diff options
| author | segfault <toni@impl.cc> | 2020-10-11 13:17:25 -0700 |
|---|---|---|
| committer | segfault <toni@impl.cc> | 2020-10-11 13:17:25 -0700 |
| commit | 639f1137e3f7e5ef845e3f69ad34b514749c87fc (patch) | |
| tree | 7d3a43a433b1c0b5e3e77dc7becf4653eb90abd4 | |
| parent | 780127138ef45e4e0baee5a8616bd5c335f5ebe6 (diff) | |
Added code de/encryption on function level (WiP).
| -rw-r--r-- | KMemDriver/Crypto.c | 15 | ||||
| -rw-r--r-- | KMemDriver/Crypto.h | 18 | ||||
| -rw-r--r-- | KMemDriver/KMemDriver.c | 4 | ||||
| -rw-r--r-- | KMemDriver/KMemDriver.vcxproj | 2 | ||||
| -rw-r--r-- | KMemDriver/KMemDriver.vcxproj.filters | 6 |
5 files changed, 44 insertions, 1 deletions
diff --git a/KMemDriver/Crypto.c b/KMemDriver/Crypto.c new file mode 100644 index 0000000..1999d5f --- /dev/null +++ b/KMemDriver/Crypto.c @@ -0,0 +1,15 @@ +#include "Crypto.h" + +struct crypt_data { + UINT64 key; + UINT8 crypted; + UINT32 marker; +}; + +#define MAX_CRYPTED_FUNCTIONS 64 +static struct crypt_data data[MAX_CRYPTED_FUNCTIONS]; +static size_t data_used = 0; + +void crypt_fn(void) +{ +}
\ No newline at end of file diff --git a/KMemDriver/Crypto.h b/KMemDriver/Crypto.h new file mode 100644 index 0000000..09413aa --- /dev/null +++ b/KMemDriver/Crypto.h @@ -0,0 +1,18 @@ +#pragma once + +#include <ntddk.h> + +void crypt_fn(void); + +#define CRYPT_PROLOGUE() \ + do { \ + crypt_fn(); \ + volatile UINT64 index_and_marker = { 0x11111111C0DEC0DE }; \ + UNREFERENCED_PARAMETER(index_and_marker); \ + } while (0) +#define CRYPT_EPILOGUE() \ + do { \ + volatile UINT32 marker = 0xDEADDEAD;\ + UNREFERENCED_PARAMETER(marker); \ + crypt_fn(); \ + } while (0)
\ No newline at end of file diff --git a/KMemDriver/KMemDriver.c b/KMemDriver/KMemDriver.c index 3865b67..921ab0f 100644 --- a/KMemDriver/KMemDriver.c +++ b/KMemDriver/KMemDriver.c @@ -1,6 +1,7 @@ #include "KMemDriver.h" #include "Imports.h" #include "Native.h" +#include "Crypto.h" #include <ntddk.h> #include <Ntstrsafe.h> @@ -164,6 +165,7 @@ NTSTATUS DriverEntry( _In_ PUNICODE_STRING RegistryPath ) { + CRYPT_PROLOGUE(); NTSTATUS status; HANDLE hThread = NULL; CLIENT_ID clientID = { 0 }; @@ -183,8 +185,8 @@ NTSTATUS DriverEntry( if (!NT_SUCCESS(status)) { KDBG("Failed to create worker thread. Status: 0x%X\n", status); - return status; } + CRYPT_EPILOGUE(); return status; } diff --git a/KMemDriver/KMemDriver.vcxproj b/KMemDriver/KMemDriver.vcxproj index 0c97b63..0161cdf 100644 --- a/KMemDriver/KMemDriver.vcxproj +++ b/KMemDriver/KMemDriver.vcxproj @@ -173,12 +173,14 @@ <FilesToPackage Include="$(TargetPath)" /> </ItemGroup> <ItemGroup> + <ClCompile Include="Crypto.c" /> <ClCompile Include="KMemDriver.c" /> <ClCompile Include="Memory.c" /> <ClCompile Include="VAD.c" /> </ItemGroup> <ItemGroup> <ClInclude Include="..\include\KMemDriver.h" /> + <ClInclude Include="Crypto.h" /> <ClInclude Include="Imports.h" /> <ClInclude Include="Native.h" /> </ItemGroup> diff --git a/KMemDriver/KMemDriver.vcxproj.filters b/KMemDriver/KMemDriver.vcxproj.filters index ff05a79..a02c6eb 100644 --- a/KMemDriver/KMemDriver.vcxproj.filters +++ b/KMemDriver/KMemDriver.vcxproj.filters @@ -20,6 +20,9 @@ <ClInclude Include="..\include\KMemDriver.h"> <Filter>Header Files</Filter> </ClInclude> + <ClInclude Include="Crypto.h"> + <Filter>Header Files</Filter> + </ClInclude> </ItemGroup> <ItemGroup> <ClCompile Include="KMemDriver.c"> @@ -31,6 +34,9 @@ <ClCompile Include="VAD.c"> <Filter>Source Files</Filter> </ClCompile> + <ClCompile Include="Crypto.c"> + <Filter>Source Files</Filter> + </ClCompile> </ItemGroup> <ItemGroup> <MASM Include="Utils.asm"> |