noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

small fix

Browse source
This commit is contained in:
donnaskiez 2024-05-06 17:08:39 +10:00
parent 08beb2e036
commit d655cfc5c9
4 changed files with 33 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
driver/callbacks.c
View file

@ -495,7 +495,8 @@ ProcessCreateNotifyRoutine(_In_ HANDLE ParentId,
* Notify to our driver that we can hash x86 modules, and hash * Notify to our driver that we can hash x86 modules, and hash
* any x86 modules that werent hashed. * any x86 modules that werent hashed.
*/ */
if (!strcmp(process_name, "winlogon.exe")) { if (!strcmp(process_name, "winlogon.exe") &&
!driver_list->deferred_complete) {
driver_list->can_hash_x86 = TRUE; driver_list->can_hash_x86 = TRUE;
IoQueueWorkItem(driver_list->deferred_work_item, IoQueueWorkItem(driver_list->deferred_work_item,
DeferredModuleHashingCallback, DeferredModuleHashingCallback,
@ -669,34 +670,34 @@ ObPreOpCallbackRoutine(_In_ PVOID RegistrationContext,
!strcmp(process_creator_name, "explorer.exe")) !strcmp(process_creator_name, "explorer.exe"))
goto end; goto end;
POPEN_HANDLE_FAILURE_REPORT report = POPEN_HANDLE_FAILURE_REPORT report =
ImpExAllocatePool2(POOL_FLAG_NON_PAGED, ImpExAllocatePool2(POOL_FLAG_NON_PAGED,
sizeof(OPEN_HANDLE_FAILURE_REPORT), sizeof(OPEN_HANDLE_FAILURE_REPORT),
REPORT_POOL_TAG); REPORT_POOL_TAG);
if (!report) if (!report)
goto end; goto end;
INIT_PACKET_HEADER(&report->header, PACKET_TYPE_REPORT); INIT_PACKET_HEADER(&report->header, PACKET_TYPE_REPORT);
INIT_REPORT_HEADER(&report->report_header, INIT_REPORT_HEADER(
REPORT_ILLEGAL_HANDLE_OPERATION, 0); &report->report_header, REPORT_ILLEGAL_HANDLE_OPERATION, 0);
DEBUG_INFO("packet type: %hx", report->header.packet_type); DEBUG_INFO("packet type: %hx", report->header.packet_type);
DEBUG_INFO("report code: %lx", report->report_header.report_code); DEBUG_INFO("report code: %lx", report->report_header.report_code);
DEBUG_INFO("report subcode: %lx", report->report_header.report_sub_type); DEBUG_INFO("report subcode: %lx",
report->report_header.report_sub_type);
report->is_kernel_handle = OperationInformation->KernelHandle; report->is_kernel_handle = OperationInformation->KernelHandle;
report->process_id = process_creator_id; report->process_id = process_creator_id;
report->thread_id = ImpPsGetCurrentThreadId(); report->thread_id = ImpPsGetCurrentThreadId();
report->access = report->access = OperationInformation->Parameters
OperationInformation->Parameters->CreateHandleInformation.DesiredAccess; ->CreateHandleInformation.DesiredAccess;
RtlCopyMemory(report->process_name, RtlCopyMemory(report->process_name,
process_creator_name, process_creator_name,
HANDLE_REPORT_PROCESS_NAME_MAX_LENGTH); HANDLE_REPORT_PROCESS_NAME_MAX_LENGTH);
IrpQueueCompletePacket(report, IrpQueueCompletePacket(report, sizeof(OPEN_HANDLE_FAILURE_REPORT));
sizeof(OPEN_HANDLE_FAILURE_REPORT));
} }
end: end:
@ -870,8 +871,8 @@ EnumHandleCallback(_In_ PHANDLE_TABLE HandleTable,
process_name, process_name,
HANDLE_REPORT_PROCESS_NAME_MAX_LENGTH); HANDLE_REPORT_PROCESS_NAME_MAX_LENGTH);
if (!NT_SUCCESS( if (!NT_SUCCESS(IrpQueueCompletePacket(
IrpQueueCompletePacket(report, sizeof(OPEN_HANDLE_FAILURE_REPORT)))) { report, sizeof(OPEN_HANDLE_FAILURE_REPORT)))) {
DEBUG_ERROR("IrpQueueCompleteIrp failed with no status."); DEBUG_ERROR("IrpQueueCompleteIrp failed with no status.");
goto end; goto end;
} }

1
driver/common.h
View file

@ -82,6 +82,7 @@ typedef struct _DRIVER_LIST_HEAD {
/* modules that need to be hashed later. */ /* modules that need to be hashed later. */
PIO_WORKITEM deferred_work_item; PIO_WORKITEM deferred_work_item;
LIST_ENTRY deferred_list; LIST_ENTRY deferred_list;
volatile BOOLEAN deferred_complete;
volatile LONG can_hash_x86; volatile LONG can_hash_x86;
} DRIVER_LIST_HEAD, *PDRIVER_LIST_HEAD; } DRIVER_LIST_HEAD, *PDRIVER_LIST_HEAD;

5
driver/integrity.c
View file

@ -1451,6 +1451,7 @@ DeferredModuleHashingCallback()
PLIST_ENTRY list_entry = NULL; PLIST_ENTRY list_entry = NULL;
PDRIVER_LIST_ENTRY entry = NULL; PDRIVER_LIST_ENTRY entry = NULL;
driver_list->deferred_complete = TRUE;
list_entry = RemoveHeadList(deferred_head); list_entry = RemoveHeadList(deferred_head);
if (list_entry == deferred_head) if (list_entry == deferred_head)
@ -2094,7 +2095,7 @@ SetHeartbeatActive(_Inout_ PHEARTBEAT_CONFIGURATION Configuration)
FORCEINLINE FORCEINLINE
STATIC STATIC
VOID VOID
SetheartbeatInactive(_Inout_ PHEARTBEAT_CONFIGURATION Configuration) SetHeartbeatInactive(_Inout_ PHEARTBEAT_CONFIGURATION Configuration)
{ {
InterlockedDecrement(&Configuration->active); InterlockedDecrement(&Configuration->active);
} }
@ -2133,7 +2134,7 @@ HeartbeatWorkItem(_In_ PDEVICE_OBJECT DeviceObject, _In_opt_ PVOID Context)
} }
InitialiseHeartbeatObjects(config); InitialiseHeartbeatObjects(config);
SetheartbeatInactive(config); SetHeartbeatInactive(config);
} }
FORCEINLINE FORCEINLINE

6
driver/io.c
View file

@ -1164,10 +1164,10 @@ DeviceCreate(_In_ PDEVICE_OBJECT DeviceObject, _Inout_ PIRP Irp)
UNREFERENCED_PARAMETER(DeviceObject); UNREFERENCED_PARAMETER(DeviceObject);
DEBUG_INFO("Handle to driver opened."); DEBUG_INFO("Handle to driver opened.");
NTSTATUS status = ValidatePciDevices(); //NTSTATUS status = ValidatePciDevices();
if (!NT_SUCCESS(status)) //if (!NT_SUCCESS(status))
DEBUG_ERROR("ValidatePciDevices failed with status %x", status); // DEBUG_ERROR("ValidatePciDevices failed with status %x", status);
IoCompleteRequest(Irp, IO_NO_INCREMENT); IoCompleteRequest(Irp, IO_NO_INCREMENT);
return Irp->IoStatus.Status; return Irp->IoStatus.Status;