diff options
| author | Matthijs Lavrijsen <mattiwatti@gmail.com> | 2021-01-30 04:42:06 +0100 |
|---|---|---|
| committer | Matthijs Lavrijsen <mattiwatti@gmail.com> | 2021-01-30 04:42:06 +0100 |
| commit | f8ca8c0c008980352c2b3eee6eda21f395bde4cf (patch) | |
| tree | 85338bffac330fd39700d45c6c0828d83d3651d6 /EfiGuardDxe/PatchWinload.c | |
| parent | dceaa9c1c416fc68e3a9e29db34cd04d83cb76ec (diff) | |
Use PE runtime function tables for finding function start addressesv1.1.1
Diffstat (limited to 'EfiGuardDxe/PatchWinload.c')
| -rw-r--r-- | EfiGuardDxe/PatchWinload.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/EfiGuardDxe/PatchWinload.c b/EfiGuardDxe/PatchWinload.c index 2182fb9..a36f8b6 100644 --- a/EfiGuardDxe/PatchWinload.c +++ b/EfiGuardDxe/PatchWinload.c @@ -191,7 +191,7 @@ PatchImgpValidateImageHash( } // Backtrack to function start - CONST UINT8* ImgpValidateImageHash = BacktrackToFunctionStart(AndMinusFortyOneAddress, CodeStartVa); + CONST UINT8* ImgpValidateImageHash = BacktrackToFunctionStart(ImageBase, NtHeaders, AndMinusFortyOneAddress); if (ImgpValidateImageHash == NULL) { Print(L" Failed to find %S!ImgpValidateImageHash%S.\r\n", @@ -329,7 +329,7 @@ PatchImgpFilterValidationFailure( } // Backtrack to function start - CONST UINT8* ImgpFilterValidationFailure = BacktrackToFunctionStart(LeaIntegrityFailureAddress, LeaIntegrityFailureAddress - Length); + CONST UINT8* ImgpFilterValidationFailure = BacktrackToFunctionStart(ImageBase, NtHeaders, LeaIntegrityFailureAddress); if (ImgpFilterValidationFailure == NULL) { Print(L" Failed to find %S!ImgpFilterValidationFailure%S.\r\n", @@ -380,7 +380,7 @@ FindOslFwpKernelSetupPhase1( if (!EFI_ERROR(Status)) { // Found signature; backtrack to function start - *OslFwpKernelSetupPhase1Address = BacktrackToFunctionStart(Found, Found - 0x400); + *OslFwpKernelSetupPhase1Address = BacktrackToFunctionStart(ImageBase, NtHeaders, Found); if (*OslFwpKernelSetupPhase1Address != NULL) { Print(L"\r\nFound OslFwpKernelSetupPhase1 at 0x%llX.\r\n", (UINTN)(*OslFwpKernelSetupPhase1Address)); @@ -479,7 +479,7 @@ FindOslFwpKernelSetupPhase1( return EFI_NOT_FOUND; } - CONST UINT8* EfipGetRsdt = BacktrackToFunctionStart(LeaEfiAcpiTableGuidAddress, LeaEfiAcpiTableGuidAddress - Length); + CONST UINT8* EfipGetRsdt = BacktrackToFunctionStart(ImageBase, NtHeaders, LeaEfiAcpiTableGuidAddress); if (EfipGetRsdt == NULL) { Print(L" Failed to find EfipGetRsdt.\r\n"); @@ -516,7 +516,7 @@ FindOslFwpKernelSetupPhase1( OperandAddress == (UINTN)EfipGetRsdt) { // Calculate the distance from the start of the function to the instruction. OslFwpKernelSetupPhase1 will always have the shortest distance - CONST UINTN StartOfFunction = (UINTN)BacktrackToFunctionStart((UINT8*)InstructionAddress, (UINT8*)InstructionAddress - Length); + CONST UINTN StartOfFunction = (UINTN)BacktrackToFunctionStart(ImageBase, NtHeaders, (UINT8*)InstructionAddress); CONST UINTN Distance = InstructionAddress - StartOfFunction; if (Distance < ShortestDistanceToCall) { |