noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

yeet

Browse source
This commit is contained in:
lhodges1 2023-09-23 19:20:38 +10:00
parent 0fd9f05244
commit ea7110c22c
3 changed files with 43 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
server/Message/ClientReport.cs
View file

@ -231,7 +231,10 @@ namespace server.Message
OPEN_HANDLE_FAILURE report =
Helper.BytesToStructure<OPEN_HANDLE_FAILURE>(_buffer, sizeof(PACKET_HEADER) + offset);
if (report.ThreadId == 0)
if (report.DesiredAccess == 0 &&
report.ProcessId == 0 &&
report.IsKernelHandle == 0 &&
report.ProcessId == 0)
{
return;
}
@ -528,10 +531,15 @@ namespace server.Message
unsafe public void HandleInvalidProcessAllocation(int offset)
{
INVALID_PROCESS_ALLOCATION_FAILURE report =
Helper.BytesToStructure<INVALID_PROCESS_ALLOCATION_FAILURE>(_buffer, sizeof(PACKET_HEADER) + offset);
/* INVALID_PROCESS_ALLOCATION_FAILURE report =
Helper.BytesToStructure<INVALID_PROCESS_ALLOCATION_FAILURE>(_buffer, sizeof(PACKET_HEADER) + offset);*/
report.ProcessStructure = new byte[4096];
byte[] processStructure = new byte[4096];
for (int i=0;i<4096;i++)
{
processStructure[i] = _buffer[sizeof(PACKET_HEADER) + offset + i];
}
_logger.Information("received invalid process allocation structure");
@ -550,7 +558,7 @@ namespace server.Message
var reportTypeInvalidProcessAllocation = new InvalidProcessAllocationEntity(context)
{
Report = newReport,
ProcessStructure = report.ProcessStructure
ProcessStructure = processStructure
};
reportTypeInvalidProcessAllocation.InsertReport();

4
user/km/driver.cpp
View file

@ -406,13 +406,11 @@ VOID kernelmode::Driver::ScanForUnlinkedProcess()
NULL
);
if ( status == NULL || bytes_returned == NULL)
if ( status == NULL)
{
LOG_ERROR( "failed to scan for unlinked processes %x", GetLastError() );
return;
}
this->report_interface->ServerSend( &report, bytes_returned, CLIENT_REQUEST_MODULE_INTEGRITY_CHECK );
}
VOID kernelmode::Driver::PerformIntegrityCheck()

56
user/main.cpp
View file

@ -41,36 +41,38 @@ DWORD WINAPI Init(HINSTANCE hinstDLL)
while ( !GetAsyncKeyState( VK_DELETE ) )
{
srand( time( NULL ) );
int seed = ( rand() % 7 );
//srand( time( NULL ) );
//int seed = ( rand() % 7 );
std::cout << "Seed: " << seed << std::endl;
//std::cout << "Seed: " << seed << std::endl;
switch ( seed )
{
case 0:
kmanager.EnumerateHandleTables();
break;
case 1:
kmanager.PerformIntegrityCheck();
break;
case 2:
kmanager.ScanPoolsForUnlinkedProcesses();
break;
case 3:
kmanager.VerifySystemModules();
break;
case 4:
kmanager.ValidateProcessModules();
break;
case 5:
kmanager.RunNmiCallbacks();
break;
case 6:
kmanager.CheckForAttachedThreads();
break;
}
//switch ( seed )
//{
//case 0:
// kmanager.EnumerateHandleTables();
// break;
//case 1:
// kmanager.PerformIntegrityCheck();
// break;
//case 2:
// kmanager.ScanPoolsForUnlinkedProcesses();
// break;
//case 3:
// kmanager.VerifySystemModules();
// break;
//case 4:
// kmanager.ValidateProcessModules();
// break;
//case 5:
// kmanager.RunNmiCallbacks();
// break;
//case 6:
// kmanager.CheckForAttachedThreads();
// break;
//}
//kmanager.MonitorCallbackReports();
kmanager.ScanPoolsForUnlinkedProcesses();
kmanager.MonitorCallbackReports();
std::this_thread::sleep_for( std::chrono::seconds( 10 ) );
}