diff options
| author | Matthijs Lavrijsen <mattiwatti@gmail.com> | 2021-01-30 04:42:06 +0100 |
|---|---|---|
| committer | Matthijs Lavrijsen <mattiwatti@gmail.com> | 2021-01-30 04:42:06 +0100 |
| commit | f8ca8c0c008980352c2b3eee6eda21f395bde4cf (patch) | |
| tree | 85338bffac330fd39700d45c6c0828d83d3651d6 /EfiGuardDxe/PatchNtoskrnl.c | |
| parent | dceaa9c1c416fc68e3a9e29db34cd04d83cb76ec (diff) | |
Use PE runtime function tables for finding function start addressesv1.1.1
Diffstat (limited to 'EfiGuardDxe/PatchNtoskrnl.c')
| -rw-r--r-- | EfiGuardDxe/PatchNtoskrnl.c | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/EfiGuardDxe/PatchNtoskrnl.c b/EfiGuardDxe/PatchNtoskrnl.c index 1ddb0c8..ac8f181 100644 --- a/EfiGuardDxe/PatchNtoskrnl.c +++ b/EfiGuardDxe/PatchNtoskrnl.c @@ -110,8 +110,7 @@ DisablePatchGuard( } // Backtrack to function start - UINT8* KeInitAmd64SpecificState = BacktrackToFunctionStart(KeInitAmd64SpecificStatePatternAddress, - (UINT8*)(KeInitAmd64SpecificStatePatternAddress - StartVa)); + UINT8* KeInitAmd64SpecificState = BacktrackToFunctionStart(ImageBase, NtHeaders, KeInitAmd64SpecificStatePatternAddress); if (KeInitAmd64SpecificState == NULL) { PRINT_KERNEL_PATCH_MSG(L" Failed to find KeInitAmd64SpecificState%S.\r\n", @@ -202,8 +201,7 @@ DisablePatchGuard( } // Backtrack to function start - UINT8* CcInitializeBcbProfiler = BacktrackToFunctionStart(CcInitializeBcbProfilerPatternAddress, - (UINT8*)(CcInitializeBcbProfilerPatternAddress - StartVa)); + UINT8* CcInitializeBcbProfiler = BacktrackToFunctionStart(ImageBase, NtHeaders, CcInitializeBcbProfilerPatternAddress); if (CcInitializeBcbProfiler == NULL) { PRINT_KERNEL_PATCH_MSG(L" Failed to find %S%S.\r\n", @@ -249,8 +247,7 @@ DisablePatchGuard( } // Backtrack to function start - ExpLicenseWatchInitWorker = BacktrackToFunctionStart(ExpLicenseWatchInitWorkerPatternAddress, - (UINT8*)(ExpLicenseWatchInitWorkerPatternAddress - StartVa)); + ExpLicenseWatchInitWorker = BacktrackToFunctionStart(ImageBase, NtHeaders, ExpLicenseWatchInitWorkerPatternAddress); if (ExpLicenseWatchInitWorker == NULL) { PRINT_KERNEL_PATCH_MSG(L" Failed to find ExpLicenseWatchInitWorker%S.\r\n", @@ -279,8 +276,7 @@ DisablePatchGuard( PRINT_KERNEL_PATCH_MSG(L" Found KiVerifyScopesExecute pattern at 0x%llX.\r\n", (UINTN)KiVerifyScopesExecutePatternAddress); // Backtrack to function start - KiVerifyScopesExecute = BacktrackToFunctionStart(KiVerifyScopesExecutePatternAddress, - (UINT8*)(KiVerifyScopesExecutePatternAddress - StartVa)); + KiVerifyScopesExecute = BacktrackToFunctionStart(ImageBase, NtHeaders, KiVerifyScopesExecutePatternAddress); if (KiVerifyScopesExecute == NULL) { PRINT_KERNEL_PATCH_MSG(L" Failed to find KiVerifyScopesExecute.\r\n"); @@ -352,10 +348,8 @@ DisablePatchGuard( } // Backtrack to function start - KiMcaDeferredRecoveryServiceCallers[0] = BacktrackToFunctionStart(KiMcaDeferredRecoveryServiceCallers[0], - (UINT8*)(KiMcaDeferredRecoveryServiceCallers[0] - StartVa)); - KiMcaDeferredRecoveryServiceCallers[1] = BacktrackToFunctionStart(KiMcaDeferredRecoveryServiceCallers[1], - (UINT8*)(KiMcaDeferredRecoveryServiceCallers[1] - StartVa)); + KiMcaDeferredRecoveryServiceCallers[0] = BacktrackToFunctionStart(ImageBase, NtHeaders, KiMcaDeferredRecoveryServiceCallers[0]); + KiMcaDeferredRecoveryServiceCallers[1] = BacktrackToFunctionStart(ImageBase, NtHeaders, KiMcaDeferredRecoveryServiceCallers[1]); if (KiMcaDeferredRecoveryServiceCallers[0] == NULL || KiMcaDeferredRecoveryServiceCallers[1] == NULL) { PRINT_KERNEL_PATCH_MSG(L" Failed to find KiMcaDeferredRecoveryService callers.\r\n"); |