[BUG] WDF Structures #23

VoidSec · 2022-04-25T21:41:04Z

In commit 43eba17 I've finished updating IDA's APIs and fixing breaking code changes.

Unfortunately, despite the script is not breaking anymore, it seems that it still fails this condition at:

Line 770 in 43eba17

    
           if ida_bytes.create_struct(wdf_func, size, id) and idc.set_name(wdf_func, 'WdfFunctions', 0):

for a reason that, at the moment, is unknown. The logic behind https://github.com/VoidSec/DriverBuddyReloaded/blob/main/DriverBuddyReloaded/wdf.py is pretty "hacky" and somewhat "obscure". In addition to that, I'm not sure that the logic detecting the WDF version at

Line 759 in 43eba17

version = int(str(idc.get_wide_dword(addr + ptr_size + 0x4)))

makes complete sense.

We should also update the WDF structures in order to include updated ones and keep them updated as I'm pretty sure the latest WDF version is >= 1.13.

The text was updated successfully, but these errors were encountered:

VoidSec · 2022-04-25T21:43:06Z

@harelon / @eranzim do you think you could give it a try and try to understand and fix that?

harelon · 2022-04-29T14:06:16Z

Working on it

VoidSec · 2022-05-05T19:40:13Z

@harelon thank you! I've seen your pull request; I'll test it this weekend and merge it consequently :D

VoidSec · 2022-05-07T09:25:45Z

fixed in #24

VoidSec added bug Something isn't working help wanted Extra attention is needed labels Apr 25, 2022

VoidSec self-assigned this Apr 25, 2022

VoidSec assigned VoidSec and unassigned VoidSec Apr 25, 2022

VoidSec closed this as completed May 7, 2022

Provide feedback