noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

win11 testing + few other tings

Browse source
This commit is contained in:
lhodges1 2023-11-01 01:17:40 +11:00
parent a482faceca
commit f023ee5d98
19 changed files with 656 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
ac.sln
View file

@ -13,6 +13,10 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "server", "server\server.csp
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "debuglib", "debuglib\debuglib.vcxproj", "{E21EB277-0001-4AD3-9131-06098BAF81A2}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testdrv", "testdrv\testdrv.vcxproj", "{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testcli", "testcli\testcli.vcxproj", "{BB9E4B6E-81E3-4D39-8928-0BA3F947C479}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
@ -113,6 +117,46 @@ Global
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Release|x64.Build.0 = Release|x64
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Release|x86.ActiveCfg = Release|Win32
{E21EB277-0001-4AD3-9131-06098BAF81A2}.Release|x86.Build.0 = Release|Win32
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Debug|Any CPU.ActiveCfg = Debug|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Debug|Any CPU.Build.0 = Debug|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Debug|Any CPU.Deploy.0 = Debug|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Debug|ARM64.ActiveCfg = Debug|ARM64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Debug|ARM64.Build.0 = Debug|ARM64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Debug|ARM64.Deploy.0 = Debug|ARM64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Debug|x64.ActiveCfg = Debug|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Debug|x64.Build.0 = Debug|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Debug|x64.Deploy.0 = Debug|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Debug|x86.ActiveCfg = Debug|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Debug|x86.Build.0 = Debug|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Debug|x86.Deploy.0 = Debug|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Release|Any CPU.ActiveCfg = Release|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Release|Any CPU.Build.0 = Release|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Release|Any CPU.Deploy.0 = Release|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Release|ARM64.ActiveCfg = Release|ARM64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Release|ARM64.Build.0 = Release|ARM64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Release|ARM64.Deploy.0 = Release|ARM64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Release|x64.ActiveCfg = Release|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Release|x64.Build.0 = Release|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Release|x64.Deploy.0 = Release|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Release|x86.ActiveCfg = Release|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Release|x86.Build.0 = Release|x64
{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}.Release|x86.Deploy.0 = Release|x64
{BB9E4B6E-81E3-4D39-8928-0BA3F947C479}.Debug|Any CPU.ActiveCfg = Debug|x64
{BB9E4B6E-81E3-4D39-8928-0BA3F947C479}.Debug|Any CPU.Build.0 = Debug|x64
{BB9E4B6E-81E3-4D39-8928-0BA3F947C479}.Debug|ARM64.ActiveCfg = Debug|x64
{BB9E4B6E-81E3-4D39-8928-0BA3F947C479}.Debug|ARM64.Build.0 = Debug|x64
{BB9E4B6E-81E3-4D39-8928-0BA3F947C479}.Debug|x64.ActiveCfg = Debug|x64
{BB9E4B6E-81E3-4D39-8928-0BA3F947C479}.Debug|x64.Build.0 = Debug|x64
{BB9E4B6E-81E3-4D39-8928-0BA3F947C479}.Debug|x86.ActiveCfg = Debug|Win32
{BB9E4B6E-81E3-4D39-8928-0BA3F947C479}.Debug|x86.Build.0 = Debug|Win32
{BB9E4B6E-81E3-4D39-8928-0BA3F947C479}.Release|Any CPU.ActiveCfg = Release|x64
{BB9E4B6E-81E3-4D39-8928-0BA3F947C479}.Release|Any CPU.Build.0 = Release|x64
{BB9E4B6E-81E3-4D39-8928-0BA3F947C479}.Release|ARM64.ActiveCfg = Release|x64
{BB9E4B6E-81E3-4D39-8928-0BA3F947C479}.Release|ARM64.Build.0 = Release|x64
{BB9E4B6E-81E3-4D39-8928-0BA3F947C479}.Release|x64.ActiveCfg = Release|x64
{BB9E4B6E-81E3-4D39-8928-0BA3F947C479}.Release|x64.Build.0 = Release|x64
{BB9E4B6E-81E3-4D39-8928-0BA3F947C479}.Release|x86.ActiveCfg = Release|Win32
{BB9E4B6E-81E3-4D39-8928-0BA3F947C479}.Release|x86.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE

10
driver/callbacks.c
View file

@ -416,10 +416,16 @@ ObPreOpCallbackRoutine(
if (!strcmp(protected_process_name, target_process_name))
{
if (!strcmp(process_creator_name, "lsass.exe") || !strcmp(process_creator_name, "csrss.exe"))
/*
* WerFault is some windows 11 application that cries when it cant get a handle,
* so well allow it for now... todo; learn more about it
*/
if (!strcmp(process_creator_name, "lsass.exe") ||
!strcmp(process_creator_name, "csrss.exe") ||
!strcmp(process_creator_name, "WerFault.exe"))
{
/* We will downgrade these handles later */
DEBUG_LOG("Handles created by CSRSS and LSASS are allowed for now...");
DEBUG_LOG("Handles created by CSRSS, LSASS and WerFault are allowed for now...");
}
else if (target_process == process_creator)
{

2
driver/driver.c
View file

@ -1230,7 +1230,7 @@ DriverEntry(
//ValidateSystemModules();
//ValidateNtoskrnl();
LaunchInterProcessInterrupt(NULL);
//LaunchInterProcessInterrupt(NULL);
DEBUG_LOG("DonnaAC Driver Entry Complete");
return STATUS_SUCCESS;

2
driver/driver.vcxproj
View file

@ -141,6 +141,7 @@
<ClCompile Include="pool.c" />
<ClCompile Include="queue.c" />
<ClCompile Include="thread.c" />
<ClCompile Include="version.c" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="callbacks.h" />
@ -153,6 +154,7 @@
<ClInclude Include="pool.h" />
<ClInclude Include="queue.h" />
<ClInclude Include="thread.h" />
<ClInclude Include="version.h" />
</ItemGroup>
<ItemGroup>
<MASM Include="asm.asm" />

6
driver/driver.vcxproj.filters
View file

@ -51,6 +51,9 @@
<ClCompile Include="thread.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="version.c">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="driver.h">
@ -83,6 +86,9 @@
<ClInclude Include="thread.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="version.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
<ItemGroup>
<MASM Include="asm.asm">

4
driver/integrity.c
View file

@ -1810,8 +1810,6 @@ ValidateSystemModules()
goto free_iteration;
}
DEBUG_LOG("Disk text size: %lx, memory text size: %lx", disk_text_header->SizeOfRawData, memory_text_header->SizeOfRawData);
status = ComputeHashOfBuffer(
disk_text_base,
disk_text_header->SizeOfRawData,
@ -1841,8 +1839,6 @@ ValidateSystemModules()
SIZE_T test = RtlCompareMemory(memory_text_base, disk_text_base, memory_text_header->SizeOfRawData);
//SIZE_T test2 = RtlCompareMemory(disk_hash, memory_hash, memory_hash_size);
DEBUG_LOG("num bytes before difference: %llx", test);
if (test = memory_text_header->SizeOfRawData)
DEBUG_LOG("Modules regions are valid!");
else

17
driver/ioctl.c
View file

@ -90,19 +90,17 @@ DeviceControl(
PKTHREAD thread = NULL;
BOOLEAN security_flag = FALSE;
DEBUG_LOG("IOCTL Code: %lx", stack_location->Parameters.DeviceIoControl.IoControlCode);
goto end;
/*
* LMAO
*/
//ReadProcessInitialisedConfigFlag(&security_flag);
ReadProcessInitialisedConfigFlag(&security_flag);
//if (security_flag == FALSE &&
// stack_location->Parameters.DeviceIoControl.IoControlCode != IOCTL_NOTIFY_DRIVER_ON_PROCESS_LAUNCH)
//{
// status = STATUS_ACCESS_DENIED;
// goto end;
//}
if (security_flag == FALSE &&
stack_location->Parameters.DeviceIoControl.IoControlCode != IOCTL_NOTIFY_DRIVER_ON_PROCESS_LAUNCH)
{
status = STATUS_ACCESS_DENIED;
goto end;
}
switch (stack_location->Parameters.DeviceIoControl.IoControlCode)
{
@ -431,7 +429,6 @@ DeviceCreate(
PAGED_CODE();
DEBUG_LOG("Handle opened to DonnaAC");
ValidateSystemModules();
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return Irp->IoStatus.Status;

7
driver/modules.c
View file

@ -951,7 +951,7 @@ NmiCallback(
)
{
UNREFERENCED_PARAMETER(Handled);
__debugbreak();
PVOID current_thread = KeGetCurrentThread();
NMI_CALLBACK_DATA thread_data = { 0 };
PNMI_CONTEXT nmi_context = (PNMI_CONTEXT)Context;
@ -1534,7 +1534,7 @@ LaunchInterProcessInterrupt(
if (!NT_SUCCESS(status))
{
DEBUG_ERROR("Error retriving system module information");
return status;
goto end;
}
KeIpiGenericCall(NmiCallback, &ipi_context);
@ -1545,10 +1545,9 @@ LaunchInterProcessInterrupt(
*/
status = AnalyseNmiData(&ipi_context, &system_modules, Irp);
end:
if (!NT_SUCCESS(status))
DEBUG_ERROR("Error analysing ipi interrupt data");
end:
if (system_modules.address)
ExFreePoolWithTag(system_modules.address, SYSTEM_MODULES_POOL);

11
driver/version.c Normal file
View file

@ -0,0 +1,11 @@
#include "version.h"
NTSTATUS
PopulateGlobalOffsets()
{
NTSTATUS status = STATUS_SUCCESS;
return status;
}

35
driver/version.h Normal file
View file

@ -0,0 +1,35 @@
#ifndef VERSION_H
#define VERSION_H
#include <ntddk.h>
extern UINT32 KTHREAD_STACK_BASE_OFFSET = 0;
extern UINT32 KTHREAD_STACK_LIMIT_OFFSET = 0;
extern UINT32 KTHREAD_THREADLIST_OFFSET = 0;
extern UINT32 KTHREAD_APC_STATE_OFFSET = 0;
extern UINT32 KTHREAD_START_ADDRESS_OFFSET = 0;
extern UINT32 KTHREAD_MISC_FLAGS_OFFSET = 0;
extern UINT32 KTHREAD_WAIT_IRQL_OFFSET = 0;
extern UINT32 KTHREAD_PREVIOUS_MODE_OFFSET = 0;
extern UINT32 KTHREAD_STATE_OFFSET = 0;
extern UINT32 KTHREAD_MISC_FLAGS_APC_QUEUEABLE = 0;
extern UINT32 KTHREAD_MISC_FLAGS_ALERTABLE = 0;
extern UINT32 EPROCESS_PEAK_VIRTUAL_SIZE_OFFSET = 0;
extern UINT32 EPROCESS_VAD_ROOT_OFFSET = 0;
extern UINT32 EPROCESS_OBJECT_TABLE_OFFSET = 0;
extern UINT32 EPROCESS_IMAGE_NAME_OFFSET = 0;
extern UINT32 EPROCESS_PEB_OFFSET = 0;
extern UINT32 KPROCESS_THREADLIST_OFFSET = 0;
extern UINT32 KPROCESS_DIRECTORY_TABLE_BASE_OFFSET = 0;
extern UINT32 OBJECT_HEADER_TYPE_INDEX_OFFSET = 0;
extern UINT32 POOL_HEADER_BLOCK_SIZE_OFFSET = 0;
extern UINT32 POOL_HEADER_TAG_OFFSET = 0;
extern UINT32 KPCRB_CURRENT_THREAD_OFFSET = 0;
#endif

6
testcli/testcli.cpp Normal file
View file

@ -0,0 +1,6 @@
#include <iostream>
int main()
{
std::cout << "Hello World!\n";
}

135
testcli/testcli.vcxproj Normal file
View file

@ -0,0 +1,135 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<VCProjectVersion>17.0</VCProjectVersion>
<Keyword>Win32Proj</Keyword>
<ProjectGuid>{bb9e4b6e-81e3-4d39-8928-0ba3f947c479}</ProjectGuid>
<RootNamespace>testcli</RootNamespace>
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="Shared">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="testcli.cpp" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

22
testcli/testcli.vcxproj.filters Normal file
View file

@ -0,0 +1,22 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="testcli.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
</Project>

103
testdrv/driver.c Normal file
View file

@ -0,0 +1,103 @@
#include "driver.h"
UNICODE_STRING DRIVER_NAME = RTL_CONSTANT_STRING(L"donna-ac-test");
UNICODE_STRING DRIVER_LINK = RTL_CONSTANT_STRING(L"donna-ac-test-link");
#define IOCCTL_RUN_NMI_CALLBACKS CTL_CODE(FILE_DEVICE_UNKNOWN, 0x20001, METHOD_BUFFERED, FILE_ANY_ACCESS)
NTSTATUS
DeviceControl(
_In_ PDRIVER_OBJECT DriverObject,
_Inout_ PIRP Irp
)
{
UNREFERENCED_PARAMETER(DriverObject);
NTSTATUS status = STATUS_SUCCESS;
PIO_STACK_LOCATION stack_location = IoGetCurrentIrpStackLocation(Irp);
switch (stack_location->Parameters.DeviceIoControl.IoControlCode)
{
}
end:
Irp->IoStatus.Status = status;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return status;
}
NTSTATUS
DeviceClose(
_In_ PDEVICE_OBJECT DeviceObject,
_Inout_ PIRP Irp
)
{
UNREFERENCED_PARAMETER(DeviceObject);
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return Irp->IoStatus.Status;
}
NTSTATUS
DeviceCreate(
_In_ PDEVICE_OBJECT DeviceObject,
_Inout_ PIRP Irp
)
{
UNREFERENCED_PARAMETER(DeviceObject);
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return Irp->IoStatus.Status;
}
STATIC
VOID
DriverUnload(
_In_ PDRIVER_OBJECT DriverObject
)
{
IoDeleteDevice(DriverObject->DeviceObject);
DEBUG_LOG("Driver unloaded");
}
NTSTATUS
DriverEntry(
_In_ PDRIVER_OBJECT DriverObject,
_In_ PUNICODE_STRING RegistryPath
)
{
NTSTATUS status;
status = IoCreateDevice(
DriverObject,
NULL,
&DRIVER_NAME,
FILE_DEVICE_UNKNOWN,
FILE_DEVICE_SECURE_OPEN,
FALSE,
&DriverObject->DeviceObject
);
if (!NT_SUCCESS(status))
{
DEBUG_ERROR("IoCreateDevice failed with status %x", status);
return STATUS_FAILED_DRIVER_ENTRY;
}
status = IoCreateSymbolicLink(
&DRIVER_LINK,
&DRIVER_NAME
);
if (!NT_SUCCESS(status))
{
DEBUG_ERROR("failed to create symbolic link");
IoDeleteDevice(DriverObject->DeviceObject);
return STATUS_FAILED_DRIVER_ENTRY;
}
DriverObject->MajorFunction[IRP_MJ_CREATE] = DeviceCreate;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = DeviceClose;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = DeviceControl;
DriverObject->DriverUnload = DriverUnload;
return STATUS_SUCCESS;
}

12
testdrv/driver.h Normal file
View file

@ -0,0 +1,12 @@
#ifndef DRIVER_H
#define DRIVER_H
#include <ntddk.h>
#define STATIC static
#define VOID void
#define DEBUG_LOG(fmt, ...) DbgPrintEx(DPFLTR_IHVDRIVER_ID, 0, "[+] " fmt "\n", ##__VA_ARGS__)
#define DEBUG_ERROR(fmt, ...) DbgPrintEx(DPFLTR_IHVDRIVER_ID, 0, "[-] " fmt "\n", ##__VA_ARGS__)
#endif

77
testdrv/testdrv.inf Normal file
View file

@ -0,0 +1,77 @@
;
; testdrv.inf
;
[Version]
Signature="$WINDOWS NT$"
Class=System ; TODO: specify appropriate Class
ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318} ; TODO: specify appropriate ClassGuid
Provider=%ManufacturerName%
CatalogFile=testdrv.cat
DriverVer= ; TODO: set DriverVer in stampinf property pages
PnpLockdown=1
[DestinationDirs]
DefaultDestDir = 12
testdrv_Device_CoInstaller_CopyFiles = 11
[SourceDisksNames]
1 = %DiskName%,,,""
[SourceDisksFiles]
testdrv.sys = 1,,
WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
;*****************************************
; Install Section
;*****************************************
[Manufacturer]
%ManufacturerName%=Standard,NT$ARCH$
[Standard.NT$ARCH$]
%testdrv.DeviceDesc%=testdrv_Device, Root\testdrv ; TODO: edit hw-id
[testdrv_Device.NT]
CopyFiles=Drivers_Dir
[Drivers_Dir]
testdrv.sys
;-------------- Service installation
[testdrv_Device.NT.Services]
AddService = testdrv,%SPSVCINST_ASSOCSERVICE%, testdrv_Service_Inst
; -------------- testdrv driver install sections
[testdrv_Service_Inst]
DisplayName = %testdrv.SVCDESC%
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START
ErrorControl = 1 ; SERVICE_ERROR_NORMAL
ServiceBinary = %12%\testdrv.sys
;
;--- testdrv_Device Coinstaller installation ------
;
[testdrv_Device.NT.CoInstallers]
AddReg=testdrv_Device_CoInstaller_AddReg
CopyFiles=testdrv_Device_CoInstaller_CopyFiles
[testdrv_Device_CoInstaller_AddReg]
HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
[testdrv_Device_CoInstaller_CopyFiles]
WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
[testdrv_Device.NT.Wdf]
KmdfService = testdrv, testdrv_wdfsect
[testdrv_wdfsect]
KmdfLibraryVersion = $KMDFVERSION$
[Strings]
SPSVCINST_ASSOCSERVICE= 0x00000002
ManufacturerName="<Your manufacturer name>" ;TODO: Replace with your manufacturer name
DiskName = "testdrv Installation Disk"
testdrv.DeviceDesc = "testdrv Device"
testdrv.SVCDESC = "testdrv Service"

123
testdrv/testdrv.vcxproj Normal file
View file

@ -0,0 +1,123 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|ARM64">
<Configuration>Debug</Configuration>
<Platform>ARM64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|ARM64">
<Configuration>Release</Configuration>
<Platform>ARM64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<ProjectGuid>{3CE9C9B1-1FB1-4770-ABBB-EE4E6AA949B0}</ProjectGuid>
<TemplateGuid>{1bc93793-694f-48fe-9372-81e2b05556fd}</TemplateGuid>
<TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
<MinimumVisualStudioVersion>12.0</MinimumVisualStudioVersion>
<Configuration>Debug</Configuration>
<Platform Condition="'$(Platform)' == ''">x64</Platform>
<RootNamespace>testdrv</RootNamespace>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
<DriverType>KMDF</DriverType>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
<DriverType>KMDF</DriverType>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
<Driver_SpectreMitigation>false</Driver_SpectreMitigation>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
<DriverType>KMDF</DriverType>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
<DriverType>KMDF</DriverType>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="PropertySheets">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
<Inf2CatUseLocalTime>true</Inf2CatUseLocalTime>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
<DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<DriverSign>
<FileDigestAlgorithm>sha256</FileDigestAlgorithm>
</DriverSign>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<DriverSign>
<FileDigestAlgorithm>sha256</FileDigestAlgorithm>
</DriverSign>
<ClCompile>
<TreatWarningAsError>false</TreatWarningAsError>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
<DriverSign>
<FileDigestAlgorithm>sha256</FileDigestAlgorithm>
</DriverSign>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
<DriverSign>
<FileDigestAlgorithm>sha256</FileDigestAlgorithm>
</DriverSign>
</ItemDefinitionGroup>
<ItemGroup>
<Inf Include="testdrv.inf" />
</ItemGroup>
<ItemGroup>
<FilesToPackage Include="$(TargetPath)" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="driver.c" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="driver.h" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>

36
testdrv/testdrv.vcxproj.filters Normal file
View file

@ -0,0 +1,36 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
<Filter Include="Driver Files">
<UniqueIdentifier>{8E41214B-6785-4CFE-B992-037D68949A14}</UniqueIdentifier>
<Extensions>inf;inv;inx;mof;mc;</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<Inf Include="testdrv.inf">
<Filter>Driver Files</Filter>
</Inf>
</ItemGroup>
<ItemGroup>
<ClCompile Include="driver.c">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="driver.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
</Project>

26
user/main.cpp
View file

@ -11,6 +11,30 @@
#include "../user/um/umanager.h"
#include "../user/km/kmanager.h"
//BOOLEAN IsTestSigningModeEnabled()
//{
// ULONG return_length = 0;
//
// SYSTEM_CODEINTEGRITY_INFORMATION info = { 0 };
// info.Length = sizeof(SYSTEM_CODEINTEGRITY_INFORMATION);
// info.CodeIntegrityOptions = 0;
//
// NTSTATUS status = NtQuerySystemInformation(
// SystemCodeIntegrityInformation,
// &info,
// sizeof(info),
// &return_length
// );
//
// if (!NT_SUCCESS(status))
// {
// LOG_ERROR("NtQuerySystemInformation failed with status: %lx", status);
// return FALSE;
// }
//
// return info.CodeIntegrityOptions & CODEINTEGRITY_OPTION_TESTSIGN;
//}
DWORD WINAPI Init(HINSTANCE hinstDLL)
{
AllocConsole();
@ -50,7 +74,7 @@ DWORD WINAPI Init(HINSTANCE hinstDLL)
while (!GetAsyncKeyState(VK_DELETE))
{
int seed = (rand() % 11);
int seed = (rand() % 12);
std::cout << "Seed: " << seed << std::endl;