Removed unused / unstable / untested features.

author: segfault <toni@impl.cc> 2021-04-23 13:16:47 +0200
committer: segfault <toni@impl.cc> 2021-04-23 13:16:47 +0200
commit: efdfbef8a67467fac3d19eaf036963cdbece59e6 (patch)
tree: 8b5f1b3fe4194f6e623250b94490b8a2c31ed9ba /KMemDriver
parent: 791a8c5475e2291ff2c2526a1468ff42fc0328c8 (diff)
10 files changed, 0 insertions, 631 deletions
diff --git a/KMemDriver/Crypto.c b/KMemDriver/Crypto.c
deleted file mode 100644
index 3d4c35e..0000000
--- a/KMemDriver/Crypto.c
+++ /dev/null
@@ -1,37 +0,0 @@
-#include "Crypto.h"
-
-#include <stdarg.h>
-
-struct crypt_data {
-	UINT64 key;
-	UINT8 crypted;
-	UINT8 used;
-};
-
-static struct crypt_data* data = NULL;
-static size_t data_used = 0;
-
-void CryptoInit(PVOID fn, ...)
-{
-	SIZE_T functions = 0;
-	va_list ap;
-
-	va_start(ap, fn);
-	while (va_arg(ap, PVOID) != NULL)
-	{
-		functions++;
-	}
-	va_end(ap);
-
-	va_start(ap, fn);
-	PVOID f;
-	while ((f = va_arg(ap, PVOID)) != NULL)
-	{
-	}
-	va_end(ap);
-}
-
-void CryptoDo(PVOID fn)
-{
-	UNREFERENCED_PARAMETER(fn);
-}
-\ No newline at end of file
diff --git a/KMemDriver/Crypto.h b/KMemDriver/Crypto.h
deleted file mode 100644
index 8314caa..0000000
--- a/KMemDriver/Crypto.h
+++ /dev/null
@@ -1,19 +0,0 @@
-#pragma once
-
-#include <ntddk.h>
-
-void CryptoInit(PVOID fn, ...);
-void CryptoDo(PVOID fn);
-
-#define CRYPTO_FNPTR(fn) ((PVOID)fn)
-
-#define CRYPT_PROLOGUE() \
-	do { \
-		volatile UINT64 index_and_marker = { 0x11111111C0DEC0DE }; \
-		UNREFERENCED_PARAMETER(index_and_marker); \
-	} while (0)
-#define CRYPT_EPILOGUE() \
-	do { \
-		volatile UINT32 marker = 0xDEADDEAD;\
-		UNREFERENCED_PARAMETER(marker); \
-	} while (0)
-\ No newline at end of file
diff --git a/KMemDriver/Imports.h b/KMemDriver/Imports.h
index 48bc882..265a556 100644
--- a/KMemDriver/Imports.h
+++ b/KMemDriver/Imports.h
@@ -140,14 +140,6 @@ PVOID
 NTAPI
 PsGetProcessWow64Process(IN PEPROCESS Process);
 
-NTSYSAPI
-PVOID
-NTAPI
-RtlAvlRemoveNode(
-	IN PRTL_AVL_TREE pTree,
-	IN PMMADDRESS_NODE pNode
-);
-
 __kernel_entry
 NTSTATUS
 ZwQuerySystemInformation(
diff --git a/KMemDriver/KMemDriver.c b/KMemDriver/KMemDriver.c
index 7639d8f..80dc135 100644
--- a/KMemDriver/KMemDriver.c
+++ b/KMemDriver/KMemDriver.c
@@ -1,7 +1,6 @@
 #include "KMemDriver.h"
 #include "Imports.h"
 #include "Native.h"
-#include "Crypto.h"
 
 #include <ntddk.h>
 #include <Ntstrsafe.h>
@@ -79,29 +78,6 @@ NTSTATUS GetDriverObject(
 	IN WCHAR* DriverDirName
 );
 NTSTATUS KRThread(IN PVOID pArg);
-TABLE_SEARCH_RESULT VADFindNodeOrParent(
-	IN PMM_AVL_TABLE Table,
-	IN ULONG_PTR StartingVpn,
-	OUT PMMADDRESS_NODE* NodeOrParent
-);
-NTSTATUS VADFind(
-	IN PEPROCESS pProcess,
-	IN ULONG_PTR address,
-	OUT PMMVAD_SHORT* pResult
-);
-NTSTATUS VADProtect(
-	IN PEPROCESS pProcess,
-	IN ULONG_PTR address,
-	IN ULONG prot
-);
-NTSTATUS VADUnlink(
-	IN PEPROCESS pProcess,
-	IN ULONG_PTR address
-);
-PHANDLE_TABLE_ENTRY ExpLookupHandleTableEntry(
-	PVOID pHandleTable,
-	HANDLE handle
-);
 
 #pragma alloc_text(PAGE, WaitForControlProcess)
 #pragma alloc_text(PAGE, VerifyControlProcess)
@@ -119,11 +95,6 @@ PHANDLE_TABLE_ENTRY ExpLookupHandleTableEntry(
 #pragma alloc_text(PAGE, FreeMemoryFromProcess)
 #pragma alloc_text(PAGE, GetDriverObject)
 #pragma alloc_text(PAGE, KRThread)
-#pragma alloc_text(PAGE, VADFindNodeOrParent)
-#pragma alloc_text(PAGE, VADFind)
-#pragma alloc_text(PAGE, VADProtect)
-#pragma alloc_text(PAGE, VADUnlink)
-#pragma alloc_text(PAGE, ExpLookupHandleTableEntry)
 
 static void fn_zero_text(PVOID fn_start);
 static HANDLE ctrlPID;
@@ -140,8 +111,6 @@ NTSTATUS DriverEntry(
 	_In_  PUNICODE_STRING RegistryPath
 )
 {
-	CryptoInit(CRYPTO_FNPTR(DriverEntry), NULL);
-	CRYPT_PROLOGUE();
 	NTSTATUS status;
 	HANDLE hThread = NULL;
 	CLIENT_ID clientID = { 0 };
@@ -163,7 +132,6 @@ NTSTATUS DriverEntry(
 	{
 		KDBG("Failed to create worker thread. Status: 0x%X\n", status);
 	}
-	CRYPT_EPILOGUE();
 
 	return status;
 }
@@ -647,22 +615,6 @@ NTSTATUS KRThread(IN PVOID pArg)
 						KeWriteVirtualMemory(ctrlPEP, vr, (PVOID)SHMEM_ADDR, &siz);
 						break;
 					}
-					case MEM_VUNLINK: {
-						PKERNEL_VUNLINK_REQUEST vr = (PKERNEL_VUNLINK_REQUEST)shm_buf;
-						KDBG("Got a VUNLINK to process 0x%X, address 0x%p\n",
-							vr->ProcessId, vr->Address);
-						if (!NT_SUCCESS(UpdatePPEPIfRequired(vr->ProcessId,
-							lastPID, &lastPROC, &lastPEP)))
-						{
-							running = 0;
-							break;
-						}
-						vr->StatusRes = VADUnlink(lastPEP, (ULONG_PTR)vr->Address);
-
-						siz = sizeof * vr;
-						KeWriteVirtualMemory(ctrlPEP, vr, (PVOID)SHMEM_ADDR, &siz);
-						break;
-					}
 					case MEM_EXIT:
 						KDBG("Gracefully exiting ..\n");
 						KeClearEvent(pk_kevent);
@@ -785,29 +737,4 @@ NTSTATUS GetDriverObject(
 	}
 
 	return status;
-}
-
-PHANDLE_TABLE_ENTRY ExpLookupHandleTableEntry(PVOID pHandleTable, HANDLE handle)
-{
-	unsigned __int64 v2; // rdx
-	__int64 v3; // r8
-	signed __int64 v4; // rax
-	__int64 v5; // rax
-
-	v2 = (__int64)handle & 0xFFFFFFFFFFFFFFFCui64;
-	if (v2 >= *(DWORD*)pHandleTable)
-		return 0i64;
-	v3 = *((uintptr_t*)pHandleTable + 1);
-	v4 = *((uintptr_t*)pHandleTable + 1) & 3i64;
-	if ((UINT32)v4 == 1)
-	{
-		v5 = *(uintptr_t*)(v3 + 8 * (v2 >> 10) - 1);
-		return (PHANDLE_TABLE_ENTRY)(v5 + 4 * (v2 & 0x3FF));
-	}
-	if ((UINT32)v4)
-	{
-		v5 = *(uintptr_t*)(*(uintptr_t*)(v3 + 8 * (v2 >> 19) - 2) + 8 * ((v2 >> 10) & 0x1FF));
-		return (PHANDLE_TABLE_ENTRY)(v5 + 4 * (v2 & 0x3FF));
-	}
-	return (PHANDLE_TABLE_ENTRY)(v3 + 4 * v2);
 }
 \ No newline at end of file
diff --git a/KMemDriver/KMemDriver.vcxproj b/KMemDriver/KMemDriver.vcxproj
index 3d6507e..0d90e7f 100644
--- a/KMemDriver/KMemDriver.vcxproj
+++ b/KMemDriver/KMemDriver.vcxproj
@@ -173,23 +173,15 @@
     <FilesToPackage Include="$(TargetPath)" />
   </ItemGroup>
   <ItemGroup>
-    <ClCompile Include="Crypto.c" />
     <ClCompile Include="KMemDriver.c" />
     <ClCompile Include="Memory.c" />
-    <ClCompile Include="VAD.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\include\KMemDriver.h" />
-    <ClInclude Include="Crypto.h" />
     <ClInclude Include="Imports.h" />
     <ClInclude Include="Native.h" />
   </ItemGroup>
   <ItemGroup>
-    <MASM Include="Utils.asm">
-      <GenerateDebugInformation Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</GenerateDebugInformation>
-    </MASM>
-  </ItemGroup>
-  <ItemGroup>
     <None Include="..\PastDSE-Manual-Map-Debug.bat" />
     <None Include="..\PastDSE-Manual-Map-Release.bat" />
   </ItemGroup>
diff --git a/KMemDriver/KMemDriver.vcxproj.filters b/KMemDriver/KMemDriver.vcxproj.filters
index 7e60a14..9fff68f 100644
--- a/KMemDriver/KMemDriver.vcxproj.filters
+++ b/KMemDriver/KMemDriver.vcxproj.filters
@@ -20,9 +20,6 @@
     <ClInclude Include="..\include\KMemDriver.h">
       <Filter>Header Files</Filter>
     </ClInclude>
-    <ClInclude Include="Crypto.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="KMemDriver.c">
@@ -31,17 +28,6 @@
     <ClCompile Include="Memory.c">
       <Filter>Source Files</Filter>
     </ClCompile>
-    <ClCompile Include="VAD.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="Crypto.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-  </ItemGroup>
-  <ItemGroup>
-    <MASM Include="Utils.asm">
-      <Filter>Source Files</Filter>
-    </MASM>
   </ItemGroup>
   <ItemGroup>
     <None Include="..\PastDSE-Manual-Map-Debug.bat">
diff --git a/KMemDriver/Memory.c b/KMemDriver/Memory.c
index 86d3f8c..0717d97 100644
--- a/KMemDriver/Memory.c
+++ b/KMemDriver/Memory.c
@@ -346,54 +346,4 @@ NTSTATUS ReadPhysicalPage(IN PHYSICAL_ADDRESS* addr, OUT PUCHAR content, IN OUT
 
 	mm.PhysicalAddress = *(PHYSICAL_ADDRESS*)addr;
 	return MmCopyMemory(content, mm, 4096, MM_COPY_MEMORY_PHYSICAL, content_size_and_transferred);
-}
-
-SIZE_T GetCR3(IN PEPROCESS pep)
-{
-	SIZE_T ret;
-	KAPC_STATE apcState;
-
-	KeStackAttachProcess((PRKPROCESS)pep, &apcState);
-	ret = __readcr3();
-	KeUnstackDetachProcess(&apcState);
-
-	return ret;
-}
-
-void SetCR3(IN PEPROCESS pep, IN SIZE_T value)
-{
-	KAPC_STATE apcState;
-
-	KeStackAttachProcess((PRKPROCESS)pep, &apcState);
-	__writecr3(value);
-	KeUnstackDetachProcess(&apcState);
-}
-
-static ULONG_PTR invalidate_tlb(ULONG_PTR addr)
-{
-	__invlpg(addr);
-	return 0;
-}
-
-void FlushTLB(IN PVOID addr)
-{
-	KeIpiGenericCall(invalidate_tlb, (ULONG_PTR)addr);
-}
-
-#define IA32_PAT 0x277
-
-SIZE_T GetIA32PAT(void)
-{
-	return __readmsr(IA32_PAT);
-}
-
-static ULONG_PTR set_pat(ULONG_PTR pat)
-{
-	__writemsr(IA32_PAT, pat);
-	return 0;
-}
-
-void SetIA32PAT(IN SIZE_T value)
-{
-	KeIpiGenericCall(set_pat, value);
 }
 \ No newline at end of file
diff --git a/KMemDriver/Native.h b/KMemDriver/Native.h
index ed2fe1e..cdfb646 100644
--- a/KMemDriver/Native.h
+++ b/KMemDriver/Native.h
@@ -4,10 +4,6 @@
 
 #define GET_VAD_ROOT(Table) Table->BalancedRoot
 
-typedef enum native_offsets {
-	VAD_TREE_1803 = 0x628
-} native_offsets;
-
 typedef struct _PEB_LDR_DATA
 {
 	ULONG Length;
@@ -139,243 +135,6 @@ typedef struct _KLDR_DATA_TABLE_ENTRY {
 #pragma warning(disable : 4214 4201)
 #pragma pack(push, 1)
 
-typedef struct _MM_AVL_NODE // Size=24
-{
-	struct _MM_AVL_NODE* LeftChild; // Size=8 Offset=0
-	struct _MM_AVL_NODE* RightChild; // Size=8 Offset=8
-
-	union // Size=8
-	{
-		struct
-		{
-			__int64  Red : 1; // Size=8 Offset=0 BitOffset=0 BitCount=1
-		};
-		struct
-		{
-			__int64  Balance : 2; // Size=8 Offset=0 BitOffset=0 BitCount=2
-		};
-		struct _MM_AVL_NODE* Parent; // Size=8 Offset=0
-	};
-} MM_AVL_NODE, * PMM_AVL_NODE, * PMMADDRESS_NODE;
-
-union _EX_PUSH_LOCK // Size=8
-{
-	struct
-	{
-		unsigned __int64 Locked : 1; // Size=8 Offset=0 BitOffset=0 BitCount=1
-		unsigned __int64 Waiting : 1; // Size=8 Offset=0 BitOffset=1 BitCount=1
-		unsigned __int64 Waking : 1; // Size=8 Offset=0 BitOffset=2 BitCount=1
-		unsigned __int64 MultipleShared : 1; // Size=8 Offset=0 BitOffset=3 BitCount=1
-		unsigned __int64 Shared : 60; // Size=8 Offset=0 BitOffset=4 BitCount=60
-	};
-	unsigned __int64 Value; // Size=8 Offset=0
-	void* Ptr; // Size=8 Offset=0
-};
-
-struct _MMVAD_FLAGS // Size=4
-{
-	unsigned long VadType : 3; // Size=4 Offset=0 BitOffset=0 BitCount=3
-	unsigned long Protection : 5; // Size=4 Offset=0 BitOffset=3 BitCount=5
-	unsigned long PreferredNode : 6; // Size=4 Offset=0 BitOffset=8 BitCount=6
-	unsigned long NoChange : 1; // Size=4 Offset=0 BitOffset=14 BitCount=1
-	unsigned long PrivateMemory : 1; // Size=4 Offset=0 BitOffset=15 BitCount=1
-	unsigned long Teb : 1; // Size=4 Offset=0 BitOffset=16 BitCount=1
-	unsigned long PrivateFixup : 1; // Size=4 Offset=0 BitOffset=17 BitCount=1
-	unsigned long ManySubsections : 1; // Size=4 Offset=0 BitOffset=18 BitCount=1
-	unsigned long Spare : 12; // Size=4 Offset=0 BitOffset=19 BitCount=12
-	unsigned long DeleteInProgress : 1; // Size=4 Offset=0 BitOffset=31 BitCount=1
-};
-
-struct _MMVAD_FLAGS1 // Size=4
-{
-	unsigned long CommitCharge : 31; // Size=4 Offset=0 BitOffset=0 BitCount=31
-	unsigned long MemCommit : 1; // Size=4 Offset=0 BitOffset=31 BitCount=1
-};
-
-union MMVAD_SHORT_u1 // Size=4
-{
-	unsigned long LongFlags; // Size=4 Offset=0
-	struct _MMVAD_FLAGS VadFlags; // Size=4 Offset=0
-};
-
-union MMVAD_SHORT_u2 // Size=4
-{
-	unsigned long LongFlags1; // Size=4 Offset=0
-	struct _MMVAD_FLAGS1 VadFlags1; // Size=4 Offset=0
-};
-
-typedef struct _MMVAD_SHORT // Size=64
-{
-	union
-	{
-		struct _RTL_BALANCED_NODE VadNode; // Size=24 Offset=0
-		struct _MMVAD_SHORT* NextVad; // Size=8 Offset=0
-	};
-	unsigned long StartingVpn; // Size=4 Offset=24
-	unsigned long EndingVpn; // Size=4 Offset=28
-	unsigned char StartingVpnHigh; // Size=1 Offset=32
-	unsigned char EndingVpnHigh; // Size=1 Offset=33
-	unsigned char CommitChargeHigh; // Size=1 Offset=34
-	unsigned char SpareNT64VadUChar; // Size=1 Offset=35
-	long ReferenceCount; // Size=4 Offset=36
-	union _EX_PUSH_LOCK PushLock; // Size=8 Offset=40
-	union MMVAD_SHORT_u1 u; // Size=4 Offset=48
-	union MMVAD_SHORT_u2 u1; // Size=4 Offset=52
-	struct _MI_VAD_EVENT_BLOCK* EventList; // Size=8 Offset=56
-} MMVAD_SHORT, * PMMVAD_SHORT;
-
-struct _MMVAD_FLAGS2 // Size=4
-{
-	unsigned long FileOffset : 24; // Size=4 Offset=0 BitOffset=0 BitCount=24
-	unsigned long Large : 1; // Size=4 Offset=0 BitOffset=24 BitCount=1
-	unsigned long TrimBehind : 1; // Size=4 Offset=0 BitOffset=25 BitCount=1
-	unsigned long Inherit : 1; // Size=4 Offset=0 BitOffset=26 BitCount=1
-	unsigned long CopyOnWrite : 1; // Size=4 Offset=0 BitOffset=27 BitCount=1
-	unsigned long NoValidationNeeded : 1; // Size=4 Offset=0 BitOffset=28 BitCount=1
-	unsigned long Spare : 3; // Size=4 Offset=0 BitOffset=29 BitCount=3
-};
-
-struct _MI_VAD_SEQUENTIAL_INFO // Size=8
-{
-	unsigned __int64 Length : 12; // Size=8 Offset=0 BitOffset=0 BitCount=12
-	unsigned __int64 Vpn : 52; // Size=8 Offset=0 BitOffset=12 BitCount=52
-};
-
-union ___unnamed2047 // Size=4
-{
-	unsigned long LongFlags2; // Size=4 Offset=0
-	struct _MMVAD_FLAGS2 VadFlags2; // Size=4 Offset=0
-};
-
-union ___unnamed2048 // Size=8
-{
-	struct _MI_VAD_SEQUENTIAL_INFO SequentialVa; // Size=8 Offset=0
-	struct _MMEXTEND_INFO* ExtendedInfo; // Size=8 Offset=0
-};
-
-typedef union _EX_FAST_REF // Size=8
-{
-	void* Object;
-	struct
-	{
-		unsigned __int64 RefCnt : 4;
-	};
-	unsigned __int64 Value;
-} EX_FAST_REF, * PEX_FAST_REF;
-
-typedef struct _CONTROL_AREA // Size=120
-{
-	struct _SEGMENT* Segment;
-	struct _LIST_ENTRY ListHead;
-	unsigned __int64 NumberOfSectionReferences;
-	unsigned __int64 NumberOfPfnReferences;
-	unsigned __int64 NumberOfMappedViews;
-	unsigned __int64 NumberOfUserReferences;
-	unsigned long f1;
-	unsigned long f2;
-	EX_FAST_REF FilePointer;
-	// Other fields
-} CONTROL_AREA, * PCONTROL_AREA;
-
-typedef struct _SUBSECTION // Size=56
-{
-	PCONTROL_AREA ControlArea;
-	// Other fields
-} SUBSECTION, * PSUBSECTION;
-
-typedef struct _MMVAD // Size=128
-{
-	struct _MMVAD_SHORT Core; // Size=64 Offset=0
-	union ___unnamed2047 u2; // Size=4 Offset=64
-	unsigned long pad0;  // Size=4 Offset=68
-	struct _SUBSECTION* Subsection; // Size=8 Offset=72
-	struct _MMPTE* FirstPrototypePte; // Size=8 Offset=80
-	struct _MMPTE* LastContiguousPte; // Size=8 Offset=88
-	struct _LIST_ENTRY ViewLinks; // Size=16 Offset=96
-	struct _EPROCESS* VadsProcess; // Size=8 Offset=112
-	union ___unnamed2048 u4; // Size=8 Offset=120
-	struct _FILE_OBJECT* FileObject; // Size=8 Offset=128
-} MMVAD, * PMMVAD;
-
-typedef enum _MI_VAD_TYPE
-{
-	VadNone,
-	VadDevicePhysicalMemory,
-	VadImageMap,
-	VadAwe,
-	VadWriteWatch,
-	VadLargePages,
-	VadRotatePhysical,
-	VadLargePageSection
-} MI_VAD_TYPE, * PMI_VAD_TYPE;
-
-typedef struct _RTL_AVL_TREE // Size=8
-{
-	PMM_AVL_NODE BalancedRoot;
-	void* NodeHint;
-	UINT64 NumberGenericTableElements;
-} RTL_AVL_TREE, * PRTL_AVL_TREE, MM_AVL_TABLE, * PMM_AVL_TABLE;
-
-typedef struct _HANDLE_TABLE_ENTRY_INFO {
-	UINT32 AuditMask;
-	UINT32 MaxRelativeAccessMask;
-} HANDLE_TABLE_ENTRY_INFO, * PHANDLE_TABLE_ENTRY_INFO;
-
-typedef struct _HANDLE_TABLE_ENTRY
-{
-	union
-	{
-		PVOID Object;
-		ULONG ObAttributes;
-		PHANDLE_TABLE_ENTRY_INFO InfoTable;
-		ULONG Value;
-	};
-	union
-	{
-		ULONG GrantedAccess;
-		struct
-		{
-			SHORT GrantedAccessIndex;
-			SHORT CreatorBackTraceIndex;
-		};
-		LONG NextFreeTableEntry;
-	};
-} HANDLE_TABLE_ENTRY, * PHANDLE_TABLE_ENTRY;
-
-typedef struct _HANDLE_TABLE_FREE_LIST
-{
-	EX_PUSH_LOCK FreeListLock;
-	PHANDLE_TABLE_ENTRY FirstFreeHandleEntry;
-	PHANDLE_TABLE_ENTRY LastFreeHandleEntry;
-	UINT32 HandleCount;
-	UINT32 HighWaterMark;
-} HANDLE_TABLE_FREE_LIST, * PHANDLE_TABLE_FREE_LIST;
-
-typedef struct _HANDLE_TABLE
-{
-	UINT32 NextHandleNeedingPool;
-	UINT32 ExtraInfoPages;
-	UINT32 TableCode;
-	PEPROCESS QuotaProcess;
-	LIST_ENTRY HandleTableList;
-	UINT32 UniqueProcessId;
-	union {
-		UINT32 Flags;
-		struct {
-			UINT32 StrictFIFO : 1;
-			UINT32 EnableHandleExceptions : 1;
-			UINT32 Rundown : 1;
-			UINT32 Duplicated : 1;
-			UINT32 RaiseUMExceptionOnInvalidHandleClose : 1;
-		};
-	};
-	EX_PUSH_LOCK HandleContentionEvent;
-	EX_PUSH_LOCK HandleTableLock;
-	HANDLE_TABLE_FREE_LIST FreeLists;
-	UCHAR ActualEntry[32];
-	PVOID DebugInfo;
-} PHANDLE_TABLE;
-
 typedef struct _SYSTEM_PROCESS_INFORMATION {
 	ULONG NextEntryOffset;
 	ULONG NumberOfThreads;
diff --git a/KMemDriver/Utils.asm b/KMemDriver/Utils.asm
deleted file mode 100644
index b7c344e..0000000
--- a/KMemDriver/Utils.asm
+++ /dev/null
@@ -1,11 +0,0 @@
-PUBLIC getNextRIP
-
-.code _text
-
-getNextRIP PROC PUBLIC
-pop rax
-push rax
-ret
-getNextRIP ENDP
-
-END
-\ No newline at end of file
diff --git a/KMemDriver/VAD.c b/KMemDriver/VAD.c
deleted file mode 100644
index bb3cbb6..0000000
--- a/KMemDriver/VAD.c
+++ /dev/null
@@ -1,170 +0,0 @@
-#include "KMemDriver.h"
-#include "Imports.h"
-#include "Native.h"
-
-#include <ntddk.h>
-#include <Ntstrsafe.h>
-
-#define MM_ZERO_ACCESS         0
-
-
-TABLE_SEARCH_RESULT
-VADFindNodeOrParent(
-	IN PMM_AVL_TABLE Table,
-	IN ULONG_PTR StartingVpn,
-	OUT PMMADDRESS_NODE *NodeOrParent
-)
-{
-	PMMADDRESS_NODE Child;
-	PMMADDRESS_NODE NodeToExamine;
-	PMMVAD_SHORT    VpnCompare;
-	ULONG_PTR       startVpn;
-	ULONG_PTR       endVpn;
-
-	if (Table->NumberGenericTableElements == 0) {
-		return TableEmptyTree;
-	}
-
-	NodeToExamine = (PMMADDRESS_NODE)GET_VAD_ROOT(Table);
-
-	for (;;) {
-
-		VpnCompare = (PMMVAD_SHORT)NodeToExamine;
-		startVpn = VpnCompare->StartingVpn;
-		endVpn = VpnCompare->EndingVpn;
-
-		startVpn |= (ULONG_PTR)VpnCompare->StartingVpnHigh << 32;
-		endVpn |= (ULONG_PTR)VpnCompare->EndingVpnHigh << 32;
-
-		KDBG("Examining Node 0x%p with start VA 0x%p and end VA 0x%p\n", VpnCompare, startVpn, endVpn);
-
-		//
-		// Compare the buffer with the key in the tree element.
-		//
-
-		if (StartingVpn < startVpn) {
-
-			Child = NodeToExamine->LeftChild;
-
-			if (Child != NULL) {
-				NodeToExamine = Child;
-			}
-			else {
-
-				//
-				// Node is not in the tree.  Set the output
-				// parameter to point to what would be its
-				// parent and return which child it would be.
-				//
-
-				*NodeOrParent = NodeToExamine;
-				return TableInsertAsLeft;
-			}
-		}
-		else if (StartingVpn <= endVpn) {
-
-			//
-			// This is the node.
-			//
-
-			*NodeOrParent = NodeToExamine;
-			return TableFoundNode;
-		}
-		else {
-
-			Child = NodeToExamine->RightChild;
-
-			if (Child != NULL) {
-				NodeToExamine = Child;
-			}
-			else {
-
-				//
-				// Node is not in the tree.  Set the output
-				// parameter to point to what would be its
-				// parent and return which child it would be.
-				//
-
-				*NodeOrParent = NodeToExamine;
-				return TableInsertAsRight;
-			}
-		}
-	}
-}
-
-NTSTATUS VADFind(
-	IN PEPROCESS pProcess,
-	IN ULONG_PTR address,
-	OUT PMMVAD_SHORT* pResult
-)
-{
-	NTSTATUS status = STATUS_SUCCESS;
-	ULONG_PTR vpnStart = address >> PAGE_SHIFT;
-	PMM_AVL_TABLE pTable = (PMM_AVL_TABLE)((PUCHAR)pProcess + VAD_TREE_1803);
-	PMM_AVL_NODE pNode = GET_VAD_ROOT(pTable);
-
-	if (pProcess == NULL || pResult == NULL)
-		return STATUS_INVALID_PARAMETER;
-
-	// Search VAD
-	if (VADFindNodeOrParent(pTable, vpnStart, &pNode) == TableFoundNode)
-	{
-		*pResult = (PMMVAD_SHORT)pNode;
-	}
-	else
-	{
-		KDBG("%s: VAD entry for address 0x%p not found\n", __FUNCTION__, address);
-		status = STATUS_NOT_FOUND;
-	}
-
-	return status;
-}
-
-NTSTATUS VADProtect(
-	IN PEPROCESS pProcess,
-	IN ULONG_PTR address, IN ULONG prot
-)
-{
-	NTSTATUS status = STATUS_SUCCESS;
-	PMMVAD_SHORT pVadShort = NULL;
-
-	status = VADFind(pProcess, address, &pVadShort);
-	if (NT_SUCCESS(status))
-		pVadShort->u.VadFlags.Protection = prot;
-
-	return status;
-}
-
-NTSTATUS VADUnlink(IN PEPROCESS pProcess, IN ULONG_PTR address)
-{
-	NTSTATUS status = STATUS_SUCCESS;
-	PMMVAD_SHORT pVadShort = NULL;
-
-	status = VADFind(pProcess, address, &pVadShort);
-	if (!NT_SUCCESS(status))
-		return status;
-
-	// Erase image name
-	if (pVadShort->u.VadFlags.VadType == VadImageMap)
-	{
-		PMMVAD pVadLong = (PMMVAD)pVadShort;
-		if (pVadLong->Subsection && pVadLong->Subsection->ControlArea && pVadLong->Subsection->ControlArea->FilePointer.Object)
-		{
-			PFILE_OBJECT pFile = (PFILE_OBJECT)(pVadLong->Subsection->ControlArea->FilePointer.Value & ~0xF);
-			pFile->FileName.Buffer[0] = L'\0';
-			pFile->FileName.Length = 0;
-		}
-		else
-			return STATUS_INVALID_ADDRESS;
-	}
-	// Make NO_ACCESS
-	else if (pVadShort->u.VadFlags.VadType == VadDevicePhysicalMemory)
-	{
-		pVadShort->u.VadFlags.Protection = MM_ZERO_ACCESS;
-	}
-	else {
-		RtlAvlRemoveNode((PMM_AVL_TABLE)((PUCHAR)pProcess + VAD_TREE_1803), (PMMADDRESS_NODE)pVadShort);
-	}
-
-	return status;
-}
-\ No newline at end of file
author	segfault <toni@impl.cc>	2021-04-23 13:16:47 +0200
committer	segfault <toni@impl.cc>	2021-04-23 13:16:47 +0200
commit	efdfbef8a67467fac3d19eaf036963cdbece59e6 (patch)
tree	8b5f1b3fe4194f6e623250b94490b8a2c31ed9ba /KMemDriver
parent	791a8c5475e2291ff2c2526a1468ff42fc0328c8 (diff)