mirror of
https://github.com/donnaskiez/ac.git
synced 2024-11-21 22:24:08 +01:00
lil refactor c:
This commit is contained in:
lhodges1
parent
b4e8b7b576
commit
b2bed7dde8
7 changed files with 520 additions and 449 deletions
|
|
@ -1 +1,7 @@
|
|||
# ac
|
||||
# ac
|
||||
|
||||
some things to note:
|
||||
|
||||
- open source anticheat (oxymoron)
|
||||
- currently only tested on 10 19045 and since offsets are currently hardcoded u may experience technical difficulties. This will be fixed in the future when i either finish the debuglib or just use a pdb parser or maybe another method ;)
|
||||
- as a passion project i am really only implementing methods which i find enjoyable to either research or build which is why you see a lack of hooks and other such. Maybe in the future c:
|
||||
|
|
@ -206,7 +206,7 @@ ObPreOpCallbackRoutine(
|
|||
LPCSTR process_creator_name;
|
||||
LPCSTR target_process_name;
|
||||
LPCSTR protected_process_name;
|
||||
PCALLBACK_CONFIGURATION configuration = NULL;
|
||||
POB_CALLBACKS_CONFIG configuration = NULL;
|
||||
|
||||
/*
|
||||
* This is to prevent the condition where the thread executing this function is scheduled whilst we
|
||||
|
|
|
|||
906
driver/driver.c
906
driver/driver.c
File diff suppressed because it is too large
Load diff
|
|
@ -26,14 +26,15 @@ typedef struct _SYSTEM_INFORMATION
|
|||
|
||||
}SYSTEM_INFORMATION, * PSYSTEM_INFORMATION;
|
||||
|
||||
typedef struct _CALLBACKS_CONFIGURATION
|
||||
typedef struct _OB_CALLBACKS_CONFIG
|
||||
{
|
||||
PVOID registration_handle;
|
||||
KGUARDED_MUTEX lock;
|
||||
|
||||
}CALLBACK_CONFIGURATION, * PCALLBACK_CONFIGURATION;
|
||||
}OB_CALLBACKS_CONFIG, * POB_CALLBACKS_CONFIG;
|
||||
|
||||
NTSTATUS InitialiseProcessConfigOnProcessLaunch(
|
||||
NTSTATUS
|
||||
ProcLoadInitialiseProcessConfig(
|
||||
_In_ PIRP Irp
|
||||
);
|
||||
|
||||
|
|
@ -91,28 +92,20 @@ QueryActiveApcContextsForCompletion(
|
|||
);
|
||||
|
||||
VOID
|
||||
TerminateProtectedProcessOnViolation(
|
||||
|
||||
);
|
||||
|
||||
VOID
|
||||
ClearProcessConfigOnProcessTermination(
|
||||
|
||||
);
|
||||
TerminateProtectedProcessOnViolation();
|
||||
|
||||
NTSTATUS
|
||||
EnableCallbackRoutinesOnProcessRun(
|
||||
|
||||
);
|
||||
ProcLoadEnableObCallbacks();
|
||||
|
||||
VOID
|
||||
UnregisterCallbacksOnProcessTermination(
|
||||
ProcCloseDisableObCallbacks();
|
||||
|
||||
);
|
||||
VOID
|
||||
ProcCloseClearProcessConfiguration();
|
||||
|
||||
VOID
|
||||
GetCallbackConfigStructure(
|
||||
_Out_ PCALLBACK_CONFIGURATION* CallbackConfiguration
|
||||
_Out_ POB_CALLBACKS_CONFIG* CallbackConfiguration
|
||||
);
|
||||
|
||||
VOID
|
||||
|
|
|
|||
|
|
@ -81,20 +81,18 @@ DeviceControl(
|
|||
NTSTATUS status = STATUS_SUCCESS;
|
||||
PIO_STACK_LOCATION stack_location = IoGetCurrentIrpStackLocation(Irp);
|
||||
HANDLE handle;
|
||||
PKTHREAD thread;
|
||||
PKTHREAD thread = NULL;
|
||||
BOOLEAN security_flag = FALSE;
|
||||
|
||||
/*
|
||||
* The purpose of this is to prevent programs from opening a handle to our driver
|
||||
* and trying to fuzz the IOCTL access or codes. This definitely isnt a perfect
|
||||
* solution though... xD
|
||||
* LMAO
|
||||
*/
|
||||
ReadProcessInitialisedConfigFlag(&security_flag);
|
||||
|
||||
if (security_flag == FALSE &&
|
||||
stack_location->Parameters.DeviceIoControl.IoControlCode != IOCTL_NOTIFY_DRIVER_ON_PROCESS_LAUNCH)
|
||||
{
|
||||
status = STATUS_ABANDONED;
|
||||
status = STATUS_ACCESS_DENIED;
|
||||
goto end;
|
||||
}
|
||||
|
||||
|
|
@ -169,7 +167,7 @@ DeviceControl(
|
|||
|
||||
case IOCTL_NOTIFY_DRIVER_ON_PROCESS_LAUNCH:;
|
||||
|
||||
status = InitialiseProcessConfigOnProcessLaunch(Irp);
|
||||
status = ProcLoadInitialiseProcessConfig(Irp);
|
||||
|
||||
if (!NT_SUCCESS(status))
|
||||
{
|
||||
|
|
@ -177,7 +175,7 @@ DeviceControl(
|
|||
goto end;
|
||||
}
|
||||
|
||||
status = EnableCallbackRoutinesOnProcessRun();
|
||||
status = ProcLoadEnableObCallbacks();
|
||||
|
||||
if (!NT_SUCCESS(status))
|
||||
DEBUG_ERROR("InitiateDriverCallbacks failed with status %x", status);
|
||||
|
|
@ -274,8 +272,8 @@ DeviceControl(
|
|||
|
||||
case IOCTL_NOTIFY_DRIVER_ON_PROCESS_TERMINATION:
|
||||
|
||||
ClearProcessConfigOnProcessTermination();
|
||||
UnregisterCallbacksOnProcessTermination();
|
||||
ProcCloseClearProcessConfiguration();
|
||||
ProcCloseDisableObCallbacks();
|
||||
|
||||
break;
|
||||
|
||||
|
|
@ -388,8 +386,8 @@ DeviceClose(
|
|||
|
||||
/* we also lose reports here, so sohuld pass em into the irp before freeing */
|
||||
FreeGlobalReportQueueObjects();
|
||||
ClearProcessConfigOnProcessTermination();
|
||||
UnregisterCallbacksOnProcessTermination();
|
||||
ProcCloseClearProcessConfiguration();
|
||||
ProcCloseDisableObCallbacks();
|
||||
|
||||
IoCompleteRequest(Irp, IO_NO_INCREMENT);
|
||||
return Irp->IoStatus.Status;
|
||||
|
|
|
|||
|
|
@ -1287,7 +1287,10 @@ ValidateThreadViaKernelApcCallback(
|
|||
if (*misc_flags >> KTHREAD_MISC_FLAGS_APC_QUEUEABLE == FALSE)
|
||||
FlipKThreadMiscFlagsFlag(ThreadListEntry->thread, KTHREAD_MISC_FLAGS_APC_QUEUEABLE, TRUE);
|
||||
|
||||
/* force thread into an alertable state */
|
||||
/*
|
||||
* force thread into an alertable state, noting that this does not guarantee that our APC will be
|
||||
* run.
|
||||
*/
|
||||
if (*misc_flags >> KTHREAD_MISC_FLAGS_ALERTABLE == FALSE)
|
||||
FlipKThreadMiscFlagsFlag(ThreadListEntry->thread, KTHREAD_MISC_FLAGS_ALERTABLE, TRUE);
|
||||
|
||||
|
|
|
|||
|
|
@ -74,7 +74,6 @@ ValidateKPCRBThreads(
|
|||
_Inout_ PIRP Irp
|
||||
)
|
||||
{
|
||||
NTSTATUS status;
|
||||
UINT64 kpcr;
|
||||
UINT64 kprcb;
|
||||
KAFFINITY old_affinity = { 0 };
|
||||
|
|
|
|||
Loading…
Reference in a new issue