/
Spoofer.h
72 lines (53 loc) · 1.86 KB
/
Spoofer.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#pragma once
CHAR HDDSPOOF_BUFFER[MAX_HDDS][32] = { 0x20 };
CHAR HDDORG_BUFFER[MAX_HDDS][32] = { 0 };
typedef struct _VendorInfo
{
char pad_0x0000[0x8];
char Info[64];
} VendorInfo;
typedef struct _HDD_EXTENSION
{
char pad_0x0000[0x60];
VendorInfo* pVendorInfo;
char pad_0x0068[0x8];
char* pHDDSerial;
char pad_0x0078[0x30];
} HDD_EXTENSION, *PHDD_EXTENSION;
typedef __int64(__fastcall *RaidUnitRegisterInterfaces)(PHDD_EXTENSION a1);
RaidUnitRegisterInterfaces pRegDevInt = NULL;
INT HDD_count = 0;
void SpoofHDD()
{
UINT64 address = GetKernelAddress("storport.sys");
pRegDevInt = address + RegDevIntOFF;
PDEVICE_OBJECT pObject = NULL;
PFILE_OBJECT pFileObj = NULL;
UNICODE_STRING DestinationString;
RtlInitUnicodeString(&DestinationString, L"\\Device\\RaidPort0");
NTSTATUS status = IoGetDeviceObjectPointer(&DestinationString, FILE_READ_DATA, &pFileObj, &pObject);
PDRIVER_OBJECT pDriver = pObject->DriverObject;
PDEVICE_OBJECT pDevice = pDriver->DeviceObject;
while (pDevice->NextDevice != NULL)
{
if (pDevice->DeviceType == FILE_DEVICE_DISK)
{
PHDD_EXTENSION pDeviceHDD = pDevice->DeviceExtension;
CHAR HDDSPOOFED_TMP[32] = { 0x0 };
randstring(&HDDSPOOFED_TMP, SERIAL_MAX_LENGTH - 1);
//Can be optimised...
for (int i = 1; i <= SERIAL_MAX_LENGTH + 1; i = i + 2)
{
memcpy(&HDDORG_BUFFER[HDD_count][i - 1], &pDeviceHDD->pHDDSerial[i], sizeof(CHAR));
memcpy(&HDDORG_BUFFER[HDD_count][i], &pDeviceHDD->pHDDSerial[i - 1], sizeof(CHAR));
memcpy(&HDDSPOOF_BUFFER[HDD_count][i - 1], &HDDSPOOFED_TMP[i], sizeof(CHAR));
memcpy(&HDDSPOOF_BUFFER[HDD_count][i], &HDDSPOOFED_TMP[i - 1], sizeof(CHAR));
}
RtlStringCchPrintfA(pDeviceHDD->pHDDSerial, SERIAL_MAX_LENGTH + 1, "%s", &HDDSPOOFED_TMP);
//reset the registry entries to the faked serials
pRegDevInt(pDeviceHDD);
HDD_count++;
}
pDevice = pDevice->NextDevice;
}
}