diff options
Diffstat (limited to 'Application/EfiDSEFix/src')
| -rw-r--r-- | Application/EfiDSEFix/src/EfiDSEFix.cpp | 165 | ||||
| -rw-r--r-- | Application/EfiDSEFix/src/EfiDSEFix.exe.manifest | 2 | ||||
| -rw-r--r-- | Application/EfiDSEFix/src/EfiDSEFix.vcxproj | 10 | ||||
| -rw-r--r-- | Application/EfiDSEFix/src/main.cpp | 68 | ||||
| -rw-r--r-- | Application/EfiDSEFix/src/sysinfo.cpp | 6 |
5 files changed, 99 insertions, 152 deletions
diff --git a/Application/EfiDSEFix/src/EfiDSEFix.cpp b/Application/EfiDSEFix/src/EfiDSEFix.cpp index 924f759..03bfbba 100644 --- a/Application/EfiDSEFix/src/EfiDSEFix.cpp +++ b/Application/EfiDSEFix/src/EfiDSEFix.cpp @@ -31,11 +31,11 @@ FindKernelModule( for (ULONG i = 0; i < Modules->NumberOfModules; ++i) { - RTL_PROCESS_MODULE_INFORMATION Module = Modules->Modules[i]; - if (_stricmp(ModuleName, reinterpret_cast<PCHAR>(Module.FullPathName) + Module.OffsetToFileName) == 0) + const PRTL_PROCESS_MODULE_INFORMATION Module = &Modules->Modules[i]; + if (_stricmp(ModuleName, reinterpret_cast<PCHAR>(Module->FullPathName) + Module->OffsetToFileName) == 0) { - *ModuleBase = reinterpret_cast<ULONG_PTR>(Module.ImageBase); - Status = Module.ImageBase == nullptr ? STATUS_NOT_FOUND : STATUS_SUCCESS; + *ModuleBase = reinterpret_cast<ULONG_PTR>(Module->ImageBase); + Status = Module->ImageBase == nullptr ? STATUS_NOT_FOUND : STATUS_SUCCESS; break; } } @@ -48,7 +48,7 @@ Exit: // For Windows Vista/7. Credits: DSEFix by hfiref0x static LONG -QueryCiEnabled( +FindCiEnabled( _In_ PVOID MappedBase, _In_ SIZE_T SizeOfImage, _In_ ULONG_PTR KernelBase, @@ -73,7 +73,7 @@ QueryCiEnabled( // For Windows 8 and worse. Credits: DSEFix by hfiref0x static LONG -QueryCiOptions( +FindCiOptions( _In_ PVOID MappedBase, _In_ ULONG_PTR CiDllBase, _Out_ PULONG_PTR gCiOptionsAddress @@ -183,34 +183,8 @@ QueryCiOptions( } static -BOOLEAN -QueryVbsEnabled( - ) -{ - SYSTEM_CODEINTEGRITY_INFORMATION CodeIntegrityInfo = { sizeof(SYSTEM_CODEINTEGRITY_INFORMATION) }; - NTSTATUS Status = NtQuerySystemInformation(SystemCodeIntegrityInformation, - &CodeIntegrityInfo, - sizeof(CodeIntegrityInfo), - nullptr); - if (NT_SUCCESS(Status) && - (CodeIntegrityInfo.CodeIntegrityOptions & (CODEINTEGRITY_OPTION_HVCI_KMCI_ENABLED | CODEINTEGRITY_OPTION_HVCI_IUM_ENABLED)) != 0) - return TRUE; - - SYSTEM_ISOLATED_USER_MODE_INFORMATION IumInfo = { 0 }; - Status = NtQuerySystemInformation(SystemIsolatedUserModeInformation, - &IumInfo, - sizeof(IumInfo), - nullptr); - if (NT_SUCCESS(Status) && - (IumInfo.SecureKernelRunning || IumInfo.HvciEnabled)) - return TRUE; - - return FALSE; -} - -static NTSTATUS -AnalyzeCi( +FindCiOptionsVariable( _Out_ PVOID *CiOptionsAddress ) { @@ -243,7 +217,7 @@ AnalyzeCi( goto Exit; ULONG_PTR gCiOptionsAddress; - const LONG Relative = QueryCiOptions(MappedBase, CiDllBase, &gCiOptionsAddress); + const LONG Relative = FindCiOptions(MappedBase, CiDllBase, &gCiOptionsAddress); if (Relative != 0) { *CiOptionsAddress = reinterpret_cast<PVOID>(gCiOptionsAddress); @@ -263,7 +237,7 @@ AnalyzeCi( goto Exit; ULONG_PTR gCiEnabledAddress; - const LONG Relative = QueryCiEnabled(MappedBase, ViewSize, KernelBase, &gCiEnabledAddress); + const LONG Relative = FindCiEnabled(MappedBase, ViewSize, KernelBase, &gCiEnabledAddress); if (Relative != 0) { *CiOptionsAddress = reinterpret_cast<PVOID>(gCiEnabledAddress); @@ -281,47 +255,29 @@ Exit: } static -NTSTATUS -SetSystemEnvironmentPrivilege( - _In_ BOOLEAN Enable, - _Out_opt_ PBOOLEAN WasEnabled - ) -{ - if (WasEnabled != nullptr) - *WasEnabled = FALSE; - - BOOLEAN SeSystemEnvironmentWasEnabled; - const NTSTATUS Status = RtlAdjustPrivilege(SE_SYSTEM_ENVIRONMENT_PRIVILEGE, - Enable, - FALSE, - &SeSystemEnvironmentWasEnabled); - - if (NT_SUCCESS(Status) && WasEnabled != nullptr) - *WasEnabled = SeSystemEnvironmentWasEnabled; - - return Status; -} - -static -NTSTATUS -SetDebugPrivilege( - _In_ BOOLEAN Enable, - _Out_opt_ PBOOLEAN WasEnabled +BOOLEAN +IsVbsEnabled( ) { - if (WasEnabled != nullptr) - *WasEnabled = FALSE; - - BOOLEAN SeDebugWasEnabled; - const NTSTATUS Status = RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, - Enable, - FALSE, - &SeDebugWasEnabled); + SYSTEM_CODEINTEGRITY_INFORMATION CodeIntegrityInfo = { sizeof(SYSTEM_CODEINTEGRITY_INFORMATION) }; + NTSTATUS Status = NtQuerySystemInformation(SystemCodeIntegrityInformation, + &CodeIntegrityInfo, + sizeof(CodeIntegrityInfo), + nullptr); + if (NT_SUCCESS(Status) && + (CodeIntegrityInfo.CodeIntegrityOptions & (CODEINTEGRITY_OPTION_HVCI_KMCI_ENABLED | CODEINTEGRITY_OPTION_HVCI_IUM_ENABLED)) != 0) + return TRUE; - if (NT_SUCCESS(Status) && WasEnabled != nullptr) - *WasEnabled = SeDebugWasEnabled; + SYSTEM_ISOLATED_USER_MODE_INFORMATION IumInfo = { 0 }; + Status = NtQuerySystemInformation(SystemIsolatedUserModeInformation, + &IumInfo, + sizeof(IumInfo), + nullptr); + if (NT_SUCCESS(Status) && + (IumInfo.SecureKernelRunning || IumInfo.HvciEnabled)) + return TRUE; - return Status; + return FALSE; } NTSTATUS @@ -330,24 +286,9 @@ TestSetVariableHook( { UINT16 Mz; - // Enable privileges in case we were called directly from the CLI with --check - BOOLEAN SeSystemEnvironmentWasEnabled, SeDebugWasEnabled; - NTSTATUS Status = SetSystemEnvironmentPrivilege(TRUE, &SeSystemEnvironmentWasEnabled); - if (!NT_SUCCESS(Status)) + if (IsVbsEnabled()) { - Printf(L"Fatal error: failed to acquire SE_SYSTEM_ENVIRONMENT_PRIVILEGE. Make sure you are running as administrator.\n"); - return Status; - } - Status = SetDebugPrivilege(TRUE, &SeDebugWasEnabled); - if (!NT_SUCCESS(Status)) - { - Printf(L"Fatal error: failed to acquire SE_DEBUG_PRIVILEGE. Make sure you are running as administrator.\n"); - return Status; - } - - if (QueryVbsEnabled()) - { - Printf(L"Fatal error: VBS (Virtualization Based Security) is enabled and running on this system.\n" + Printf(L"Error: VBS (Virtualization Based Security) is enabled and running on this system.\n" "Attempting to read or write to or from kernel space using EFI runtime services will result in a bugcheck.\n" "Either the EfiGuard DXE driver is not loaded, or it failed to disable VBS during boot.\n" "Not continuing.\n"); @@ -356,19 +297,18 @@ TestSetVariableHook( // Find some kernel address to read ULONG_PTR HalBase; - Status = FindKernelModule("hal.dll", &HalBase); + NTSTATUS Status = FindKernelModule("hal.dll", &HalBase); if (!NT_SUCCESS(Status)) return Status; - // Set up the struct for a backdoor kernel mode read. See TriggerExploit for explanations + // Set up the struct for a backdoor kernel mode read. See WriteToCiOptions for explanations EFIGUARD_BACKDOOR_DATA BackdoorData; RtlZeroMemory(&BackdoorData, sizeof(BackdoorData)); BackdoorData.CookieValue = EFIGUARD_BACKDOOR_COOKIE_VALUE; BackdoorData.KernelAddress = reinterpret_cast<PVOID>(HalBase); BackdoorData.u.Qword = UINT64_MAX; // Bogus value to verify write-back after the read operation - BackdoorData.IsMemCopy = FALSE; - BackdoorData.IsReadOperation = TRUE; BackdoorData.Size = sizeof(UINT16); + BackdoorData.ReadOnly = TRUE; // Call SetVariable() UNICODE_STRING VariableName = RTL_CONSTANT_STRING(EFIGUARD_BACKDOOR_VARIABLE_NAME); @@ -397,7 +337,7 @@ TestSetVariableHook( if (!NT_SUCCESS(Status)) { Printf(L"The EfiGuard DXE driver is either not loaded in SETVARIABLE_HOOK mode, or it is malfunctioning.\n"); - goto Exit; + return Status; } // Check if hal.dll still starts with "MZ" @@ -409,16 +349,12 @@ TestSetVariableHook( Status = STATUS_INVALID_IMAGE_NOT_MZ; // Literally } -Exit: - SetSystemEnvironmentPrivilege(SeSystemEnvironmentWasEnabled, nullptr); - SetDebugPrivilege(SeDebugWasEnabled, nullptr); - return Status; } static NTSTATUS -TriggerExploit( +WriteToCiOptions( _In_ PVOID CiVariableAddress, _In_ ULONG CiOptionsValue, _Out_opt_ PULONG OldCiOptionsValue, @@ -447,9 +383,8 @@ TriggerExploit( BackdoorData.u.s.Dword = static_cast<UINT32>(CiOptionsValue); else if (CiPatchSize == sizeof(UINT8)) BackdoorData.u.s.Byte = static_cast<UINT8>(CiOptionsValue); - BackdoorData.IsMemCopy = FALSE; // This is a scalar operation, not memcpy - BackdoorData.IsReadOperation = ReadOnly; // Specify whether this is a read or a write operation - BackdoorData.Size = CiPatchSize; // This value determines the field (Byte/Word/Dword/Qword) that the value to write will be read from, and written to on return + BackdoorData.Size = CiPatchSize; // Determines which field the value will be read/written from/to + BackdoorData.ReadOnly = ReadOnly; // Whether this is a read or read + write // Call NtSetSystemEnvironmentValueEx -> [...] -> hal!HalSetEnvironmentVariableEx -> hal!HalEfiSetEnvironmentVariable -> EfiRT->SetVariable. // On Windows >= 8 it is possible to use SetFirmwareEnvironmentVariableExW. We use the syscall directly because it exists on Windows 7 and Vista. @@ -475,6 +410,8 @@ TriggerExploit( *OldCiOptionsValue = OldCiOptions; } + RtlZeroMemory(&BackdoorData, sizeof(BackdoorData)); + return STATUS_SUCCESS; } @@ -488,38 +425,18 @@ AdjustCiOptions( if (OldCiOptionsValue != nullptr) *OldCiOptionsValue = CODEINTEGRITY_OPTION_ENABLED; - // Enable privileges - BOOLEAN SeSystemEnvironmentWasEnabled, SeDebugWasEnabled; - NTSTATUS Status = SetSystemEnvironmentPrivilege(TRUE, &SeSystemEnvironmentWasEnabled); - if (!NT_SUCCESS(Status)) - { - Printf(L"Fatal error: failed to acquire SE_SYSTEM_ENVIRONMENT_PRIVILEGE. Make sure you are running as administrator.\n"); - return Status; - } - Status = SetDebugPrivilege(TRUE, &SeDebugWasEnabled); - if (!NT_SUCCESS(Status)) - { - Printf(L"Fatal error: failed to acquire SE_DEBUG_PRIVILEGE. Make sure you are running as administrator.\n"); - return Status; - } - // Find CI!g_CiOptions/nt!g_CiEnabled PVOID CiOptionsAddress; - Status = AnalyzeCi(&CiOptionsAddress); + NTSTATUS Status = FindCiOptionsVariable(&CiOptionsAddress); if (!NT_SUCCESS(Status)) return Status; Printf(L"%ls at 0x%p.\n", (NtCurrentPeb()->OSBuildNumber >= 9200 ? L"CI!g_CiOptions" : L"nt!g_CiEnabled"), CiOptionsAddress); // Enable/disable CI - Status = TriggerExploit(CiOptionsAddress, + Status = WriteToCiOptions(CiOptionsAddress, CiOptionsValue, OldCiOptionsValue, ReadOnly); - - // Revert privileges - SetSystemEnvironmentPrivilege(SeSystemEnvironmentWasEnabled, nullptr); - SetDebugPrivilege(SeDebugWasEnabled, nullptr); - return Status; } diff --git a/Application/EfiDSEFix/src/EfiDSEFix.exe.manifest b/Application/EfiDSEFix/src/EfiDSEFix.exe.manifest index af2f7de..16afbf5 100644 --- a/Application/EfiDSEFix/src/EfiDSEFix.exe.manifest +++ b/Application/EfiDSEFix/src/EfiDSEFix.exe.manifest @@ -3,7 +3,7 @@ <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> - <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> + <requestedExecutionLevel level="asInvoker" uiAccess="false" /> </requestedPrivileges> </security> </trustInfo> diff --git a/Application/EfiDSEFix/src/EfiDSEFix.vcxproj b/Application/EfiDSEFix/src/EfiDSEFix.vcxproj index 44675b5..c588f60 100644 --- a/Application/EfiDSEFix/src/EfiDSEFix.vcxproj +++ b/Application/EfiDSEFix/src/EfiDSEFix.vcxproj @@ -26,6 +26,8 @@ <CharacterSet>Unicode</CharacterSet> <PlatformToolset>v143</PlatformToolset> <SpectreMitigation>false</SpectreMitigation> + <VcpkgEnabled>false</VcpkgEnabled> + <EnableStdModules>false</EnableStdModules> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release (native subsystem)|x64'" Label="Configuration"> <ConfigurationType>Application</ConfigurationType> @@ -34,6 +36,8 @@ <CharacterSet>Unicode</CharacterSet> <PlatformToolset>v143</PlatformToolset> <SpectreMitigation>false</SpectreMitigation> + <VcpkgEnabled>false</VcpkgEnabled> + <EnableStdModules>false</EnableStdModules> </PropertyGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> <ImportGroup Label="ExtensionSettings"> @@ -62,7 +66,7 @@ <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary> <RuntimeTypeInfo>false</RuntimeTypeInfo> <LanguageStandard>stdcpplatest</LanguageStandard> - <AdditionalOptions>/Gw /utf-8 %(AdditionalOptions)</AdditionalOptions> + <AdditionalOptions>/Gw /utf-8 /Zc:threadSafeInit- %(AdditionalOptions)</AdditionalOptions> <BufferSecurityCheck>false</BufferSecurityCheck> <DisableSpecificWarnings>4201</DisableSpecificWarnings> <ExceptionHandling>false</ExceptionHandling> @@ -71,6 +75,7 @@ <AdditionalIncludeDirectories>$(SolutionDir)Include;$(SolutionDir)../MdePkg/Include;$(SolutionDir)../MdePkg/Include/X64;$(SolutionDir)../MdeModulePkg/Include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <IntrinsicFunctions>true</IntrinsicFunctions> <BuildStlModules>false</BuildStlModules> + <EnableModules>false</EnableModules> </ClCompile> <Link> <SubSystem>Console</SubSystem> @@ -101,7 +106,7 @@ <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary> <RuntimeTypeInfo>false</RuntimeTypeInfo> <LanguageStandard>stdcpplatest</LanguageStandard> - <AdditionalOptions>/Gw /utf-8 %(AdditionalOptions)</AdditionalOptions> + <AdditionalOptions>/Gw /utf-8 /Zc:threadSafeInit- %(AdditionalOptions)</AdditionalOptions> <BufferSecurityCheck>false</BufferSecurityCheck> <DisableSpecificWarnings>4201</DisableSpecificWarnings> <ExceptionHandling>false</ExceptionHandling> @@ -110,6 +115,7 @@ <AdditionalIncludeDirectories>$(SolutionDir)Include;$(SolutionDir)../MdePkg/Include;$(SolutionDir)../MdePkg/Include/X64;$(SolutionDir)../MdeModulePkg/Include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <IntrinsicFunctions>true</IntrinsicFunctions> <BuildStlModules>false</BuildStlModules> + <EnableModules>false</EnableModules> </ClCompile> <Link> <SubSystem>Native</SubSystem> diff --git a/Application/EfiDSEFix/src/main.cpp b/Application/EfiDSEFix/src/main.cpp index 50e336a..8cd8cb9 100644 --- a/Application/EfiDSEFix/src/main.cpp +++ b/Application/EfiDSEFix/src/main.cpp @@ -9,13 +9,13 @@ PrintUsage( { const BOOLEAN Win8OrHigher = (RtlNtMajorVersion() >= 6 && RtlNtMinorVersion() >= 2) || RtlNtMajorVersion() > 6; const PCWCHAR CiOptionsName = Win8OrHigher ? L"g_CiOptions" : L"g_CiEnabled"; - Printf(L"\nUsage: %ls [COMMAND]\n\n" - L"Commands:\n\n" - L"-c, --check%17lsTest backdoor hook\n" - L"-r, --read%18lsRead current %ls value\n" - L"-d, --disable%15lsDisable DSE\n" - L"-e, --enable%ls%2ls(Re)enable DSE\n" - L"-i, --info%18lsDump system info\n", + Printf(L"\nUsage: %ls <COMMAND>\n\n" + L"Commands:\n" + L" -c, --check%17lsTest EFI SetVariable hook\n" + L" -r, --read%18lsRead current %ls value\n" + L" -d, --disable%15lsDisable DSE\n" + L" -e, --enable%ls%2ls(Re)enable DSE\n" + L" -i, --info%18lsDump system info\n", ProgramName, L"", L"", CiOptionsName, L"", (Win8OrHigher ? L" [g_CiOptions]" : L" "), @@ -26,14 +26,31 @@ int wmain(int argc, wchar_t** argv) { NT_ASSERT(argc != 0); - if (argc == 1 || argc > 3 || - (argc == 3 && wcstoul(argv[2], nullptr, 16) == 0)) + if (argc <= 1 || argc > 3 || + (argc == 3 && wcstoul(argv[2], nullptr, 16) == 0) || + wcsncmp(argv[1], L"-h", sizeof(L"-h") / sizeof(WCHAR) - 1) == 0 || + wcsncmp(argv[1], L"--help", sizeof(L"--help") / sizeof(WCHAR) - 1) == 0) { // Print help text PrintUsage(argv[0]); return 0; } + // All remaining commands require admin privileges + BOOLEAN SeSystemEnvironmentWasEnabled, SeDebugWasEnabled; + NTSTATUS Status = RtlAdjustPrivilege(SE_SYSTEM_ENVIRONMENT_PRIVILEGE, TRUE, FALSE, &SeSystemEnvironmentWasEnabled); + if (!NT_SUCCESS(Status)) + { + Printf(L"Error: failed to acquire SE_SYSTEM_ENVIRONMENT_PRIVILEGE.\n%ls must be run as Administrator.\n", argv[0]); + return Status; + } + Status = RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, FALSE, &SeDebugWasEnabled); + if (!NT_SUCCESS(Status)) + { + Printf(L"Error: failed to acquire SE_DEBUG_PRIVILEGE.\n%ls must be run as Administrator.\n", argv[0]); + return Status; + } + // Parse command line params const BOOLEAN Win8OrHigher = (RtlNtMajorVersion() >= 6 && RtlNtMinorVersion() >= 2) || RtlNtMajorVersion() > 6; const ULONG EnabledCiOptionsValue = Win8OrHigher ? 0x6 : CODEINTEGRITY_OPTION_ENABLED; @@ -41,15 +58,6 @@ int wmain(int argc, wchar_t** argv) ULONG CiOptionsValue; BOOLEAN ReadOnly = FALSE; - if (wcsncmp(argv[1], L"-c", sizeof(L"-c") / sizeof(WCHAR) - 1) == 0 || - wcsncmp(argv[1], L"--check", sizeof(L"--check") / sizeof(WCHAR) - 1) == 0) - { - Printf(L"Checking for working EFI SetVariable() backdoor...\n"); - const NTSTATUS Status = TestSetVariableHook(); - if (NT_SUCCESS(Status)) // Any errors have already been printed - Printf(L"Success!\n"); - return Status; - } if (wcsncmp(argv[1], L"-r", sizeof(L"-r") / sizeof(WCHAR) - 1) == 0 || wcsncmp(argv[1], L"--read", sizeof(L"--read") / sizeof(WCHAR) - 1) == 0) { @@ -77,20 +85,31 @@ int wmain(int argc, wchar_t** argv) Printf(L"(Re)enabling DSE...\n"); } } + else if (wcsncmp(argv[1], L"-c", sizeof(L"-c") / sizeof(WCHAR) - 1) == 0 || + wcsncmp(argv[1], L"--check", sizeof(L"--check") / sizeof(WCHAR) - 1) == 0) + { + Printf(L"Checking for working EFI SetVariable hook...\n"); + Status = TestSetVariableHook(); + if (NT_SUCCESS(Status)) // Any errors have already been printed + Printf(L"Success.\n"); + goto Exit; + } else if (wcsncmp(argv[1], L"-i", sizeof(L"-i") / sizeof(WCHAR) - 1) == 0 || wcsncmp(argv[1], L"--info", sizeof(L"--info") / sizeof(WCHAR) - 1) == 0) { - return DumpSystemInformation(); + Status = DumpSystemInformation(); + goto Exit; } else { PrintUsage(argv[0]); - return STATUS_INVALID_PARAMETER; + Status = STATUS_INVALID_PARAMETER; + goto Exit; } - // Trigger EFI driver exploit and write new value to g_CiOptions/g_CiEnabled + // Call EFI runtime SetVariable service and write new value to g_CiOptions/g_CiEnabled ULONG OldCiOptionsValue; - const NTSTATUS Status = AdjustCiOptions(CiOptionsValue, &OldCiOptionsValue, ReadOnly); + Status = AdjustCiOptions(CiOptionsValue, &OldCiOptionsValue, ReadOnly); // Print result if (!NT_SUCCESS(Status)) @@ -105,6 +124,11 @@ int wmain(int argc, wchar_t** argv) Printf(L"Successfully %ls DSE. Original", CiOptionsValue == 0 ? L"disabled" : L"(re)enabled"); Printf(L" %ls value: 0x%lX\n", CiOptionsName, OldCiOptionsValue); } + +Exit: + RtlAdjustPrivilege(SE_SYSTEM_ENVIRONMENT_PRIVILEGE, SeSystemEnvironmentWasEnabled, FALSE, &SeSystemEnvironmentWasEnabled); + RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, SeDebugWasEnabled, FALSE, &SeDebugWasEnabled); + return Status; } diff --git a/Application/EfiDSEFix/src/sysinfo.cpp b/Application/EfiDSEFix/src/sysinfo.cpp index 6b236e4..a0ad289 100644 --- a/Application/EfiDSEFix/src/sysinfo.cpp +++ b/Application/EfiDSEFix/src/sysinfo.cpp @@ -75,10 +75,10 @@ DumpSystemInformation( Printf(L"SystemModuleInformation: %08lX\n\n", Status); else { - const RTL_PROCESS_MODULE_INFORMATION Ntoskrnl = ModuleInfo->Modules[0]; + const PRTL_PROCESS_MODULE_INFORMATION Ntoskrnl = &ModuleInfo->Modules[0]; Printf(L"SystemModuleInformation:\n\t- Kernel: %S (%S)\n\n", - reinterpret_cast<PCCH>(Ntoskrnl.FullPathName + Ntoskrnl.OffsetToFileName), - reinterpret_cast<PCCH>(Ntoskrnl.FullPathName)); + reinterpret_cast<PCCH>(Ntoskrnl->FullPathName + Ntoskrnl->OffsetToFileName), + reinterpret_cast<PCCH>(Ntoskrnl->FullPathName)); } RtlFreeHeap(RtlProcessHeap(), 0, ModuleInfo); } |