From b4fc3f223c5ef68a7beaf115dcf12f36907e2727 Mon Sep 17 00:00:00 2001 From: lhodges1 Date: Sun, 27 Aug 2023 05:25:57 +1000 Subject: [PATCH] bed time c: --- driver/pool.c | 45 ++++++++++++++++++++++++++------------------- 1 file changed, 26 insertions(+), 19 deletions(-) diff --git a/driver/pool.c b/driver/pool.c index fd0e8b8..fb98c78 100644 --- a/driver/pool.c +++ b/driver/pool.c @@ -58,7 +58,7 @@ VOID ScanPageForProcessAllocations( if ( !PageBase || !PageSize ) return; - for ( INT offset = 0; offset < PageSize; offset++ ) + for ( INT offset = 0; offset <= PageSize - length; offset++ ) { for ( INT sig_index = 0; sig_index < length; sig_index++ ) { @@ -68,29 +68,36 @@ VOID ScanPageForProcessAllocations( break; } - //CHAR current_char = *( PCHAR )( PageBase + offset + sig_index ); - //CHAR current_sig_byte = process[ sig_index ]; + CHAR current_char = *( PCHAR )( PageBase + offset + sig_index ); + CHAR current_sig_byte = process[ sig_index ]; - //if ( current_char != current_sig_byte ) + if ( current_char != current_sig_byte ) + { + found = FALSE; + break; + } + } + + if ( found ) + { + PPOOL_HEADER pool_header = PageBase + offset - POOL_TAG_SIZE; + + DEBUG_LOG( "Maybe found: %llx", ( UINT64 )pool_header ); + + ULONG test = ( ULONG )pool_header; + + if ( test & POOL_FLAG_NON_PAGED ) + { + DEBUG_LOG( "maybe found pool with non paged pool" ); + } + + //if ( pool_header->PoolType & POOL_FLAG_NON_PAGED && + // pool_header->PoolTag == 0x636f7250 ) //{ - // found = FALSE; + // DEBUG_LOG( "FOUND POOL at: %llx", ( UINT64 )pool_header ); // break; //} } - - //if ( found ) - //{ - // PPOOL_HEADER pool_header = PageBase + offset - POOL_TAG_SIZE; - - // DEBUG_LOG( "Maybe found: %llx", ( UINT64 )pool_header ); - - // if ( pool_header->PoolType & POOL_FLAG_NON_PAGED && - // pool_header->PoolTag == 0x636f7250 ) - // { - // DEBUG_LOG( "FOUND POOL at: %llx", ( UINT64 )pool_header ); - // break; - // } - //} } }