From 856f4dd8bcbaf7646ce45f69405012c4de00dac9 Mon Sep 17 00:00:00 2001 From: Ryan McCrystal Date: Sun, 18 Jul 2021 22:16:44 -1000 Subject: [PATCH] Updated to latest winver --- driver/driver.inf | 86 ----------------------------------- driver/driver.vcxproj | 5 +- driver/driver.vcxproj.filters | 5 -- driver/main.c | 40 ++++++++-------- 4 files changed, 23 insertions(+), 113 deletions(-) delete mode 100644 driver/driver.inf diff --git a/driver/driver.inf b/driver/driver.inf deleted file mode 100644 index f382bcf..0000000 --- a/driver/driver.inf +++ /dev/null @@ -1,86 +0,0 @@ -; -; driver.inf -; - -[Version] -Signature="$WINDOWS NT$" -Class=Sample ; TODO: edit Class -ClassGuid={78A1C341-4539-11d3-B88D-00C04FAD5171} ; TODO: edit ClassGuid -Provider=%ManufacturerName% -CatalogFile=driver.cat -DriverVer= ; TODO: set DriverVer in stampinf property pages - -[DestinationDirs] -DefaultDestDir = 12 -driver_Device_CoInstaller_CopyFiles = 11 - -; ================= Class section ===================== - -[ClassInstall32] -Addreg=SampleClassReg - -[SampleClassReg] -HKR,,,0,%ClassName% -HKR,,Icon,,-5 - -[SourceDisksNames] -1 = %DiskName%,,,"" - -[SourceDisksFiles] -driver.sys = 1,, -WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames - -;***************************************** -; Install Section -;***************************************** - -[Manufacturer] -%ManufacturerName%=Standard,NT$ARCH$ - -[Standard.NT$ARCH$] -%driver.DeviceDesc%=driver_Device, Root\driver ; TODO: edit hw-id - -[driver_Device.NT] -CopyFiles=Drivers_Dir - -[Drivers_Dir] -driver.sys - -;-------------- Service installation -[driver_Device.NT.Services] -AddService = driver,%SPSVCINST_ASSOCSERVICE%, driver_Service_Inst - -; -------------- driver driver install sections -[driver_Service_Inst] -DisplayName = %driver.SVCDESC% -ServiceType = 1 ; SERVICE_KERNEL_DRIVER -StartType = 3 ; SERVICE_DEMAND_START -ErrorControl = 1 ; SERVICE_ERROR_NORMAL -ServiceBinary = %12%\driver.sys - -; -;--- driver_Device Coinstaller installation ------ -; - -[driver_Device.NT.CoInstallers] -AddReg=driver_Device_CoInstaller_AddReg -CopyFiles=driver_Device_CoInstaller_CopyFiles - -[driver_Device_CoInstaller_AddReg] -HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller" - -[driver_Device_CoInstaller_CopyFiles] -WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll - -[driver_Device.NT.Wdf] -KmdfService = driver, driver_wdfsect -[driver_wdfsect] -KmdfLibraryVersion = $KMDFVERSION$ - -[Strings] -SPSVCINST_ASSOCSERVICE= 0x00000002 -ManufacturerName="" ;TODO: Replace with your manufacturer name -ClassName="Samples" ; TODO: edit ClassName -DiskName = "driver Installation Disk" -driver.DeviceDesc = "driver Device" -driver.SVCDESC = "driver Service" diff --git a/driver/driver.vcxproj b/driver/driver.vcxproj index 206bda7..581cc94 100644 --- a/driver/driver.vcxproj +++ b/driver/driver.vcxproj @@ -67,6 +67,7 @@ Driver KMDF Universal + false Windows10 @@ -75,6 +76,7 @@ Driver KMDF Universal + false Windows10 @@ -153,9 +155,6 @@ DriverEntry - - - diff --git a/driver/driver.vcxproj.filters b/driver/driver.vcxproj.filters index f658230..7a23112 100644 --- a/driver/driver.vcxproj.filters +++ b/driver/driver.vcxproj.filters @@ -18,11 +18,6 @@ inf;inv;inx;mof;mc; - - - Driver Files - - Source Files diff --git a/driver/main.c b/driver/main.c index ea39d8c..126de28 100644 --- a/driver/main.c +++ b/driver/main.c @@ -38,33 +38,35 @@ NTSTATUS Main() { return STATUS_FAILED_DRIVER_ENTRY; } - // MiAllocateVad (yes I'm this lazy) - PBYTE addr = (PBYTE)FindPatternImage(base, "\x41\xB8\x00\x00\x00\x00\x48\x8B\xD6\x49\x8B\xCE\xE8\x00\x00\x00\x00\x48\x8B\xD8", "xx????xxxxxxx????xxx"); - if (!addr) { - printf("! failed to find MiAllocateVad !\n"); + // MiAllocateVad + PBYTE addr = (PBYTE)FindPatternImage(base, "\x48\x89\x5C\x24\x00\x48\x89\x6C\x24\x00\x48\x89\x74\x24\x00\x57\x48\x83\xEC\x30\x48\x8B\xE9\x41\x8B\xF8\xB9\x00\x00\x00\x00\x48\x8B\xF2\x8B\xD1\x41\xB8\x00\x00\x00\x00", "xxxx?xxxx?xxxx?xxxxxxxxxxxx????xxxxxxx????"); + if (!addr) + { + DbgPrintEx(0, 0, "[driver] MiAllocateVad not found!\n"); return STATUS_FAILED_DRIVER_ENTRY; } - - *(PVOID *)&MiAllocateVad = RELATIVE_ADDR(addr + 12, 5); - + + *(PVOID*)&MiAllocateVad = addr; + // MiInsertVadCharges - addr = FindPatternImage(base, "\xE8\x00\x00\x00\x00\x8B\xF8\x85\xC0\x78\x31", "x????xxxxxx"); - if (!addr) { - printf("! failed to find MiInsertVadCharges !\n"); + addr = FindPatternImage(base, "\x48\x89\x5C\x24\x00\x48\x89\x6C\x24\x00\x48\x89\x74\x24\x00\x57\x41\x54\x41\x55\x41\x56\x41\x57\x48\x83\xEC\x20\x8B\x41\x18\x48\x8B\xD9\x44\x0F\xB6\x71\x00\x45\x33\xE4", "xxxx?xxxx?xxxx?xxxxxxxxxxxxxxxxxxxxxxx?xxx"); + if (!addr) + { + DbgPrintEx(0, 0, "[driver] MiInsertVadCharges not found!\n"); return STATUS_FAILED_DRIVER_ENTRY; } - - *(PVOID *)&MiInsertVadCharges = RELATIVE_ADDR(addr, 5); - + + *(PVOID*)&MiInsertVadCharges = addr; + // MiInsertVad - addr = FindPatternImage(base, "\x48\x2B\xD1\x48\xFF\xC0\x48\x03\xC2", "xxxxxxxxx"); - if (!addr) { - printf("! failed to find MiInsertVad !\n"); + addr = FindPatternImage(base, "\x48\x89\x5C\x24\x00\x48\x89\x6C\x24\x00\x48\x89\x74\x24\x00\x57\x41\x54\x41\x55\x41\x56\x41\x57\x48\x83\xEC\x20\x8B\x41\x1C\x33\xED\x0F\xB6\x59\x21", "xxxx?xxxx?xxxx?xxxxxxxxxxxxxxxxxxxxxx"); + if (!addr) + { + DbgPrintEx(0, 0, "[driver] MiInsertVad not found!\n"); return STATUS_FAILED_DRIVER_ENTRY; } - - for (; *addr != 0xE8 || *(addr + 5) != 0x8B; ++addr); - *(PVOID *)&MiInsertVad = RELATIVE_ADDR(addr, 5); + + *(PVOID*)&MiInsertVad = addr; // Intended be manually mapped addr = FindPatternImage(base, "\x48\x8B\x05\x00\x00\x00\x00\xE8\x00\x00\x00\x00\x8B\xC8\x85\xC0\x78\x40", "xxx????x????xxxxxx");