2. Next we check if the hardware is banned. We don't care if the hardware doesn't exist
|
||||
* at this point because if it doesn't exist it can't be banned.
|
||||
* - If the hardware is banned, return a cannot proceed packet.
|
||||
* 3. Then we check if the users hardware already exists in the database, and the foreign
|
||||
* 3. Here, we use the method GetUserBySteamId get either get the existing user from the database
|
||||
* or the newly created user. We then set the User property of the HardwareConfigurationEntity
|
||||
* - This prevents the bug where a new user was always being added with an existing
|
||||
* user existing with the same steam id.
|
||||
* 4. Then we check if the users hardware already exists in the database, and the foreign
|
||||
* UserId references the user by checking if the Steam64Id matches.
|
||||
* - If a hardware configuration already exists, we send a response packet
|
||||
* allowing the client to continue.
|
||||
* 4. If we make it to here, the user is new and the hardware is not banned, so we then create
|
||||
* 5. If we make it to here, the user is new and the hardware is not banned, so we then create
|
||||
* a new user and a new hardware configuration and insert it into the database and then
|
||||
* return a packet notifying the client can continue.
|
||||
*/
|
||||
|
|
@ -153,8 +157,10 @@ namespace server.Message
|
|||
return;
|
||||
}
|
||||
|
||||
_logger.Information("Users hardware does not existing, inserting hardware.");
|
||||
hardwareConfiguration.InsertHardwareConfiguration();
|
||||
SetResponsePacketData(1, sendPacketHeader.RequestId, 0);
|
||||
|
||||
context.SaveChanges();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -40,11 +40,9 @@ void global::Pipe::WriteToPipe( PVOID Buffer, SIZE_T Size )
|
|||
LOG_ERROR( "WriteFile failed with status code 0x%x", GetLastError() );
|
||||
return;
|
||||
}
|
||||
|
||||
LOG_INFO( "Sent bytes over pipe" );
|
||||
}
|
||||
|
||||
void global::Pipe::ReadPipe(PVOID Buffer, SIZE_T Size)
|
||||
void global::Pipe::ReadPipe( PVOID Buffer, SIZE_T Size )
|
||||
{
|
||||
BOOL status = FALSE;
|
||||
DWORD bytes_read;
|
||||
|
|
@ -57,5 +55,9 @@ void global::Pipe::ReadPipe(PVOID Buffer, SIZE_T Size)
|
|||
NULL
|
||||
);
|
||||
|
||||
LOG_INFO( "Bytes read: %d", bytes_read );
|
||||
if ( status == NULL )
|
||||
{
|
||||
LOG_ERROR( "ReadFile failed with status code 0x%x", GetLastError() );
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,12 +11,12 @@
|
|||
|
||||
const static char MASK_BYTE = '\x00';
|
||||
|
||||
usermode::Process::Process( std::shared_ptr<global::Client> ReportInterface )
|
||||
usermode::Process::Process( std::shared_ptr<global::Client> ClientInterface )
|
||||
{
|
||||
this->process_handle = GetCurrentProcess();
|
||||
this->process_id = GetCurrentProcessId();
|
||||
this->function_imports = std::make_unique<Imports>();
|
||||
this->report_interface = ReportInterface;
|
||||
this->client_interface = ClientInterface;
|
||||
}
|
||||
|
||||
void usermode::Process::ValidateProcessThreads()
|
||||
|
|
@ -81,7 +81,7 @@ void usermode::Process::ValidateProcessThreads()
|
|||
report.report_code = REPORT_CODE_START_ADDRESS_VERIFICATION;
|
||||
report.start_address = start_address;
|
||||
report.thread_id = thread_entry.th32ThreadID;
|
||||
this->report_interface->ReportViolation( &report );
|
||||
this->client_interface->ReportViolation( &report );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -275,7 +275,7 @@ void usermode::Process::PatternScanRegion( UINT64 Address, MEMORY_BASIC_INFORMAT
|
|||
report.report_code = REPORT_PATTERN_SCAN_FAILURE;
|
||||
report.address = (UINT64)base + i;
|
||||
report.signature_id = 1; /* this will be taken from the vector in future */
|
||||
this->report_interface->ReportViolation( &report );
|
||||
this->client_interface->ReportViolation( &report );
|
||||
|
||||
/*
|
||||
* for now return, however when we stream the signatures we iterate over
|
||||
|
|
@ -312,6 +312,6 @@ void usermode::Process::CheckPageProtection( MEMORY_BASIC_INFORMATION* Page )
|
|||
report.allocation_protection = Page->AllocationProtect;
|
||||
report.allocation_state = Page->State;
|
||||
report.allocation_type = Page->Type;
|
||||
this->report_interface->ReportViolation( &report );
|
||||
this->client_interface->ReportViolation( &report );
|
||||
}
|
||||
}
|
||||
|
|
@ -28,7 +28,7 @@ namespace usermode
|
|||
std::mutex mutex;
|
||||
std::unique_ptr<Imports> function_imports;
|
||||
std::vector<DWORD> in_memory_module_checksums;
|
||||
std::shared_ptr<global::Client> report_interface;
|
||||
std::shared_ptr<global::Client> client_interface;
|
||||
|
||||
HANDLE GetHandleToProcessGivenName( std::string ProcessName );
|
||||
bool CheckIfAddressLiesWithinValidProcessModule( UINT64 Address, bool* Result );
|
||||
|
|
@ -38,7 +38,7 @@ namespace usermode
|
|||
|
||||
public:
|
||||
|
||||
Process( std::shared_ptr<global::Client> ReportInterface );
|
||||
Process( std::shared_ptr<global::Client> ClientInterface );
|
||||
|
||||
void ValidateProcessThreads();
|
||||
void ScanProcessMemory();
|
||||
|
|
|
|||
Loading…
Reference in a new issue