diff options
| author | Matthijs Lavrijsen <mattiwatti@gmail.com> | 2021-05-12 12:53:34 +0200 |
|---|---|---|
| committer | Matthijs Lavrijsen <mattiwatti@gmail.com> | 2021-05-12 12:53:34 +0200 |
| commit | 58d4e2643e147696f908c86f7fb6bf55d08ae9bd (patch) | |
| tree | 71ad68b0e2888e8e5fb5a96c8dc33ba944207407 | |
| parent | f8ca8c0c008980352c2b3eee6eda21f395bde4cf (diff) | |
Fix Resharper warnings
| -rw-r--r-- | EfiGuardDxe/EfiGuardDxe.c | 8 | ||||
| -rw-r--r-- | EfiGuardDxe/PatchBootmgr.c | 10 | ||||
| -rw-r--r-- | EfiGuardDxe/PatchNtoskrnl.c | 20 | ||||
| -rw-r--r-- | EfiGuardDxe/PatchWinload.c | 24 | ||||
| -rw-r--r-- | EfiGuardDxe/pe.c | 10 | ||||
| -rw-r--r-- | EfiGuardDxe/util.c | 2 |
6 files changed, 37 insertions, 37 deletions
diff --git a/EfiGuardDxe/EfiGuardDxe.c b/EfiGuardDxe/EfiGuardDxe.c index f61cfd6..4d28559 100644 --- a/EfiGuardDxe/EfiGuardDxe.c +++ b/EfiGuardDxe/EfiGuardDxe.c @@ -197,7 +197,7 @@ HookedLoadImage( else { // Determine the type of file we're loading - CONST INPUT_FILETYPE FileType = GetInputFileType((UINT8*)LoadedImage->ImageBase, LoadedImage->ImageSize); + CONST INPUT_FILETYPE FileType = GetInputFileType(LoadedImage->ImageBase, LoadedImage->ImageSize); ASSERT(FileType == Unknown || FileType == Bootmgr || FileType == BootmgfwEfi); if (FileType == BootmgfwEfi) @@ -263,7 +263,7 @@ HookedSetVariable( Data != NULL) { // Yep, and Attributes and DataSize are correct. Check if *Data is a valid input for a backdoor read/write operation - EFIGUARD_BACKDOOR_DATA* BackdoorData = (EFIGUARD_BACKDOOR_DATA*)Data; + EFIGUARD_BACKDOOR_DATA* BackdoorData = Data; if (BackdoorData->CookieValue == EFIGUARD_BACKDOOR_COOKIE_VALUE && BackdoorData->Size > 0 && (UINTN)BackdoorData->KernelAddress >= (UINTN)MM_SYSTEM_RANGE_START) @@ -306,7 +306,7 @@ HookedSetVariable( } case 8: { - CONST UINT64 NewQword = (UINT64)BackdoorData->u.Qword; + CONST UINT64 NewQword = BackdoorData->u.Qword; BackdoorData->u.Qword = *(UINT64*)BackdoorData->KernelAddress; if (!BackdoorData->IsReadOperation) *(UINT64*)BackdoorData->KernelAddress = NewQword; @@ -602,7 +602,7 @@ EfiGuardInitialize( // // Hook gRT->SetVariable // - mOriginalSetVariable = (EFI_SET_VARIABLE)SetServicePointer(&gRT->Hdr, (VOID**)&gRT->SetVariable, (VOID**)&HookedSetVariable); + mOriginalSetVariable = (EFI_SET_VARIABLE)SetServicePointer(&gRT->Hdr, (VOID**)&gRT->SetVariable, (VOID*)&HookedSetVariable); Print(L"Hooked gRT->SetVariable: 0x%p -> 0x%p\r\n", (VOID*)mOriginalSetVariable, (VOID*)&HookedSetVariable); // Register notification callback for ExitBootServices() diff --git a/EfiGuardDxe/PatchBootmgr.c b/EfiGuardDxe/PatchBootmgr.c index 5c3c481..490d040 100644 --- a/EfiGuardDxe/PatchBootmgr.c +++ b/EfiGuardDxe/PatchBootmgr.c @@ -69,7 +69,7 @@ HookedBootManagerImgArchStartBootApplication( } // Determine if we're starting winload.efi, bootmgr.efi (when booting a WIM), or something else - FileType = GetInputFileType((UINT8*)ImageBase, (UINTN)ImageSize); + FileType = GetInputFileType(ImageBase, (UINTN)ImageSize); if (FileType != WinloadEfi && FileType != BootmgrEfi) { // Nothing for us to do @@ -300,7 +300,7 @@ PatchBootManager( // Found signature; backtrack to function start // Note: pOriginalAddress is a pointer to a (function) pointer, because the original address depends on the type of boot manager we are patching. VOID **pOriginalAddress = PatchingBootmgrEfi ? &gOriginalBootmgrImgArchStartBootApplication : &gOriginalBootmgfwImgArchStartBootApplication; - *pOriginalAddress = (VOID*)BacktrackToFunctionStart((UINT8*)ImageBase, NtHeaders, Found); + *pOriginalAddress = (VOID*)BacktrackToFunctionStart(ImageBase, NtHeaders, Found); CONST VOID* OriginalAddress = *pOriginalAddress; if (OriginalAddress == NULL) { @@ -325,7 +325,7 @@ PatchBootManager( CopyMem(BackupAddress, (VOID*)OriginalAddress, sizeof(gHookTemplate)); // Place faux call (push addr, ret) at the start of the function to transfer execution to our hook - CopyMem((VOID*)OriginalAddress, (VOID*)gHookTemplate, sizeof(gHookTemplate)); + CopyMem((VOID*)OriginalAddress, gHookTemplate, sizeof(gHookTemplate)); *(UINTN*)((UINT8*)OriginalAddress + 2) = (UINTN)HookAddress; gBS->RestoreTPL(Tpl); @@ -333,7 +333,7 @@ PatchBootManager( // Patch ImgpValidateImageHash to allow custom boot loaders. This is completely // optional (unless booting a custom winload.efi), and failures are ignored PatchImgpValidateImageHash(FileType, - (UINT8*)ImageBase, + ImageBase, NtHeaders); if (BuildNumber >= 7600) @@ -341,7 +341,7 @@ PatchBootManager( // Patch ImgpFilterValidationFailure so it doesn't silently // rat out every violation to a TPM or SI log. Also optional PatchImgpFilterValidationFailure(FileType, - (UINT8*)ImageBase, + ImageBase, NtHeaders); } diff --git a/EfiGuardDxe/PatchNtoskrnl.c b/EfiGuardDxe/PatchNtoskrnl.c index ac8f181..8746e3c 100644 --- a/EfiGuardDxe/PatchNtoskrnl.c +++ b/EfiGuardDxe/PatchNtoskrnl.c @@ -99,7 +99,7 @@ DisablePatchGuard( // Search for KeInitAmd64SpecificState PRINT_KERNEL_PATCH_MSG(L"\r\n== Searching for nt!KeInitAmd64SpecificState pattern in INIT ==\r\n"); UINT8* KeInitAmd64SpecificStatePatternAddress = NULL; - for (UINT8* Address = (UINT8*)StartVa; Address < StartVa + SizeOfRawData - sizeof(SigKeInitAmd64SpecificState); ++Address) + for (UINT8* Address = StartVa; Address < StartVa + SizeOfRawData - sizeof(SigKeInitAmd64SpecificState); ++Address) { if (CompareMem(Address, SigKeInitAmd64SpecificState, sizeof(SigKeInitAmd64SpecificState)) == 0) { @@ -265,7 +265,7 @@ DisablePatchGuard( CONST EFI_STATUS FindKiVerifyScopesExecuteStatus = FindPattern(SigKiVerifyScopesExecute, 0xCC, sizeof(SigKiVerifyScopesExecute), - (VOID*)StartVa, + StartVa, SizeOfRawData, (VOID**)&KiVerifyScopesExecutePatternAddress); if (EFI_ERROR(FindKiVerifyScopesExecuteStatus)) @@ -296,7 +296,7 @@ DisablePatchGuard( // Search for KiMcaDeferredRecoveryService PRINT_KERNEL_PATCH_MSG(L"== Searching for nt!KiMcaDeferredRecoveryService pattern in .text ==\r\n"); UINT8* KiMcaDeferredRecoveryService = NULL; - for (UINT8* Address = (UINT8*)StartVa; Address < StartVa + SizeOfRawData - sizeof(SigKiMcaDeferredRecoveryService); ++Address) + for (UINT8* Address = StartVa; Address < StartVa + SizeOfRawData - sizeof(SigKiMcaDeferredRecoveryService); ++Address) { if (CompareMem(Address, SigKiMcaDeferredRecoveryService, sizeof(SigKiMcaDeferredRecoveryService)) == 0) { @@ -365,7 +365,7 @@ DisablePatchGuard( CONST EFI_STATUS FindKiSwInterruptStatus = FindPattern(SigKiSwInterrupt, 0xCC, sizeof(SigKiSwInterrupt), - (VOID*)StartVa, + StartVa, SizeOfRawData, (VOID**)&KiSwInterruptPatternAddress); if (EFI_ERROR(FindKiSwInterruptStatus)) @@ -614,7 +614,7 @@ DisableDSE( Instruction.operands[0].type == ZYDIS_OPERAND_TYPE_MEMORY && Instruction.operands[0].mem.base == ZYDIS_REGISTER_RIP && Instruction.operands[1].type == ZYDIS_OPERAND_TYPE_REGISTER) { - if (ZYAN_SUCCESS(ZydisCalcAbsoluteAddress(&Instruction, &Instruction.operands[0], InstructionAddress, (ZyanU64*)&gCiEnabled))) + if (ZYAN_SUCCESS(ZydisCalcAbsoluteAddress(&Instruction, &Instruction.operands[0], InstructionAddress, &gCiEnabled))) { PRINT_KERNEL_PATCH_MSG(L" Found g_CiEnabled at 0x%llX.\r\n", gCiEnabled); break; @@ -709,7 +709,7 @@ DisableDSE( if (BuildNumber < 9200) *SeValidateImageDataJzAddress = 0xEB; // jmp else if (BypassType == DSE_DISABLE_AT_BOOT) - *(UINT32*)((UINT8*)SeValidateImageDataMovEaxAddress + 1 /*skip existing mov opcode*/) = 0x0; // mov eax, 0 + *(UINT32*)(SeValidateImageDataMovEaxAddress + 1 /*skip existing mov opcode*/) = 0x0; // mov eax, 0 if (BuildNumber >= 16299 && BypassType == DSE_DISABLE_AT_BOOT) { @@ -728,7 +728,7 @@ DisableDSE( } else { - CopyMem((VOID*)Found, (VOID*)SeCodeIntegrityQueryInformationPatch, sizeof(SeCodeIntegrityQueryInformationPatch)); + CopyMem(Found, SeCodeIntegrityQueryInformationPatch, sizeof(SeCodeIntegrityQueryInformationPatch)); PRINT_KERNEL_PATCH_MSG(L"\r\nPatched SeCodeIntegrityQueryInformation [RVA: 0x%X].\r\n", (UINT32)(Found - ImageBase)); } } @@ -751,7 +751,7 @@ PatchNtoskrnl( // Print file and version info UINT16 MajorVersion = 0, MinorVersion = 0, BuildNumber = 0, Revision = 0; UINT32 FileFlags = 0; - EFI_STATUS Status = GetPeFileVersionInfo((VOID*)ImageBase, &MajorVersion, &MinorVersion, &BuildNumber, &Revision, &FileFlags); + EFI_STATUS Status = GetPeFileVersionInfo(ImageBase, &MajorVersion, &MinorVersion, &BuildNumber, &Revision, &FileFlags); if (EFI_ERROR(Status)) { PRINT_KERNEL_PATCH_MSG(L"[PatchNtoskrnl] WARNING: failed to obtain ntoskrnl.exe version info. Status: %llx\r\n", Status); @@ -804,7 +804,7 @@ PatchNtoskrnl( // Patch INIT and .text sections to disable PatchGuard PRINT_KERNEL_PATCH_MSG(L"[PatchNtoskrnl] Disabling PatchGuard... [INIT RVA: 0x%X - 0x%X]\r\n", InitSection->VirtualAddress, InitSection->VirtualAddress + InitSection->SizeOfRawData); - Status = DisablePatchGuard((UINT8*)ImageBase, + Status = DisablePatchGuard(ImageBase, NtHeaders, InitSection, TextSection, @@ -821,7 +821,7 @@ PatchNtoskrnl( PRINT_KERNEL_PATCH_MSG(L"[PatchNtoskrnl] %S... [PAGE RVA: 0x%X - 0x%X]\r\n", gDriverConfig.DseBypassMethod == DSE_DISABLE_AT_BOOT ? L"Disabling DSE" : L"Ensuring safe DSE bypass", PageSection->VirtualAddress, PageSection->VirtualAddress + PageSection->SizeOfRawData); - Status = DisableDSE((UINT8*)ImageBase, + Status = DisableDSE(ImageBase, NtHeaders, PageSection, gDriverConfig.DseBypassMethod, diff --git a/EfiGuardDxe/PatchWinload.c b/EfiGuardDxe/PatchWinload.c index a36f8b6..32f10db 100644 --- a/EfiGuardDxe/PatchWinload.c +++ b/EfiGuardDxe/PatchWinload.c @@ -232,11 +232,11 @@ PatchImgpFilterValidationFailure( { if (CompareMem(Section->Name, ".text", sizeof(".text") - 1) == 0) CodeSection = Section; - if ((FileType == BootmgfwEfi || FileType == BootmgrEfi) && + if (((FileType == BootmgfwEfi || FileType == BootmgrEfi) && CompareMem(Section->Name, ".text", sizeof(".text") - 1) == 0) // [bootmgfw|bootmgr].efi (usually) has no .rdata section, and starting at .text is always fine - PatternSection = Section; - else if ((FileType == WinloadExe || FileType == WinloadEfi) && - CompareMem(Section->Name, ".rdata", sizeof(".rdata") - 1) == 0) // For winload.[exe|efi] the string is in .rdata + || + ((FileType == WinloadExe || FileType == WinloadEfi) && + CompareMem(Section->Name, ".rdata", sizeof(".rdata") - 1) == 0)) // For winload.[exe|efi] the string is in .rdata PatternSection = Section; Section++; } @@ -249,7 +249,7 @@ PatchImgpFilterValidationFailure( CONST UINT8* PatternStartVa = ImageBase + PatternStartRva; CHAR8 SectionName[EFI_IMAGE_SIZEOF_SHORT_NAME + 1]; - CopyMem((VOID*)SectionName, (VOID*)PatternSection->Name, EFI_IMAGE_SIZEOF_SHORT_NAME); + CopyMem(SectionName, PatternSection->Name, EFI_IMAGE_SIZEOF_SHORT_NAME); SectionName[EFI_IMAGE_SIZEOF_SHORT_NAME] = '\0'; Print(L"\r\n== Searching for load failure string in %a [RVA: 0x%X - 0x%X] ==\r\n", SectionName, PatternStartRva, PatternStartRva + PatternSizeOfRawData); @@ -278,8 +278,8 @@ PatchImgpFilterValidationFailure( CONST UINT32 CodeSizeOfRawData = CodeSection->SizeOfRawData; CONST UINT8* CodeStartVa = ImageBase + CodeStartRva; - ZeroMem((VOID*)SectionName, sizeof(SectionName)); - CopyMem((VOID*)SectionName, (VOID*)CodeSection->Name, EFI_IMAGE_SIZEOF_SHORT_NAME); + ZeroMem(SectionName, sizeof(SectionName)); + CopyMem(SectionName, CodeSection->Name, EFI_IMAGE_SIZEOF_SHORT_NAME); Print(L"== Disassembling %a to find %S!ImgpFilterValidationFailure ==\r\n", SectionName, ShortName); UINT8* LeaIntegrityFailureAddress = NULL; @@ -604,7 +604,7 @@ PatchWinload( FindPattern(SigBlStatusPrint, 0xCC, sizeof(SigBlStatusPrint), - (VOID*)((UINT8*)ImageBase + CodeSection->VirtualAddress), + (UINT8*)ImageBase + CodeSection->VirtualAddress, CodeSection->SizeOfRawData, (VOID**)&gBlStatusPrint); if (gBlStatusPrint == NULL) @@ -616,7 +616,7 @@ PatchWinload( } // Find winload!OslFwpKernelSetupPhase1 - Status = FindOslFwpKernelSetupPhase1((UINT8*)ImageBase, + Status = FindOslFwpKernelSetupPhase1(ImageBase, NtHeaders, CodeSection, PatternSection, @@ -636,7 +636,7 @@ PatchWinload( CopyMem(gOslFwpKernelSetupPhase1Backup, (VOID*)gOriginalOslFwpKernelSetupPhase1, sizeof(gOslFwpKernelSetupPhase1Backup)); // Place faux call (push addr, ret) at the start of the function to transfer execution to our hook - CopyMem((VOID*)gOriginalOslFwpKernelSetupPhase1, (VOID*)gHookTemplate, sizeof(gHookTemplate)); + CopyMem((VOID*)gOriginalOslFwpKernelSetupPhase1, gHookTemplate, sizeof(gHookTemplate)); *(UINTN*)((UINT8*)gOriginalOslFwpKernelSetupPhase1 + 2) = (UINTN)&HookedOslFwpKernelSetupPhase1; gBS->RestoreTPL(Tpl); @@ -644,7 +644,7 @@ PatchWinload( // Patch ImgpValidateImageHash to allow custom boot loaders. This is completely // optional (unless booting a custom ntoskrnl.exe), and failures are ignored PatchImgpValidateImageHash(WinloadEfi, - (UINT8*)ImageBase, + ImageBase, NtHeaders); if (BuildNumber >= 7600) @@ -652,7 +652,7 @@ PatchWinload( // Patch ImgpFilterValidationFailure so it doesn't silently // rat out every violation to a TPM or SI log. Also optional PatchImgpFilterValidationFailure(WinloadEfi, - (UINT8*)ImageBase, + ImageBase, NtHeaders); } diff --git a/EfiGuardDxe/pe.c b/EfiGuardDxe/pe.c index 9ecaf57..d7c0032 100644 --- a/EfiGuardDxe/pe.c +++ b/EfiGuardDxe/pe.c @@ -107,7 +107,7 @@ GetInputFileType( // Brute force scan .rsrc to check if this is either winload.efi or bootmgr.efi. // We've already eliminated bootmgr and bootmgfw.efi as candidates, so there will be no false positives UINT32 Size = 0; - EFI_IMAGE_RESOURCE_DIRECTORY *ResourceDirTable = (EFI_IMAGE_RESOURCE_DIRECTORY*) + EFI_IMAGE_RESOURCE_DIRECTORY *ResourceDirTable = RtlpImageDirectoryEntryToDataEx(ImageBase, TRUE, EFI_IMAGE_DIRECTORY_ENTRY_RESOURCE, @@ -222,7 +222,7 @@ FindIATAddressForImport( // Get the import descriptor table UINT32 ImportDirSize; - CONST PIMAGE_IMPORT_DESCRIPTOR DescriptorTable = (PIMAGE_IMPORT_DESCRIPTOR) + CONST PIMAGE_IMPORT_DESCRIPTOR DescriptorTable = RtlpImageDirectoryEntryToDataEx(ImageBase, TRUE, EFI_IMAGE_DIRECTORY_ENTRY_IMPORT, @@ -365,10 +365,10 @@ RtlpImageDirectoryEntryToDataEx( *Size = Directories[DirectoryEntry].Size; if (MappedAsImage || Rva < HEADER_FIELD(NtHeaders, SizeOfHeaders)) { - return (VOID*)((UINT8*)(Base) + Rva); + return (UINT8*)(Base) + Rva; } - return (VOID*)((UINT8*)(Base) + RvaToOffset(NtHeaders, Rva)); + return (UINT8*)(Base) + RvaToOffset(NtHeaders, Rva); } // Similar to LdrFindResource_U + LdrAccessResource combined, with some shortcuts for size optimization: @@ -398,7 +398,7 @@ FindResourceDataById( ASSERT((!LDR_IS_DATAFILE(ImageBase))); UINT32 Size = 0; - EFI_IMAGE_RESOURCE_DIRECTORY *ResourceDirTable = (EFI_IMAGE_RESOURCE_DIRECTORY*) + EFI_IMAGE_RESOURCE_DIRECTORY *ResourceDirTable = RtlpImageDirectoryEntryToDataEx(ImageBase, TRUE, EFI_IMAGE_DIRECTORY_ENTRY_RESOURCE, diff --git a/EfiGuardDxe/util.c b/EfiGuardDxe/util.c index 6d45675..011dab2 100644 --- a/EfiGuardDxe/util.c +++ b/EfiGuardDxe/util.c @@ -68,7 +68,7 @@ AppendKernelPatchMessage( gKernelPatchInfo.BufferSize += (NumCharsPrinted * sizeof(CHAR16)); // Paranoid null terminator (UnicodeVSPrint should do this) - *(CHAR16*)(gKernelPatchInfo.Buffer + (gKernelPatchInfo.BufferSize / sizeof(CHAR16))) = CHAR_NULL; + *(gKernelPatchInfo.Buffer + (gKernelPatchInfo.BufferSize / sizeof(CHAR16))) = CHAR_NULL; // Separate the next message using the null terminator. This is because most Print() implementations crap out // after ~4 lines (depending on PCDs), so we will print the final buffer using multiple calls to Print() |