diff options
| author | segfault <toni@impl.cc> | 2021-01-11 13:24:35 +0100 |
|---|---|---|
| committer | segfault <toni@impl.cc> | 2021-01-11 13:24:35 +0100 |
| commit | 89ec896bede35949a43a41e779aadb11fe16f9a2 (patch) | |
| tree | 5edea9bf65457340d2891d2864233b6f4a40c943 /KMemDriver | |
| parent | 0ede1cd40edc539764de998e373acd57f87403f1 (diff) | |
Added new MemDriverLib functions to determine if a page is freed/reserved.
* added PAGES/RPM tests
* increased memory for ZwQuerySystemInformation in GetProcesses
Diffstat (limited to 'KMemDriver')
| -rw-r--r-- | KMemDriver/KMemDriver.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/KMemDriver/KMemDriver.c b/KMemDriver/KMemDriver.c index f574e17..edcf834 100644 --- a/KMemDriver/KMemDriver.c +++ b/KMemDriver/KMemDriver.c @@ -179,6 +179,7 @@ NTSTATUS GetProcesses(OUT PROCESS_DATA* procs, IN OUT SIZE_T* psiz) return status; } + mem_needed += 16 * sizeof(SYSTEM_PROCESS_INFORMATION); if (mem_needed / sizeof(SYSTEM_PROCESS_INFORMATION) > max_siz / sizeof(PROCESS_DATA)) { KDBG("NtQuerySystemInformation buffer too small\n", status); return STATUS_BUFFER_TOO_SMALL; @@ -554,11 +555,11 @@ NTSTATUS KRThread(IN PVOID pArg) } ULONG new_prot = PAGE_EXECUTE_READWRITE, old_prot = 0; KeProtectVirtualMemory(lastPROC, rr->Address, rr->SizeReq, new_prot, &old_prot); - KDBG("RPM to 0x%p size 0x%X bytes (protection before/after: 0x%X/0x%X)\n", - rr->Address, rr->SizeReq, old_prot, new_prot); rr->StatusRes = KeReadVirtualMemory(lastPEP, (PVOID)rr->Address, (PVOID)((ULONG_PTR)shm_buf + sizeof * rr), &siz); KeRestoreProtectVirtualMemory(lastPROC, rr->Address, rr->SizeReq, old_prot); + KDBG("RPM to 0x%p size 0x%X bytes returned 0x%X (protection before/after: 0x%X/0x%X)\n", + rr->Address, rr->SizeReq, rr->StatusRes, old_prot, new_prot); if (NT_SUCCESS(rr->StatusRes)) { rr->SizeRes = siz; @@ -589,11 +590,11 @@ NTSTATUS KRThread(IN PVOID pArg) } ULONG new_prot = PAGE_EXECUTE_READWRITE, old_prot = 0; KeProtectVirtualMemory(lastPROC, wr->Address, wr->SizeReq, new_prot, &old_prot); - KDBG("WPM to 0x%p size 0x%X bytes (protection before/after: 0x%X/0x%X)\n", - wr->Address, wr->SizeReq, old_prot, new_prot); wr->StatusRes = KeWriteVirtualMemory(lastPEP, (PVOID)((ULONG_PTR)shm_buf + sizeof * wr), (PVOID)wr->Address, &siz); KeRestoreProtectVirtualMemory(lastPROC, wr->Address, wr->SizeReq, old_prot); + KDBG("WPM to 0x%p size 0x%X bytes returned 0x%X (protection before/after: 0x%X/0x%X)\n", + wr->Address, wr->SizeReq, wr->StatusRes, old_prot, new_prot); if (NT_SUCCESS(wr->StatusRes)) { wr->SizeRes = siz; |