From 27de0798b73e7310dfc6ed76578120a41ba8c160 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Fri, 8 Mar 2024 08:29:04 +0100 Subject: initial tarkov driver (WiP) Signed-off-by: Toni Uhlig --- Makefile | 14 +++++++++++-- tarkov.cpp | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ tfk.bat | 27 ++++++++++++++++++++++++ 3 files changed, 108 insertions(+), 2 deletions(-) create mode 100644 tarkov.cpp create mode 100644 tfk.bat diff --git a/Makefile b/Makefile index e2c7633..8be8128 100644 --- a/Makefile +++ b/Makefile @@ -8,17 +8,27 @@ DRIVER_NAME = driver-kmem DRIVER_OBJECTS = $(DRIVER_NAME).o memory.o DRIVER_TARGET = $(DRIVER_NAME).sys -all: $(DRIVER_TARGET) +TARKOV_NAME = tfk +TARKOV_OBJECTS = tarkov.o memory.o +TARKOV_TARGET = $(TARKOV_NAME).sys -install: $(DRIVER_TARGET) +all: $(DRIVER_TARGET) $(TARKOV_TARGET) + +install: $(DRIVER_TARGET) $(TARKOV_TARGET) $(call INSTALL_EXEC_SIGN,$(DRIVER_TARGET)) $(INSTALL) $(DRIVER_NAME).bat $(DESTDIR) + $(call INSTALL_EXEC_SIGN,$(TARKOV_TARGET)) + $(INSTALL) $(TARKOV_NAME).bat $(DESTDIR) clean: rm -f $(DRIVER_OBJECTS) $(DRIVER_TARGET) + rm -f $(TARKOV_OBJECTS) $(TARKOV_TARGET) %.o: %.cpp $(call BUILD_CPP_OBJECT,$<,$@) $(DRIVER_TARGET): $(DRIVER_OBJECTS) $(call LINK_CPP_KERNEL_TARGET,$(DRIVER_OBJECTS),$@) + +$(TARKOV_TARGET): $(TARKOV_OBJECTS) + $(call LINK_CPP_KERNEL_TARGET,$(TARKOV_OBJECTS),$@) diff --git a/tarkov.cpp b/tarkov.cpp new file mode 100644 index 0000000..c71d286 --- /dev/null +++ b/tarkov.cpp @@ -0,0 +1,69 @@ +#include + +#include + +#include "memory.hpp" + +using namespace DriverThread; + +static Thread thread; + +static uint64_t SearchTarkovProcess(void) { + const auto &procs = ::GetProcesses(); + const wchar_t targetProcess[] = L"EscapeFromTarkov.exe"; + const auto &found = eastl::find_if(procs.begin(), procs.end(), + [&targetProcess](const auto &item) { + if (item.ProcessName == targetProcess) + return true; + return false; + }); + + if (found == procs.end()) { + return 0; + } + + return found->UniqueProcessId; +} + +extern "C" { +DRIVER_INITIALIZE DriverEntry; +DRIVER_UNLOAD DriverUnload; + +NTSTATUS DriverEntry(_In_ struct _DRIVER_OBJECT *DriverObject, + _In_ PUNICODE_STRING RegistryPath) { + UNREFERENCED_PARAMETER(DriverObject); + UNREFERENCED_PARAMETER(RegistryPath); + + auto args = eastl::make_shared(); + thread.Start( + [](eastl::shared_ptr args) { + UNREFERENCED_PARAMETER(args); + + auto pid = reinterpret_cast(SearchTarkovProcess()); + if (pid == NULL) { + return STATUS_SUCCESS; + } + DbgPrint("Process pid: %p\n", pid); + + PEPROCESS pep; + HANDLE obj; + if (!NT_SUCCESS(::OpenProcess(pid, &pep, &obj))) { + return STATUS_SUCCESS; + } + + // TODO: Fill me with useful code.. ;) + + return STATUS_SUCCESS; + }, + args); + + return STATUS_SUCCESS; +} + +VOID DriverUnload(_In_ struct _DRIVER_OBJECT *DriverObject) { + UNREFERENCED_PARAMETER(DriverObject); + + DbgPrint("%s\n", "Waiting for thread termination.."); + thread.WaitForTermination(); +} +} diff --git a/tfk.bat b/tfk.bat new file mode 100644 index 0000000..4f0b8cc --- /dev/null +++ b/tfk.bat @@ -0,0 +1,27 @@ +@echo off +set SERVICE_NAME=tkf +set DRIVER="%~dp0\tkf.sys" + +net session >nul 2>&1 +if NOT %ERRORLEVEL% EQU 0 ( + echo ERROR: This script requires Administrator privileges! + pause + exit /b 1 +) + +echo --------------------------------------- +echo -- Service Name: %SERVICE_NAME% +echo -- Driver......: %DRIVER% +echo --------------------------------------- + +sc create %SERVICE_NAME% binPath= %DRIVER% type= kernel +echo --------------------------------------- +sc start %SERVICE_NAME% +echo --------------------------------------- +sc query %SERVICE_NAME% +echo [PRESS A KEY TO STOP THE DRIVER] +pause +sc stop %SERVICE_NAME% +sc delete %SERVICE_NAME% +echo Done. +timeout /t 3 -- cgit v1.2.3