bed time c:

2024-11-21 22:24:08 +01:00 · 2023-08-27 05:25:57 +10:00 · 2023-08-27 05:25:57 +10:00 · b4fc3f223c
commit b4fc3f223c
parent 404902b952
1 changed files with 26 additions and 19 deletions
--- a/driver/pool.c
+++ b/driver/pool.c
@ -58,7 +58,7 @@ VOID ScanPageForProcessAllocations(
 	if ( !PageBase || !PageSize )
 		return;
-	for ( INT offset = 0; offset < PageSize; offset++ )
+	for ( INT offset = 0; offset <= PageSize - length; offset++ )
 	{
 		for ( INT sig_index = 0; sig_index < length; sig_index++ )
 		{
@ -68,21 +68,28 @@ VOID ScanPageForProcessAllocations(
 				break;
 			}
-			//CHAR current_char = *( PCHAR )( PageBase + offset + sig_index );
+			CHAR current_char = *( PCHAR )( PageBase + offset + sig_index );
-			//CHAR current_sig_byte = process[ sig_index ];
+			CHAR current_sig_byte = process[ sig_index ];
-			//if ( current_char != current_sig_byte )
+			if ( current_char != current_sig_byte )
-			//{
+			{
-			//	found = FALSE;
+				found = FALSE;
-			//	break;
+				break;
-			//}
+			}
 		}
-		//if ( found )
+		if ( found )
-		//{
+		{
-		//	PPOOL_HEADER pool_header = PageBase + offset - POOL_TAG_SIZE;
+			PPOOL_HEADER pool_header = PageBase + offset - POOL_TAG_SIZE;
-		//	DEBUG_LOG( "Maybe found: %llx", ( UINT64 )pool_header );
+			DEBUG_LOG( "Maybe found: %llx", ( UINT64 )pool_header );
 			ULONG test = ( ULONG )pool_header;
 			if ( test & POOL_FLAG_NON_PAGED )
 			{
 				DEBUG_LOG( "maybe found pool with non paged pool" );
 			}
 			//if ( pool_header->PoolType & POOL_FLAG_NON_PAGED &&
 			//	pool_header->PoolTag == 0x636f7250 )
@ -90,7 +97,7 @@ VOID ScanPageForProcessAllocations(
 			//	DEBUG_LOG( "FOUND POOL at: %llx", ( UINT64 )pool_header );
 			//	break;
 			//}
-		//}
+		}
 	}
 }