e

ac.sln

@@ -7,7 +7,7 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "user", "user\user.vcxproj",
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "driver", "driver\driver.vcxproj", "{0AE83EC6-DDEA-4EDE-B1B2-1B2AB1E8BB54}"
 EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "service", "service\service.csproj", "{6228E9DD-E1EA-45D8-8054-A00FC2D63414}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "service", "service\service.csproj", "{6228E9DD-E1EA-45D8-8054-A00FC2D63414}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution

driver/callbacks.c

@@ -133,13 +133,11 @@ OB_PREOP_CALLBACK_STATUS ObPreOpCallbackRoutine(
 	PEPROCESS target_process = ( PEPROCESS )OperationInformation->Object;
 	LONG target_process_id = PsGetProcessId( target_process );
 	LONG process_creator_id = PsGetProcessId( process_creator );
-	LONG protected_process_id;
-	LONG parent_process_id;
+	LONG protected_process_id = NULL;
 	LPCSTR process_creator_name;
 	LPCSTR target_process_name;
 
 	GetProtectedProcessId( &protected_process_id );
-	GetProtectedProcessParentId( &parent_process_id );
 
 	process_creator_name = PsGetProcessImageFileName( process_creator );
 	target_process_name = PsGetProcessImageFileName( target_process );
@@ -156,12 +154,6 @@ OB_PREOP_CALLBACK_STATUS ObPreOpCallbackRoutine(
 			DEBUG_LOG( "handles made by NOTEPAD r okay :)" );
 			/* handles created by the game (notepad) are okay */
 		}
-		/* NOTE: try allowing only 1 handle from the proc creator */
-		else if ( parent_process_id == process_creator_id )
-		{
-			/* Allow handles created by the protected process' creator i.e explorer, cmd etc. */
-			DEBUG_LOG( "Process creator: %s handles are fine for now...", process_creator_name );
-		}
 		else
 		{
 			OperationInformation->Parameters->CreateHandleInformation.DesiredAccess = deny_access;
@@ -189,51 +181,51 @@ end:
 	return OB_PREOP_SUCCESS;
 }
 
-VOID ProcessCreateNotifyRoutine(
-	_In_ HANDLE ParentId,
-	_In_ HANDLE ProcessId,
-	_In_ BOOLEAN Create
-)
-{
-	NTSTATUS status;
-	PEPROCESS parent_process;
-	PEPROCESS target_process;
-	LONG parent_process_id;
-	LONG target_process_id;
-	LPCSTR target_process_name = NULL;
-	LPCSTR parent_process_name = NULL;
-
-	status = PsLookupProcessByProcessId( ParentId, &parent_process );
-
-	if ( !NT_SUCCESS( status ) )
-		return;
-
-	status = PsLookupProcessByProcessId( ProcessId, &target_process );
-
-	if ( !NT_SUCCESS( status ) )
-		return;
-
-	parent_process_name = PsGetProcessImageFileName( parent_process );
-
-	if ( !parent_process_name )
-		return;
-
-	target_process_name = PsGetProcessImageFileName( target_process );
-
-	if ( !target_process_name )
-		return;
-
-	if ( !strcmp( target_process_name, "notepad.exe") )
-	{
-		parent_process_id = PsGetProcessId( parent_process );
-		UpdateProtectedProcessParentId( parent_process_id );
-
-		target_process_id = PsGetProcessId( target_process );
-		UpdateProtectedProcessId( target_process_id );
-
-		DEBUG_LOG( "Protected process parent proc id: %lx", parent_process_id );
-	}
-}
+//VOID ProcessCreateNotifyRoutine(
+//	_In_ HANDLE ParentId,
+//	_In_ HANDLE ProcessId,
+//	_In_ BOOLEAN Create
+//)
+//{
+//	NTSTATUS status;
+//	PEPROCESS parent_process;
+//	PEPROCESS target_process;
+//	LONG parent_process_id;
+//	LONG target_process_id;
+//	LPCSTR target_process_name = NULL;
+//	LPCSTR parent_process_name = NULL;
+//
+//	status = PsLookupProcessByProcessId( ParentId, &parent_process );
+//
+//	if ( !NT_SUCCESS( status ) )
+//		return;
+//
+//	status = PsLookupProcessByProcessId( ProcessId, &target_process );
+//
+//	if ( !NT_SUCCESS( status ) )
+//		return;
+//
+//	parent_process_name = PsGetProcessImageFileName( parent_process );
+//
+//	if ( !parent_process_name )
+//		return;
+//
+//	target_process_name = PsGetProcessImageFileName( target_process );
+//
+//	if ( !target_process_name )
+//		return;
+//
+//	if ( !strcmp( target_process_name, "notepad.exe") )
+//	{
+//		parent_process_id = PsGetProcessId( parent_process );
+//		UpdateProtectedProcessParentId( parent_process_id );
+//
+//		target_process_id = PsGetProcessId( target_process );
+//		UpdateProtectedProcessId( target_process_id );
+//
+//		DEBUG_LOG( "Protected process parent proc id: %lx", parent_process_id );
+//	}
+//}
 
 /* stolen from ReactOS xD */
 VOID NTAPI ExUnlockHandleTableEntry(
@@ -262,10 +254,10 @@ BOOLEAN EnumHandleCallback(
 	PVOID object_header;
 	POBJECT_TYPE object_type;
 	PEPROCESS process;
-	PEPROCESS protected_process;
+	PEPROCESS protected_process = NULL;
 	LPCSTR process_name;
 	LPCSTR protected_process_name;
-	LONG protected_process_id;
+	LONG protected_process_id = NULL;
 	ACCESS_MASK handle_access_mask;
 
 	object_header = GET_OBJECT_HEADER_FROM_HANDLE( Entry->ObjectPointerBits );
@@ -282,7 +274,7 @@ BOOLEAN EnumHandleCallback(
 		process_name = PsGetProcessImageFileName( process );
 
 		GetProtectedProcessId( &protected_process_id );
-		PsLookupProcessByProcessId( protected_process_id, &protected_process );
+		GetProtectedProcessEProcess( &protected_process );
 
 		protected_process_name = PsGetProcessImageFileName( protected_process );
 

driver/driver.c

@@ -11,55 +11,69 @@
 
 PVOID callback_registration_handle;
 
-LONG protected_process_id;
-LONG protected_process_parent_id;
-
-KGUARDED_MUTEX mutex;
+DRIVER_CONFIG config = { 0 };
 
 UNICODE_STRING DEVICE_NAME = RTL_CONSTANT_STRING( L"\\Device\\DonnaAC" );
 UNICODE_STRING DEVICE_SYMBOLIC_LINK = RTL_CONSTANT_STRING( L"\\??\\DonnaAC" );
 
-VOID UpdateProtectedProcessId( 
-	_In_ LONG NewProcessId 
+VOID GetProtectedProcessEProcess( 
+	_In_ PEPROCESS Process 
 )
 {
-	KeAcquireGuardedMutex( &mutex );
-	protected_process_id = NewProcessId;
-	KeReleaseGuardedMutex( &mutex );
+	KeAcquireGuardedMutex( &config.lock );
+	Process = config.protected_process_eprocess;
+	KeReleaseGuardedMutex( &config.lock );
 }
 
-VOID GetProtectedProcessId(
-	_Out_ PLONG ProcessId
+VOID GetProtectedProcessId( 
+	_In_ PLONG ProcessId 
 )
 {
-	KeAcquireGuardedMutex( &mutex );
-	*ProcessId = protected_process_id;
-	KeReleaseGuardedMutex( &mutex );
+	KeAcquireGuardedMutex( &config.lock );
+	*ProcessId = config.protected_process_id;
+	KeReleaseGuardedMutex( &config.lock );
 }
 
-VOID GetProtectedProcessParentId( 
-	_Out_ PLONG ProcessId 
+VOID ClearDriverConfigOnProcessTermination(
+	_In_ PIRP Irp
 )
 {
-	KeAcquireGuardedMutex( &mutex );
-	*ProcessId = protected_process_parent_id;
-	KeReleaseGuardedMutex( &mutex );
+	KeAcquireGuardedMutex( &config.lock );
+	config.protected_process_id = NULL;
+	config.protected_process_eprocess = NULL;
+	config.initialised = FALSE;
+	KeReleaseGuardedMutex( &config.lock );
 }
 
-VOID UpdateProtectedProcessParentId( 
-	_In_ LONG NewProcessId 
+NTSTATUS InitialiseDriverConfigOnProcessLaunch(
+	_In_ PIRP Irp
 )
 {
-	KeAcquireGuardedMutex( &mutex );
-	protected_process_parent_id = NewProcessId;
-	KeReleaseGuardedMutex( &mutex );
+	NTSTATUS status;
+	PDRIVER_INITIATION_INFORMATION information;
+	PEPROCESS eprocess;
+
+	information = ( PDRIVER_INITIATION_INFORMATION )Irp->AssociatedIrp.SystemBuffer;
+
+	status = PsLookupProcessByProcessId( information->protected_process_id, &eprocess );
+
+	if ( !NT_SUCCESS( status ) )
+		return status;
+
+	config.protected_process_eprocess = eprocess;
+	config.protected_process_id = information->protected_process_id;
+	config.initialised = TRUE;
+
+	Irp->IoStatus.Status = status;
+
+	return status;
 }
 
 VOID DriverUnload(
 	_In_ PDRIVER_OBJECT DriverObject
 )
 {
-	PsSetCreateProcessNotifyRoutine( ProcessCreateNotifyRoutine, TRUE );
+	//PsSetCreateProcessNotifyRoutine( ProcessCreateNotifyRoutine, TRUE );
 	ObUnRegisterCallbacks( callback_registration_handle );
 	FreeQueueObjectsAndCleanup();
 	IoDeleteSymbolicLink( &DEVICE_SYMBOLIC_LINK );
@@ -94,13 +108,13 @@ NTSTATUS InitiateDriverCallbacks()
 		return status;
 	}
 
-	status = PsSetCreateProcessNotifyRoutine(
-		ProcessCreateNotifyRoutine,
-		FALSE
-	);
+	//status = PsSetCreateProcessNotifyRoutine(
+	//	ProcessCreateNotifyRoutine,
+	//	FALSE
+	//);
 
-	if ( !NT_SUCCESS( status ) )
-		DEBUG_ERROR( "Failed to launch ps create notif routines with status %x", status );
+	//if ( !NT_SUCCESS( status ) )
+	//	DEBUG_ERROR( "Failed to launch ps create notif routines with status %x", status );
 
 	return status;
 }
@@ -114,7 +128,8 @@ NTSTATUS DriverEntry(
 
 	BOOLEAN flag = FALSE;
 	NTSTATUS status;
-	HANDLE handle;
+
+	KeInitializeGuardedMutex( &config.lock );
 
 	status = IoCreateDevice(
 		DriverObject,
@@ -146,8 +161,6 @@ NTSTATUS DriverEntry(
 	DriverObject->MajorFunction[ IRP_MJ_DEVICE_CONTROL ] = DeviceControl;
 	DriverObject->DriverUnload = DriverUnload;
 
-	KeInitializeGuardedMutex( &mutex );
-
 	InitCallbackReportQueue(&flag);
 
 	if ( !flag )
@@ -158,26 +171,6 @@ NTSTATUS DriverEntry(
 		return STATUS_FAILED_DRIVER_ENTRY;
 	}
 
-	status = PsCreateSystemThread(
-		&handle,
-		PROCESS_ALL_ACCESS,
-		NULL,
-		NULL,
-		NULL,
-		InitiateDriverCallbacks,
-		NULL
-	);
-
-	if ( !NT_SUCCESS( status ) )
-	{
-		DEBUG_ERROR( "failed to launch thread to start tings" );
-		IoDeleteSymbolicLink( &DEVICE_SYMBOLIC_LINK );
-		IoDeleteDevice( DriverObject->DeviceObject );
-		return STATUS_FAILED_DRIVER_ENTRY;
-	}
-
-	ZwClose( handle );
-
 	DEBUG_LOG( "DonnaAC Driver Entry Complete. type: %lx", DriverObject->DeviceObject->DeviceType );
 
 	return status;

driver/driver.h

@@ -5,20 +5,33 @@
 #include <wdftypes.h>
 #include <wdf.h>
 
-VOID UpdateProtectedProcessId(
-	_In_ LONG NewProcessId 
+typedef struct _DRIVER_CONFIG
+{
+	BOOLEAN initialised;
+	LONG protected_process_id;
+	PEPROCESS protected_process_eprocess;
+	KGUARDED_MUTEX lock;
+
+}DRIVER_CONFIG, *PDRIVER_CONFIG;
+
+NTSTATUS InitialiseDriverConfigOnProcessLaunch(
+	_In_ PIRP Irp
 );
 
+VOID GetProtectedProcessEProcess(
+	_In_ PEPROCESS Process
+);
+
+
 VOID GetProtectedProcessId(
-	_Out_ PLONG ProcessId
+	_In_ PLONG ProcessId
 );
 
-VOID GetProtectedProcessParentId(
-	_Out_ PLONG ProcessId
+
+VOID ClearDriverConfigOnProcessTermination(
+	_In_ PIRP Irp
 );
 
-VOID UpdateProtectedProcessParentId(
-	_In_ LONG NewProcessId
-);
+NTSTATUS InitiateDriverCallbacks();
 
 #endif

driver/ioctl.c

@@ -93,8 +93,19 @@ NTSTATUS DeviceControl(
 
 	case IOCTL_NOTIFY_DRIVER_ON_PROCESS_LAUNCH:;
 
-		PDRIVER_INITIATION_INFORMATION information = ( PDRIVER_INITIATION_INFORMATION )Irp->AssociatedIrp.SystemBuffer;
-		UpdateProtectedProcessId( information->protected_process_id );
+		status = InitialiseDriverConfigOnProcessLaunch(Irp);
+
+		if ( !NT_SUCCESS( status ) )
+		{
+			DEBUG_ERROR( "Failed to initialise driver config on proc launch with status %x", status );
+			goto end;
+		}
+
+		status = InitiateDriverCallbacks();
+
+		if ( !NT_SUCCESS( status ) )
+			DEBUG_ERROR( "InitiateDriverCallbacks failed with status %x", status );
+		
 		break;
 
 	case IOCTL_HANDLE_REPORTS_IN_CALLBACK_QUEUE:
@@ -179,6 +190,12 @@ NTSTATUS DeviceControl(
 
 		break;
 
+	case IOCTL_CLEAR_CONFIG_ON_PROCESS_CLOSE:
+
+		ClearDriverConfigOnProcessTermination( Irp );
+
+		break;
+
 	default:
 		DEBUG_ERROR( "Invalid IOCTL passed to driver" );
 		break;

driver/ioctl.h

@@ -15,6 +15,7 @@
 #define IOCTL_ENUMERATE_HANDLE_TABLES CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2007, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define IOCTL_RETRIEVE_MODULE_EXECUTABLE_REGIONS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2008, METHOD_BUFFERED, FILE_ANY_ACCESS)
 #define IOCTL_REQUEST_TOTAL_MODULE_SIZE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2009, METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define IOCTL_CLEAR_CONFIG_ON_PROCESS_CLOSE CTL_CODE(FILE_DEVICE_UNKNOWN, 0x2010, METHOD_BUFFERED, FILE_ANY_ACCESS)
 
 typedef struct _DRIVER_INITIATION_INFORMATION
 {

server/Controllers/WeatherForecastController.cs

@@ -0,0 +1,33 @@
+using Microsoft.AspNetCore.Mvc;
+
+namespace server.Controllers
+{
+    [ApiController]
+    [Route("[controller]")]
+    public class WeatherForecastController : ControllerBase
+    {
+        private static readonly string[] Summaries = new[]
+        {
+        "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
+    };
+
+        private readonly ILogger<WeatherForecastController> _logger;
+
+        public WeatherForecastController(ILogger<WeatherForecastController> logger)
+        {
+            _logger = logger;
+        }
+
+        [HttpGet(Name = "GetWeatherForecast")]
+        public IEnumerable<WeatherForecast> Get()
+        {
+            return Enumerable.Range(1, 5).Select(index => new WeatherForecast
+            {
+                Date = DateOnly.FromDateTime(DateTime.Now.AddDays(index)),
+                TemperatureC = Random.Shared.Next(-20, 55),
+                Summary = Summaries[Random.Shared.Next(Summaries.Length)]
+            })
+            .ToArray();
+        }
+    }
+}

server/Program.cs

@@ -0,0 +1,25 @@
+var builder = WebApplication.CreateBuilder(args);
+
+// Add services to the container.
+
+builder.Services.AddControllers();
+// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
+builder.Services.AddEndpointsApiExplorer();
+builder.Services.AddSwaggerGen();
+
+var app = builder.Build();
+
+// Configure the HTTP request pipeline.
+if (app.Environment.IsDevelopment())
+{
+    app.UseSwagger();
+    app.UseSwaggerUI();
+}
+
+app.UseHttpsRedirection();
+
+app.UseAuthorization();
+
+app.MapControllers();
+
+app.Run();

server/Properties/launchSettings.json

@@ -0,0 +1,41 @@
+{
+  "$schema": "https://json.schemastore.org/launchsettings.json",
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:56877",
+      "sslPort": 44398
+    }
+  },
+  "profiles": {
+    "http": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": true,
+      "launchUrl": "swagger",
+      "applicationUrl": "http://localhost:5013",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "https": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": true,
+      "launchUrl": "swagger",
+      "applicationUrl": "https://localhost:7020;http://localhost:5013",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
+    "IIS Express": {
+      "commandName": "IISExpress",
+      "launchBrowser": true,
+      "launchUrl": "swagger",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    }
+  }
+}

server/WeatherForecast.cs

@@ -0,0 +1,13 @@
+namespace server
+{
+    public class WeatherForecast
+    {
+        public DateOnly Date { get; set; }
+
+        public int TemperatureC { get; set; }
+
+        public int TemperatureF => 32 + (int)(TemperatureC / 0.5556);
+
+        public string? Summary { get; set; }
+    }
+}

server/appsettings.Development.json

@@ -0,0 +1,8 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  }
+}

server/appsettings.json

@@ -0,0 +1,9 @@
+{
+  "Logging": {
+    "LogLevel": {
+      "Default": "Information",
+      "Microsoft.AspNetCore": "Warning"
+    }
+  },
+  "AllowedHosts": "*"
+}

server/server.csproj

@@ -0,0 +1,14 @@
+<Project Sdk="Microsoft.NET.Sdk.Web">
+
+  <PropertyGroup>
+    <TargetFramework>net7.0</TargetFramework>
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="7.0.10" />
+    <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
+  </ItemGroup>
+
+</Project>

service/Types.cs

@@ -18,8 +18,8 @@ namespace service
                 public int request_id;
                 public int current_packet_number;
                 public int total_incoming_packet_count;
-                public long packet_size;
-                public long total_incoming_packet_size;
+                public uint packet_size;
+                public uint total_incoming_packet_size;
             };
         }
 

service/Worker.cs

@@ -67,12 +67,12 @@ namespace service
                         switch (header)
                         {
                             case (int)MESSAGE_TYPE.MESSAGE_TYPE_REPORT:
+                                _logger.LogDebug("We are inside the message report case");
                                 Report report = new Report(_pipeServer, _headerSize);
                                 break;
 
                             case (int)MESSAGE_TYPE.MESSAGE_TYPE_RECEIVE:
                                 Receive receive = new Receive(_pipeServer, _headerSize);
-                                receive.StoreMessage();
                                 break;
                         }
                     }

service/messages/Message.cs

@@ -20,7 +20,12 @@ namespace service.messages
 
         public void ReadPipeBuffer(ref byte[] buffer, int bufferSize )
         {
-            _pipeServer.Read(buffer, 0, bufferSize + _packetHeaderSize);
+            _pipeServer.Read(buffer, 0, bufferSize - _packetHeaderSize);
+        }
+
+        public T GetPacketHeader<T>(ref byte[] buffer)
+        {
+            return Helper.BytesToStructure<T>(ref buffer);
         }
     }
 }

service/messages/Receive.cs

@@ -3,6 +3,7 @@ using System;
 using System.Collections.Generic;
 using System.IO.Pipes;
 using System.Linq;
+using System.Reflection.PortableExecutable;
 using System.Runtime.InteropServices;
 using System.Text;
 using System.Threading.Tasks;
@@ -13,7 +14,6 @@ namespace service.messages
     {
         private byte[] _buffer;
         private static int RECEIVE_BUFFER_SIZE = 8192;
-        private IntPtr _receiveMessageAllocation;
 
         private enum RECEIVE_TYPE
         {
@@ -24,44 +24,27 @@ namespace service.messages
             : base(pipeServer, pipePacketHeaderSize)
         {
             _buffer = new byte[RECEIVE_BUFFER_SIZE];
+
+            StoreMessage();
         }
 
         public void StoreMessage()
         {
             ReadPipeBuffer(ref _buffer, RECEIVE_BUFFER_SIZE);
 
-            Types.Receive.PIPE_PACKET_SEND_EXTENSION_HEADER header = GetPacketHeader();
+            Types.Receive.PIPE_PACKET_SEND_EXTENSION_HEADER header =
+                GetPacketHeader<Types.Receive.PIPE_PACKET_SEND_EXTENSION_HEADER>(ref _buffer);
 
-            _receiveMessageAllocation = Marshal.AllocHGlobal((int)header.total_incoming_packet_size);
-
-            int incoming_packets_count = header.total_incoming_packet_count;
-
-            Log.Information("Incoming packet count: {0}", incoming_packets_count);
-
-            if (incoming_packets_count > 1)
-            {
-                for (int i=0; i < incoming_packets_count; i++)
-                {
-                    Marshal.Copy(_buffer, 0, _receiveMessageAllocation + i * RECEIVE_BUFFER_SIZE, (int)header.packet_size);
-
-                    Array.Clear(_buffer);
-
-                    ReadPipeBuffer(ref _buffer, RECEIVE_BUFFER_SIZE);
-
-                    Types.Receive.PIPE_PACKET_SEND_EXTENSION_HEADER test = GetPacketHeader();
-
-                    Log.Information("Packet number: {0}, packet size: {1}", test.current_packet_number, test.packet_size);
-                }
-            }
-            else
-            {
-                Marshal.Copy(_buffer, 0, _receiveMessageAllocation, (int)header.total_incoming_packet_size);
-            }
+            PrintPacketInformation(header);
         }
 
-        private Types.Receive.PIPE_PACKET_SEND_EXTENSION_HEADER GetPacketHeader()
+        private void PrintPacketInformation(Types.Receive.PIPE_PACKET_SEND_EXTENSION_HEADER header)
         {
-            return Helper.BytesToStructure<Types.Receive.PIPE_PACKET_SEND_EXTENSION_HEADER>(ref _buffer);
+            Log.Information("Incoming packet count: {0:x}, current packet num: {1:x}, current packet size: {2:x}, total packet size: {3:x}",
+                header.total_incoming_packet_count,
+                header.current_packet_number,
+                header.packet_size,
+                header.total_incoming_packet_size);
         }
     }
 }

service/messages/Report.cs

@@ -46,9 +46,11 @@ namespace service.messages
         {
             int reportType = GetReportType();
 
+            Log.Information("REport type: {0}", reportType);
+
             if (!Enum.IsDefined(typeof(REPORT_TYPE), reportType))
             {
-                //_logger.LogError("Enum value of {0} is invalid.", reportType);
+                Log.Error("Enum value of {0} is invalid.", reportType);
 
                 return Task.CompletedTask;
             }

service/messages/Send.cs

@@ -1,13 +1,27 @@
 using System;
 using System.Collections.Generic;
+using System.IO.Pipes;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 
 namespace service.messages
 {
-    internal class Send
+    public class Send : Message
     {
+        private byte[] _buffer;
+        private static int SEND_BUFFER_SIZE = 8192;
+
+        private enum SEND_TYPE
+        {
+            SEND_SIGNATURES_TO_SCAN = 10
+        }
+
+        public Send(NamedPipeServerStream pipeServer, int pipePacketHeaderSize)
+            : base(pipeServer, pipePacketHeaderSize)
+        {
+            _buffer = new byte[SEND_BUFFER_SIZE];
+        }
 
     }
 }

user/client.cpp

@@ -13,8 +13,9 @@ global::Client::Client( std::shared_ptr<global::ThreadPool> ThreadPool, LPTSTR P
 /*
 * Request an item from the server
 */
-void global::Client::ServerRequest()
+void global::Client::ServerReceive()
 {
+
 }
 
 /*

user/client.h

@@ -72,7 +72,7 @@ namespace global
 			mutex.unlock();
 		}
 
-		void ServerRequest();
+		void ServerReceive();
 
 		void ServerSend( PVOID Buffer, SIZE_T Size, INT RequestId );
 	};

user/km/driver.cpp

@@ -20,6 +20,8 @@ kernelmode::Driver::Driver( LPCWSTR DriverName, std::shared_ptr<global::Client>
 
 	if ( this->driver_handle == INVALID_HANDLE_VALUE )
 		LOG_ERROR( "Failed to open handle to driver with status 0x%x", GetLastError() );
+
+	this->NotifyDriverOnProcessLaunch();
 }
 
 VOID kernelmode::Driver::RunNmiCallbacks()

user/main.cpp

@@ -32,6 +32,7 @@ DWORD WINAPI Init(HINSTANCE hinstDLL)
     //kmanager.RunNmiCallbacks();
     //kmanager.VerifySystemModules();
     kmanager.RequestModuleExecutableRegionsForIntegrityCheck();
+    //kmanager.MonitorCallbackReports();
 
     //umanager.ValidateProcessModules();
     //umanager.ValidateProcessMemory();

user/pipe.cpp

@@ -20,11 +20,6 @@ global::Pipe::Pipe( LPTSTR PipeName )
 		LOG_ERROR( "CreateFile failed with status 0x%x", GetLastError() );
 		return;
 	}
-
-	/* test the write function */
-	//global::headers::PIPE_PACKET_HEADER header;
-	//header.message_type = REQUEST_PATTERNS_TO_BE_SCANNED;
-	//this->WriteToPipe( &header, sizeof( global::headers::PIPE_PACKET_HEADER ) );
 }
 
 void global::Pipe::WriteToPipe( PVOID Buffer, SIZE_T Size )