eee

2024-11-21 22:24:08 +01:00 · 2023-08-21 14:45:33 +10:00 · 2023-08-21 14:45:33 +10:00 · c0a1bd4f75
commit c0a1bd4f75
parent ced805cfba
6 changed files with 20 additions and 12 deletions
--- a/driver/callbacks.c
+++ b/driver/callbacks.c
@ -62,9 +62,8 @@ NTSTATUS HandlePeriodicCallbackReportQueue(
 	if ( report == NULL )
 	{
 		DEBUG_LOG( "callback report queue is empty, returning" );
-		KeReleaseGuardedMutex( &mutex );
+		Irp->IoStatus.Information = sizeof( OPEN_HANDLE_FAILURE_REPORT_HEADER );
-		Irp->IoStatus.Information = NULL;
+		goto end;
 		return STATUS_SUCCESS;
 	}
 	Irp->IoStatus.Information = sizeof( OPEN_HANDLE_FAILURE_REPORT ) * MAX_HANDLE_REPORTS_PER_IRP + 
--- a/driver/queue.c
+++ b/driver/queue.c
@ -62,7 +62,7 @@ PVOID QueuePop(
 	if ( temp == NULL )
 		goto end;
-	Head->entries -= 1;
+	Head->entries = Head->entries - 1;
 	data = temp->data;
 	Head->start = temp->next;
--- a/user/km/driver.cpp
+++ b/user/km/driver.cpp
@ -182,6 +182,9 @@ void kernelmode::Driver::QueryReportQueue()
 	if ( !header )
 		goto end;
 	if ( header->count == 0 )
 		goto end;
 	for ( int i = 0; i < header->count; i++ )
 	{
 		global::report_structures::OPEN_HANDLE_FAILURE_REPORT* report =
@ -198,6 +201,15 @@ end:
 	free( buffer );
 }
 void kernelmode::Driver::RunCallbackReportQueue()
 {
 	while ( true )
 	{
 		this->QueryReportQueue();
 		std::this_thread::sleep_for( std::chrono::seconds( 10 ) );
 	}
 }
 void kernelmode::Driver::NotifyDriverOnProcessLaunch()
 {
 	BOOLEAN status;
--- a/user/km/driver.h
+++ b/user/km/driver.h
@ -21,13 +21,15 @@ namespace kernelmode
 		HANDLE driver_handle;
 		LPCWSTR driver_name;
 		std::shared_ptr<global::Report> report_interface;
 		void QueryReportQueue();
 	public:
 		Driver(LPCWSTR DriverName, std::shared_ptr<global::Report> ReportInterface );
 		void RunNmiCallbacks();
 		void VerifySystemModules();
-		void QueryReportQueue();
+		void RunCallbackReportQueue();
 		void NotifyDriverOnProcessLaunch();
 		void CompleteQueuedCallbackReports();
 		void EnableProcessLoadNotifyCallbacks();
--- a/user/km/kmanager.cpp
+++ b/user/km/kmanager.cpp
@ -18,5 +18,5 @@ void kernelmode::KManager::VerifySystemModules()
 void kernelmode::KManager::MonitorCallbackReports()
 {
-	this->thread_pool->QueueJob( [ this ]() { this->driver_interface->QueryReportQueue(); } );
+	this->thread_pool->QueueJob( [ this ]() { this->driver_interface->RunCallbackReportQueue(); } );
 }
--- a/user/main.cpp
+++ b/user/main.cpp
@ -28,15 +28,10 @@ DWORD WINAPI Init(HINSTANCE hinstDLL)
    usermode::UManager umanager( thread_pool, report_interface );
    kernelmode::KManager kmanager( driver_name, thread_pool, report_interface);
    kmanager.MonitorCallbackReports();
    //kmanager.RunNmiCallbacks();
    //kmanager.VerifySystemModules();
    while ( true )
    {
        kmanager.MonitorCallbackReports();
        std::this_thread::sleep_for( std::chrono::seconds( 10 ) );
    }
    //umanager.ValidateProcessModules();
    //umanager.ValidateProcessMemory();