mirror of
https://github.com/donnaskiez/ac.git
synced 2024-11-21 22:24:08 +01:00
fix up deferred module hasinig
This commit is contained in:
lhodges1
parent
6095470f12
commit
af1fa4f260
8 changed files with 58 additions and 92 deletions
|
|
@ -203,7 +203,13 @@ InitialiseDriverList()
|
|||
|
||||
InterlockedExchange(&list->active, TRUE);
|
||||
ListInit(&list->start, &list->lock);
|
||||
InitializeListHead(&list->deferred_unhashed_x86_modules);
|
||||
InitializeListHead(&list->deferred_list);
|
||||
|
||||
list->can_hash_x86 = FALSE;
|
||||
list->deferred_work_item = IoAllocateWorkItem(GetDriverDeviceObject());
|
||||
|
||||
if (!list->deferred_work_item)
|
||||
return STATUS_INSUFFICIENT_RESOURCES;
|
||||
|
||||
status = GetSystemModuleInformation(&modules);
|
||||
|
||||
|
|
@ -238,8 +244,7 @@ InitialiseDriverList()
|
|||
DEBUG_ERROR("32 bit module not hashed, will hash later. %x", status);
|
||||
entry->hashed = FALSE;
|
||||
entry->x86 = TRUE;
|
||||
InsertHeadList(&list->deferred_unhashed_x86_modules,
|
||||
&entry->deferred_entry);
|
||||
InsertHeadList(&list->deferred_list, &entry->deferred_entry);
|
||||
}
|
||||
else if (!NT_SUCCESS(status))
|
||||
{
|
||||
|
|
@ -463,23 +468,6 @@ unlock:
|
|||
ImpKeReleaseGuardedMutex(&list->lock);
|
||||
}
|
||||
|
||||
VOID
|
||||
Hashx86ModulesOnWinlogonLoad()
|
||||
{
|
||||
NTSTATUS status = STATUS_UNSUCCESSFUL;
|
||||
|
||||
status = Allocatex86HashingWorkItem();
|
||||
|
||||
if (!NT_SUCCESS(status))
|
||||
{
|
||||
DEBUG_ERROR("Allocatex86HashingWorkItem failed with status %x", status);
|
||||
return status;
|
||||
}
|
||||
|
||||
IoQueueWorkItem(
|
||||
Getx86HashingWorkItem(), HashDeferredx86ModuleDeferredRoutine, NormalWorkQueue, NULL);
|
||||
}
|
||||
|
||||
VOID
|
||||
ProcessCreateNotifyRoutine(_In_ HANDLE ParentId, _In_ HANDLE ProcessId, _In_ BOOLEAN Create)
|
||||
{
|
||||
|
|
@ -487,6 +475,7 @@ ProcessCreateNotifyRoutine(_In_ HANDLE ParentId, _In_ HANDLE ProcessId, _In_ BOO
|
|||
PKPROCESS parent = NULL;
|
||||
PKPROCESS process = NULL;
|
||||
PPROCESS_LIST_HEAD list = GetProcessList();
|
||||
PDRIVER_LIST_HEAD driver_list = GetDriverList();
|
||||
LPCSTR process_name = NULL;
|
||||
|
||||
if (!list->active)
|
||||
|
|
@ -522,8 +511,11 @@ ProcessCreateNotifyRoutine(_In_ HANDLE ParentId, _In_ HANDLE ProcessId, _In_ BOO
|
|||
if (!strcmp(process_name, "winlogon.exe"))
|
||||
{
|
||||
DEBUG_VERBOSE("Winlogon process has started");
|
||||
UpdateWinlogonProcessState(TRUE);
|
||||
Hashx86ModulesOnWinlogonLoad();
|
||||
driver_list->can_hash_x86 = TRUE;
|
||||
IoQueueWorkItem(driver_list->deferred_work_item,
|
||||
DeferredModuleHashingCallback,
|
||||
NormalWorkQueue,
|
||||
NULL);
|
||||
}
|
||||
}
|
||||
else
|
||||
|
|
|
|||
|
|
@ -74,7 +74,11 @@ typedef struct _DRIVER_LIST_HEAD
|
|||
volatile ULONG count;
|
||||
volatile BOOLEAN active;
|
||||
KGUARDED_MUTEX lock;
|
||||
LIST_ENTRY deferred_unhashed_x86_modules;
|
||||
|
||||
/* modules that need to be hashed later. */
|
||||
PIO_WORKITEM deferred_work_item;
|
||||
LIST_ENTRY deferred_list;
|
||||
volatile LONG can_hash_x86;
|
||||
|
||||
} DRIVER_LIST_HEAD, *PDRIVER_LIST_HEAD;
|
||||
|
||||
|
|
|
|||
|
|
@ -97,8 +97,6 @@ typedef struct _DRIVER_CONFIG
|
|||
PROCESS_LIST_HEAD process_list;
|
||||
SHARED_MAPPING mapping;
|
||||
BOOLEAN has_driver_loaded;
|
||||
BOOLEAN has_winlogon_started;
|
||||
PIO_WORKITEM x86_hash_workitem;
|
||||
|
||||
} DRIVER_CONFIG, *PDRIVER_CONFIG;
|
||||
|
||||
|
|
@ -117,32 +115,6 @@ PDRIVER_CONFIG g_DriverConfig = NULL;
|
|||
|
||||
#define POOL_TAG_CONFIG 'conf'
|
||||
|
||||
PIO_WORKITEM
|
||||
Getx86HashingWorkItem()
|
||||
{
|
||||
return g_DriverConfig->x86_hash_workitem;
|
||||
}
|
||||
|
||||
NTSTATUS
|
||||
Allocatex86HashingWorkItem()
|
||||
{
|
||||
g_DriverConfig->x86_hash_workitem = IoAllocateWorkItem(g_DriverConfig->device_object);
|
||||
return g_DriverConfig->x86_hash_workitem != NULL ? STATUS_SUCCESS
|
||||
: STATUS_INSUFFICIENT_RESOURCES;
|
||||
}
|
||||
|
||||
BOOLEAN
|
||||
HasWinlogonProcessStarted()
|
||||
{
|
||||
return g_DriverConfig->has_winlogon_started;
|
||||
}
|
||||
|
||||
VOID
|
||||
UpdateWinlogonProcessState(_In_ BOOLEAN NewValue)
|
||||
{
|
||||
g_DriverConfig->has_winlogon_started = NewValue;
|
||||
}
|
||||
|
||||
BOOLEAN
|
||||
HasDriverLoaded()
|
||||
{
|
||||
|
|
@ -916,7 +888,6 @@ DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath)
|
|||
}
|
||||
|
||||
g_DriverConfig->has_driver_loaded = TRUE;
|
||||
g_DriverConfig->has_winlogon_started = FALSE;
|
||||
|
||||
DEBUG_INFO("Driver Entry Complete.");
|
||||
return STATUS_SUCCESS;
|
||||
|
|
|
|||
|
|
@ -79,16 +79,4 @@ IsNmiInProgress();
|
|||
BOOLEAN
|
||||
HasDriverLoaded();
|
||||
|
||||
BOOLEAN
|
||||
HasWinlogonProcessStarted();
|
||||
|
||||
VOID
|
||||
UpdateWinlogonProcessState(_In_ BOOLEAN NewValue);
|
||||
|
||||
NTSTATUS
|
||||
Allocatex86HashingWorkItem();
|
||||
|
||||
PIO_WORKITEM
|
||||
Getx86HashingWorkItem();
|
||||
|
||||
#endif
|
||||
|
|
@ -1434,11 +1434,12 @@ StoreModuleExecutableRegionsx86(_In_ PRTL_MODULE_EXTENDED_INFO Module,
|
|||
}
|
||||
|
||||
VOID
|
||||
HashDeferredx86ModuleDeferredRoutine()
|
||||
DeferredModuleHashingCallback()
|
||||
{
|
||||
NTSTATUS status = STATUS_UNSUCCESSFUL;
|
||||
RTL_MODULE_EXTENDED_INFO module = {0};
|
||||
PLIST_ENTRY deferred_head = &GetDriverList()->deferred_unhashed_x86_modules;
|
||||
PDRIVER_LIST_HEAD driver_list = GetDriverList();
|
||||
PLIST_ENTRY deferred_head = &GetDriverList()->deferred_list;
|
||||
PLIST_ENTRY list_entry = NULL;
|
||||
PDRIVER_LIST_ENTRY entry = NULL;
|
||||
|
||||
|
|
@ -1447,29 +1448,31 @@ HashDeferredx86ModuleDeferredRoutine()
|
|||
if (list_entry == deferred_head)
|
||||
goto end;
|
||||
|
||||
entry = CONTAINING_RECORD(list_entry, DRIVER_LIST_ENTRY, deferred_entry);
|
||||
|
||||
while (list_entry != deferred_head)
|
||||
{
|
||||
entry = CONTAINING_RECORD(list_entry, DRIVER_LIST_ENTRY, deferred_entry);
|
||||
|
||||
DriverListEntryToExtendedModuleInfo(entry, &module);
|
||||
|
||||
DEBUG_VERBOSE("Hashing Deferred Module: %s", module.FullPathName);
|
||||
|
||||
status = HashModule(&module, &entry->text_hash);
|
||||
|
||||
if (!NT_SUCCESS(status))
|
||||
{
|
||||
DEBUG_ERROR("HashModule-x86 failed with status %x", status);
|
||||
return;
|
||||
entry->hashed = FALSE;
|
||||
list_entry = RemoveHeadList(deferred_head);
|
||||
continue;
|
||||
}
|
||||
|
||||
entry->hashed = TRUE;
|
||||
list_entry = RemoveHeadList(deferred_head);
|
||||
list_entry = RemoveHeadList(deferred_head);
|
||||
}
|
||||
|
||||
end:
|
||||
DEBUG_VERBOSE("All deferred x86 modules hashed.");
|
||||
ImpIoFreeWorkItem(Getx86HashingWorkItem());
|
||||
DEBUG_VERBOSE("All deferred modules hashed.");
|
||||
ImpIoFreeWorkItem(driver_list->deferred_work_item);
|
||||
}
|
||||
|
||||
NTSTATUS
|
||||
|
|
@ -1483,6 +1486,7 @@ HashModule(_In_ PRTL_MODULE_EXTENDED_INFO Module, _Out_ PVOID Hash)
|
|||
ULONG memory_hash_size = 0;
|
||||
PVAL_INTEGRITY_HEADER memory_buffer = NULL;
|
||||
ULONG memory_buffer_size = 0;
|
||||
PDRIVER_LIST_HEAD list = GetDriverList();
|
||||
|
||||
ImpRtlInitAnsiString(&ansi_string, Module->FullPathName);
|
||||
|
||||
|
|
@ -1512,12 +1516,12 @@ HashModule(_In_ PRTL_MODULE_EXTENDED_INFO Module, _Out_ PVOID Hash)
|
|||
* mark the module as not hashed and x86. We will then queue a work item to hash these
|
||||
* modules later once WinLogon has started.
|
||||
*/
|
||||
if (!ImpMmIsAddressValid(Module->ImageBase) && !HasWinlogonProcessStarted())
|
||||
if (!ImpMmIsAddressValid(Module->ImageBase) && !list->can_hash_x86)
|
||||
{
|
||||
status = STATUS_INVALID_IMAGE_WIN_32;
|
||||
goto end;
|
||||
}
|
||||
else if (!ImpMmIsAddressValid(Module->ImageBase) && HasWinlogonProcessStarted())
|
||||
else if (!ImpMmIsAddressValid(Module->ImageBase) && list->can_hash_x86)
|
||||
{
|
||||
/*
|
||||
* Once the WinLogon process has started, we can then hash new x86 modules.
|
||||
|
|
|
|||
|
|
@ -120,6 +120,6 @@ BOOLEAN
|
|||
ValidateOurDriversDispatchRoutines();
|
||||
|
||||
VOID
|
||||
HashDeferredx86ModuleDeferredRoutine();
|
||||
DeferredModuleHashingCallback();
|
||||
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -541,6 +541,7 @@ SharedMappingInitialise(_In_ PIRP Irp)
|
|||
|
||||
mapping = GetSharedMappingConfig();
|
||||
|
||||
/* TODO: need to copy these out */
|
||||
status = ValidateIrpOutputBuffer(Irp, sizeof(SHARED_MAPPING_INIT));
|
||||
|
||||
if (!NT_SUCCESS(status))
|
||||
|
|
@ -694,7 +695,7 @@ DeviceControl(_In_ PDEVICE_OBJECT DeviceObject, _Inout_ PIRP Irp)
|
|||
HANDLE handle = NULL;
|
||||
PKTHREAD thread = NULL;
|
||||
BOOLEAN security_flag = FALSE;
|
||||
|
||||
__debugbreak();
|
||||
/*
|
||||
* LMAO
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -5,27 +5,33 @@
|
|||
#include "client/message_queue.h"
|
||||
#include "dispatcher/dispatcher.h"
|
||||
|
||||
void module::run(HINSTANCE hinstDLL) {
|
||||
AllocConsole();
|
||||
FILE *file;
|
||||
freopen_s(&file, "CONOUT$", "w", stdout);
|
||||
freopen_s(&file, "CONIN$", "r", stdin);
|
||||
void
|
||||
module::run(HINSTANCE hinstDLL)
|
||||
{
|
||||
#if DEBUG
|
||||
AllocConsole();
|
||||
FILE* file;
|
||||
freopen_s(&file, "CONOUT$", "w", stdout);
|
||||
freopen_s(&file, "CONIN$", "r", stdin);
|
||||
#endif
|
||||
|
||||
LPTSTR pipe_name = (LPTSTR)L"\\\\.\\pipe\\DonnaACPipe";
|
||||
LPCWSTR driver_name = L"\\\\.\\DonnaAC";
|
||||
LPTSTR pipe_name = (LPTSTR)L"\\\\.\\pipe\\DonnaACPipe";
|
||||
LPCWSTR driver_name = L"\\\\.\\DonnaAC";
|
||||
|
||||
client::message_queue queue(pipe_name);
|
||||
dispatcher::dispatcher dispatch(driver_name, queue);
|
||||
dispatch.run();
|
||||
client::message_queue queue(pipe_name);
|
||||
dispatcher::dispatcher dispatch(driver_name, queue);
|
||||
dispatch.run();
|
||||
|
||||
fclose(stdout);
|
||||
fclose(stdin);
|
||||
FreeConsole();
|
||||
#if DEBUG
|
||||
fclose(stdout);
|
||||
fclose(stdin);
|
||||
FreeConsole();
|
||||
#endif
|
||||
|
||||
FreeLibraryAndExitThread(hinstDLL, 0);
|
||||
FreeLibraryAndExitThread(hinstDLL, 0);
|
||||
}
|
||||
|
||||
void module::terminate()
|
||||
void
|
||||
module::terminate()
|
||||
{
|
||||
|
||||
}
|
||||
Loading…
Reference in a new issue