From 639f1137e3f7e5ef845e3f69ad34b514749c87fc Mon Sep 17 00:00:00 2001
From: segfault <toni@impl.cc>
Date: Sun, 11 Oct 2020 13:17:25 -0700
Subject: Added code de/encryption on function level (WiP).

---
 KMemDriver/Crypto.c                   | 15 +++++++++++++++
 KMemDriver/Crypto.h                   | 18 ++++++++++++++++++
 KMemDriver/KMemDriver.c               |  4 +++-
 KMemDriver/KMemDriver.vcxproj         |  2 ++
 KMemDriver/KMemDriver.vcxproj.filters |  6 ++++++
 5 files changed, 44 insertions(+), 1 deletion(-)
 create mode 100644 KMemDriver/Crypto.c
 create mode 100644 KMemDriver/Crypto.h

diff --git a/KMemDriver/Crypto.c b/KMemDriver/Crypto.c
new file mode 100644
index 0000000..1999d5f
--- /dev/null
+++ b/KMemDriver/Crypto.c
@@ -0,0 +1,15 @@
+#include "Crypto.h"
+
+struct crypt_data {
+	UINT64 key;
+	UINT8 crypted;
+	UINT32 marker;
+};
+
+#define MAX_CRYPTED_FUNCTIONS 64
+static struct crypt_data data[MAX_CRYPTED_FUNCTIONS];
+static size_t data_used = 0;
+
+void crypt_fn(void)
+{
+}
\ No newline at end of file
diff --git a/KMemDriver/Crypto.h b/KMemDriver/Crypto.h
new file mode 100644
index 0000000..09413aa
--- /dev/null
+++ b/KMemDriver/Crypto.h
@@ -0,0 +1,18 @@
+#pragma once
+
+#include <ntddk.h>
+
+void crypt_fn(void);
+
+#define CRYPT_PROLOGUE() \
+	do { \
+		crypt_fn(); \
+		volatile UINT64 index_and_marker = { 0x11111111C0DEC0DE }; \
+		UNREFERENCED_PARAMETER(index_and_marker); \
+	} while (0)
+#define CRYPT_EPILOGUE() \
+	do { \
+		volatile UINT32 marker = 0xDEADDEAD;\
+		UNREFERENCED_PARAMETER(marker); \
+		crypt_fn(); \
+	} while (0)
\ No newline at end of file
diff --git a/KMemDriver/KMemDriver.c b/KMemDriver/KMemDriver.c
index 3865b67..921ab0f 100644
--- a/KMemDriver/KMemDriver.c
+++ b/KMemDriver/KMemDriver.c
@@ -1,6 +1,7 @@
 #include "KMemDriver.h"
 #include "Imports.h"
 #include "Native.h"
+#include "Crypto.h"
 
 #include <ntddk.h>
 #include <Ntstrsafe.h>
@@ -164,6 +165,7 @@ NTSTATUS DriverEntry(
 	_In_  PUNICODE_STRING RegistryPath
 )
 {
+	CRYPT_PROLOGUE();
 	NTSTATUS status;
 	HANDLE hThread = NULL;
 	CLIENT_ID clientID = { 0 };
@@ -183,8 +185,8 @@ NTSTATUS DriverEntry(
 	if (!NT_SUCCESS(status))
 	{
 		KDBG("Failed to create worker thread. Status: 0x%X\n", status);
-		return status;
 	}
+	CRYPT_EPILOGUE();
 
 	return status;
 }
diff --git a/KMemDriver/KMemDriver.vcxproj b/KMemDriver/KMemDriver.vcxproj
index 0c97b63..0161cdf 100644
--- a/KMemDriver/KMemDriver.vcxproj
+++ b/KMemDriver/KMemDriver.vcxproj
@@ -173,12 +173,14 @@
     <FilesToPackage Include="$(TargetPath)" />
   </ItemGroup>
   <ItemGroup>
+    <ClCompile Include="Crypto.c" />
     <ClCompile Include="KMemDriver.c" />
     <ClCompile Include="Memory.c" />
     <ClCompile Include="VAD.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\include\KMemDriver.h" />
+    <ClInclude Include="Crypto.h" />
     <ClInclude Include="Imports.h" />
     <ClInclude Include="Native.h" />
   </ItemGroup>
diff --git a/KMemDriver/KMemDriver.vcxproj.filters b/KMemDriver/KMemDriver.vcxproj.filters
index ff05a79..a02c6eb 100644
--- a/KMemDriver/KMemDriver.vcxproj.filters
+++ b/KMemDriver/KMemDriver.vcxproj.filters
@@ -20,6 +20,9 @@
     <ClInclude Include="..\include\KMemDriver.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="Crypto.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="KMemDriver.c">
@@ -31,6 +34,9 @@
     <ClCompile Include="VAD.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="Crypto.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <MASM Include="Utils.asm">
-- 
cgit v1.2.3