implemented MEM_VUNLINK

author: Toni Uhlig <matzeton@googlemail.com> 2019-09-17 20:34:52 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2019-09-17 20:34:52 +0200
commit: ee44c3149440053cc1c941b08e962197b9bf20f8 (patch)
tree: ae3b7a52618c4277188eb828a84b8aff7cd8a98f /KMemDriver
parent: d4fc35fe9232df78521d7b51daf100b031814822 (diff)
1 files changed, 15 insertions, 3 deletions
diff --git a/KMemDriver/KMemDriver.c b/KMemDriver/KMemDriver.c
index 9c6065b..aa96ecc 100644
--- a/KMemDriver/KMemDriver.c
+++ b/KMemDriver/KMemDriver.c
@@ -620,7 +620,19 @@ NTSTATUS KRThread(IN PVOID pArg)
 						break;
 					}
 					case MEM_VUNLINK: {
-						KDBG("Not Implemented request ..\n");
+						PKERNEL_VUNLINK_REQUEST vr = (PKERNEL_VUNLINK_REQUEST)shm_buf;
+						KDBG("Got a VUNLINK to process 0x%X, address 0x%p\n",
+							vr->ProcessId, vr->Address);
+						if (!NT_SUCCESS(UpdatePPEPIfRequired(vr->ProcessId,
+							lastPID, &lastPROC, &lastPEP)))
+						{
+							running = 0;
+							break;
+						}
+						vr->StatusRes = VADUnlink(lastPEP, (ULONG_PTR)vr->Address);
+
+						siz = sizeof *vr;
+						KeWriteVirtualMemory(ctrlPEP, vr, (PVOID)SHMEM_ADDR, &siz);
 						break;
 					}
 					case MEM_EXIT:
@@ -725,7 +737,7 @@ NTSTATUS UpdatePPEPIfRequired(
 				if (!NT_SUCCESS(FreeMemoryFromProcess(*lastPEP, addr, size)))
 				{
 					KDBG("VAD Test Free failed: 0x%p (status: 0x%X)\n", addr, status);
-			}
+				}
 #endif
 #endif
 #if 0
@@ -741,9 +753,9 @@ NTSTATUS UpdatePPEPIfRequired(
 				PVOID handleTable = (PVOID)((ULONG_PTR)pep + 0x418);
 				KDBG("lastPROC HandleTableEntry: %p\n", ExpLookupHandleTableEntry(handleTable, *lastPROC));
 #endif
+			}
 		}
 	}
-}
 	return status;
 }
author	Toni Uhlig <matzeton@googlemail.com>	2019-09-17 20:34:52 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2019-09-17 20:34:52 +0200
commit	ee44c3149440053cc1c941b08e962197b9bf20f8 (patch)
tree	ae3b7a52618c4277188eb828a84b8aff7cd8a98f /KMemDriver
parent	d4fc35fe9232df78521d7b51daf100b031814822 (diff)