diff options
| author | Toni Uhlig <matzeton@googlemail.com> | 2020-10-11 22:21:12 +0200 |
|---|---|---|
| committer | Toni Uhlig <matzeton@googlemail.com> | 2020-10-11 22:21:12 +0200 |
| commit | f5273bfb19ff64c6c66b41774bf0b668e9c6e477 (patch) | |
| tree | ba619969e7345b2fa87f8fcabaa4d5b9c8ac6f22 | |
| parent | b9acc84805661ed644b2d14daad4c8ce1c55b916 (diff) | |
| parent | 639f1137e3f7e5ef845e3f69ad34b514749c87fc (diff) | |
Merge remote-tracking branch 'impl/VS-2017'
| -rw-r--r-- | KMemDriver/Crypto.c | 15 | ||||
| -rw-r--r-- | KMemDriver/Crypto.h | 18 | ||||
| -rw-r--r-- | KMemDriver/KMemDriver.c | 9 | ||||
| -rw-r--r-- | KMemDriver/KMemDriver.vcxproj | 7 | ||||
| -rw-r--r-- | KMemDriver/KMemDriver.vcxproj.filters | 11 | ||||
| -rw-r--r-- | KMemDriver/Utils.asm | 11 |
6 files changed, 69 insertions, 2 deletions
diff --git a/KMemDriver/Crypto.c b/KMemDriver/Crypto.c new file mode 100644 index 0000000..1999d5f --- /dev/null +++ b/KMemDriver/Crypto.c @@ -0,0 +1,15 @@ +#include "Crypto.h" + +struct crypt_data { + UINT64 key; + UINT8 crypted; + UINT32 marker; +}; + +#define MAX_CRYPTED_FUNCTIONS 64 +static struct crypt_data data[MAX_CRYPTED_FUNCTIONS]; +static size_t data_used = 0; + +void crypt_fn(void) +{ +}
\ No newline at end of file diff --git a/KMemDriver/Crypto.h b/KMemDriver/Crypto.h new file mode 100644 index 0000000..09413aa --- /dev/null +++ b/KMemDriver/Crypto.h @@ -0,0 +1,18 @@ +#pragma once + +#include <ntddk.h> + +void crypt_fn(void); + +#define CRYPT_PROLOGUE() \ + do { \ + crypt_fn(); \ + volatile UINT64 index_and_marker = { 0x11111111C0DEC0DE }; \ + UNREFERENCED_PARAMETER(index_and_marker); \ + } while (0) +#define CRYPT_EPILOGUE() \ + do { \ + volatile UINT32 marker = 0xDEADDEAD;\ + UNREFERENCED_PARAMETER(marker); \ + crypt_fn(); \ + } while (0)
\ No newline at end of file diff --git a/KMemDriver/KMemDriver.c b/KMemDriver/KMemDriver.c index 741f932..921ab0f 100644 --- a/KMemDriver/KMemDriver.c +++ b/KMemDriver/KMemDriver.c @@ -1,6 +1,7 @@ #include "KMemDriver.h" #include "Imports.h" #include "Native.h" +#include "Crypto.h" #include <ntddk.h> #include <Ntstrsafe.h> @@ -26,6 +27,8 @@ #define WAIT_OBJECT_0 ((STATUS_WAIT_0 ) + 0 ) +extern PVOID getCurrentRIP(void); + DRIVER_INITIALIZE DriverEntry; #pragma alloc_text(INIT, DriverEntry) void OnImageLoad( @@ -162,6 +165,7 @@ NTSTATUS DriverEntry( _In_ PUNICODE_STRING RegistryPath ) { + CRYPT_PROLOGUE(); NTSTATUS status; HANDLE hThread = NULL; CLIENT_ID clientID = { 0 }; @@ -181,10 +185,9 @@ NTSTATUS DriverEntry( if (!NT_SUCCESS(status)) { KDBG("Failed to create worker thread. Status: 0x%X\n", status); - return status; } + CRYPT_EPILOGUE(); - FNZERO(DriverEntry); return status; } @@ -195,6 +198,8 @@ NTSTATUS WaitForControlProcess(OUT PEPROCESS *ppEProcess) if (!ppEProcess) return STATUS_INVALID_ADDRESS; + KDBG("CurrentRIP: %p\n", getCurrentRIP()); + imageBase = NULL; ctrlPID = NULL; diff --git a/KMemDriver/KMemDriver.vcxproj b/KMemDriver/KMemDriver.vcxproj index 5264a6f..0161cdf 100644 --- a/KMemDriver/KMemDriver.vcxproj +++ b/KMemDriver/KMemDriver.vcxproj @@ -173,15 +173,22 @@ <FilesToPackage Include="$(TargetPath)" /> </ItemGroup> <ItemGroup> + <ClCompile Include="Crypto.c" /> <ClCompile Include="KMemDriver.c" /> <ClCompile Include="Memory.c" /> <ClCompile Include="VAD.c" /> </ItemGroup> <ItemGroup> <ClInclude Include="..\include\KMemDriver.h" /> + <ClInclude Include="Crypto.h" /> <ClInclude Include="Imports.h" /> <ClInclude Include="Native.h" /> </ItemGroup> + <ItemGroup> + <MASM Include="Utils.asm"> + <GenerateDebugInformation Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</GenerateDebugInformation> + </MASM> + </ItemGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> <ImportGroup Label="ExtensionTargets"> </ImportGroup> diff --git a/KMemDriver/KMemDriver.vcxproj.filters b/KMemDriver/KMemDriver.vcxproj.filters index e69aafd..a02c6eb 100644 --- a/KMemDriver/KMemDriver.vcxproj.filters +++ b/KMemDriver/KMemDriver.vcxproj.filters @@ -20,6 +20,9 @@ <ClInclude Include="..\include\KMemDriver.h"> <Filter>Header Files</Filter> </ClInclude> + <ClInclude Include="Crypto.h"> + <Filter>Header Files</Filter> + </ClInclude> </ItemGroup> <ItemGroup> <ClCompile Include="KMemDriver.c"> @@ -31,5 +34,13 @@ <ClCompile Include="VAD.c"> <Filter>Source Files</Filter> </ClCompile> + <ClCompile Include="Crypto.c"> + <Filter>Source Files</Filter> + </ClCompile> + </ItemGroup> + <ItemGroup> + <MASM Include="Utils.asm"> + <Filter>Source Files</Filter> + </MASM> </ItemGroup> </Project>
\ No newline at end of file diff --git a/KMemDriver/Utils.asm b/KMemDriver/Utils.asm new file mode 100644 index 0000000..d95a64e --- /dev/null +++ b/KMemDriver/Utils.asm @@ -0,0 +1,11 @@ +PUBLIC getCurrentRIP + +.code _text + +getCurrentRIP PROC PUBLIC +pop rax +push rax +ret +getCurrentRIP ENDP + +END
\ No newline at end of file |