nopriest
/
TDL
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

v 1.1.0 

small update
This commit is contained in:
hfiref0x 2017-04-17 18:45:41 +07:00
parent 20a4e9b210
commit 7e4aec975f
17 changed files with 1248 additions and 1295 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
.gitattributes vendored
View File

@ -1,17 +0,0 @@
# Auto detect text files and perform LF normalization
* text=auto
# Custom for Visual Studio
*.cs diff=csharp
# Standard to msysgit
*.doc diff=astextplain
*.DOC diff=astextplain
*.docx diff=astextplain
*.DOCX diff=astextplain
*.dot diff=astextplain
*.DOT diff=astextplain
*.pdf diff=astextplain
*.PDF diff=astextplain
*.rtf diff=astextplain
*.RTF diff=astextplain

BIN
Compiled/Furutaka.exe
View File

Binary file not shown.

2
README.md
View File

@ -32,7 +32,7 @@ In order to build from source you need Microsoft Visual Studio 2015 U1 and later
# Authors # Authors
(c) 2016 TDL Project (c) 2016 - 2017 TDL Project
# Credits # Credits

2
Source/Furutaka/Furutaka.sln
View File

@ -1,7 +1,7 @@
 
Microsoft Visual Studio Solution File, Format Version 12.00 Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 14 # Visual Studio 14
VisualStudioVersion = 14.0.24720.0 VisualStudioVersion = 14.0.25420.1
MinimumVisualStudioVersion = 10.0.40219.1 MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Furutaka", "Furutaka.vcxproj", "{8CC15B84-9FA8-4F5E-934F-7DAE7BAC4896}" Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Furutaka", "Furutaka.vcxproj", "{8CC15B84-9FA8-4F5E-934F-7DAE7BAC4896}"
EndProject EndProject

81
Source/Furutaka/Furutaka.vcxproj
View File

@ -1,14 +1,6 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations"> <ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64"> <ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration> <Configuration>Debug</Configuration>
<Platform>x64</Platform> <Platform>x64</Platform>
@ -26,19 +18,6 @@
<ProjectName>Furutaka</ProjectName> <ProjectName>Furutaka</ProjectName>
</PropertyGroup> </PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration"> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType> <ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries> <UseDebugLibraries>true</UseDebugLibraries>
@ -57,12 +36,6 @@
</ImportGroup> </ImportGroup>
<ImportGroup Label="Shared"> <ImportGroup Label="Shared">
</ImportGroup> </ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup> </ImportGroup>
@ -70,20 +43,10 @@
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup> </ImportGroup>
<PropertyGroup Label="UserMacros" /> <PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>true</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental> <LinkIncremental>true</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir> <OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir> <IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet> <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
</PropertyGroup> </PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@ -93,23 +56,6 @@
<CodeAnalysisRuleSet>NativeRecommendedRules.ruleset</CodeAnalysisRuleSet> <CodeAnalysisRuleSet>NativeRecommendedRules.ruleset</CodeAnalysisRuleSet>
<RunCodeAnalysis>false</RunCodeAnalysis> <RunCodeAnalysis>false</RunCodeAnalysis>
</PropertyGroup> </PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level4</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>TDLMain</EntryPointSymbol>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile> <ClCompile>
<PrecompiledHeader> <PrecompiledHeader>
@ -124,30 +70,7 @@
<SubSystem>Console</SubSystem> <SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation> <GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>TDLMain</EntryPointSymbol> <EntryPointSymbol>TDLMain</EntryPointSymbol>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel> <UACExecutionLevel>AsInvoker</UACExecutionLevel>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level4</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<CompileAs>CompileAsC</CompileAs>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>TDLMain</EntryPointSymbol>
<SetChecksum>true</SetChecksum>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
</Link> </Link>
</ItemDefinitionGroup> </ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@ -164,6 +87,8 @@
<MultiProcessorCompilation>true</MultiProcessorCompilation> <MultiProcessorCompilation>true</MultiProcessorCompilation>
<StringPooling>true</StringPooling> <StringPooling>true</StringPooling>
<EnablePREfast>false</EnablePREfast> <EnablePREfast>false</EnablePREfast>
<ControlFlowGuard>Guard</ControlFlowGuard>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
</ClCompile> </ClCompile>
<Link> <Link>
<SubSystem>Console</SubSystem> <SubSystem>Console</SubSystem>

8
Source/Furutaka/Furutaka.vcxproj.user
View File

@ -4,14 +4,6 @@
<LocalDebuggerCommandArguments>C:\MAKEEXE\TurlaDriverLoader\Loader\drv\Tsugumi.sys</LocalDebuggerCommandArguments> <LocalDebuggerCommandArguments>C:\MAKEEXE\TurlaDriverLoader\Loader\drv\Tsugumi.sys</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor> <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup> </PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LocalDebuggerCommandArguments>C:\MAKEEXE\TurlaDriverLoader\Loader\drv\Tsugumi.sys</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LocalDebuggerCommandArguments>C:\MAKEEXE\TurlaDriverLoader\Loader\drv\TsugumiKernel.sys</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LocalDebuggerCommandArguments>C:\MAKEEXE\TurlaDriverLoader\Loader\drv\TsugumiKernel.sys</LocalDebuggerCommandArguments> <LocalDebuggerCommandArguments>C:\MAKEEXE\TurlaDriverLoader\Loader\drv\TsugumiKernel.sys</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor> <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>

113
Source/Furutaka/cui.c
View File

@ -1,12 +1,12 @@
/******************************************************************************* /*******************************************************************************
* *
* (C) COPYRIGHT AUTHORS, 2016 * (C) COPYRIGHT AUTHORS, 2016 - 2017
* *
* TITLE: CUI.C * TITLE: CUI.C
* *
* VERSION: 1.00 * VERSION: 1.10
* *
* DATE: 18 Jan 2016 * DATE: 20 Mar 2017
* *
* Console output. * Console output.
* *
@ -19,46 +19,95 @@
#include "global.h" #include "global.h"
/* /*
* cuiPrintText * cuiPrintTextA
* *
* Purpose: * Purpose:
* *
* Output text to the console or file. * Output text to the console or file.
* *
* ANSI variant
*
*/ */
VOID cuiPrintText( VOID cuiPrintTextA(
_In_ HANDLE hOutConsole, _In_ HANDLE hOutConsole,
_In_ LPWSTR lpText, _In_ LPSTR lpText,
_In_ BOOL ConsoleOutputEnabled, _In_ BOOL ConsoleOutputEnabled,
_In_ BOOL UseReturn _In_ BOOL UseReturn
) )
{ {
SIZE_T consoleIO; SIZE_T consoleIO;
DWORD bytesIO; DWORD bytesIO;
LPWSTR Buffer; LPSTR Buffer;
if (lpText == NULL) if (lpText == NULL)
return; return;
consoleIO = _strlen(lpText); consoleIO = _strlen_a(lpText);
if ((consoleIO == 0) || (consoleIO > MAX_PATH * 4)) if ((consoleIO == 0) || (consoleIO > MAX_PATH * 4))
return; return;
consoleIO = consoleIO * sizeof(WCHAR) + 4 + sizeof(UNICODE_NULL); consoleIO = (5 + consoleIO);
Buffer = (LPWSTR)RtlAllocateHeap(RtlGetCurrentPeb()->ProcessHeap, HEAP_ZERO_MEMORY, consoleIO); Buffer = (LPSTR)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, consoleIO);
if (Buffer) { if (Buffer) {
_strcpy(Buffer, lpText); _strcpy_a(Buffer, lpText);
if (UseReturn) _strcat(Buffer, TEXT("\r\n")); if (UseReturn) _strcat_a(Buffer, "\r\n");
consoleIO = _strlen(Buffer); consoleIO = _strlen_a(Buffer);
if (ConsoleOutputEnabled == TRUE) { if (ConsoleOutputEnabled != FALSE) {
WriteConsole(hOutConsole, Buffer, (DWORD)consoleIO, &bytesIO, NULL); WriteConsoleA(hOutConsole, Buffer, (DWORD)consoleIO, &bytesIO, NULL);
} }
else { else {
WriteFile(hOutConsole, Buffer, (DWORD)(consoleIO * sizeof(WCHAR)), &bytesIO, NULL); WriteFile(hOutConsole, Buffer, (DWORD)(consoleIO * sizeof(CHAR)), &bytesIO, NULL);
} }
RtlFreeHeap(RtlGetCurrentPeb()->ProcessHeap, 0, Buffer); HeapFree(GetProcessHeap(), 0, Buffer);
} }
}
/*
* cuiPrintTextW
*
* Purpose:
*
* Output text to the console or file.
*
* UNICODE variant
*
*/
VOID cuiPrintTextW(
_In_ HANDLE hOutConsole,
_In_ LPWSTR lpText,
_In_ BOOL ConsoleOutputEnabled,
_In_ BOOL UseReturn
)
{
SIZE_T consoleIO;
DWORD bytesIO;
LPWSTR Buffer;
if (lpText == NULL)
return;
consoleIO = _strlen(lpText);
if ((consoleIO == 0) || (consoleIO > MAX_PATH * 4))
return;
consoleIO = (5 + consoleIO) * sizeof(WCHAR);
Buffer = (LPWSTR)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, consoleIO);
if (Buffer) {
_strcpy(Buffer, lpText);
if (UseReturn) _strcat(Buffer, TEXT("\r\n"));
consoleIO = _strlen(Buffer);
if (ConsoleOutputEnabled != FALSE) {
WriteConsole(hOutConsole, Buffer, (DWORD)consoleIO, &bytesIO, NULL);
}
else {
WriteFile(hOutConsole, Buffer, (DWORD)(consoleIO * sizeof(WCHAR)), &bytesIO, NULL);
}
HeapFree(GetProcessHeap(), 0, Buffer);
}
} }

31
Source/Furutaka/cui.h
View File

@ -1,12 +1,12 @@
/******************************************************************************* /*******************************************************************************
* *
* (C) COPYRIGHT AUTHORS, 2016 * (C) COPYRIGHT AUTHORS, 2016 - 2017
* *
* TITLE: CUI.H * TITLE: CUI.H
* *
* VERSION: 1.00 * VERSION: 1.10
* *
* DATE: 18 Jan 2016 * DATE: 04 Feb 2017
* *
* Common header file for console ui. * Common header file for console ui.
* *
@ -18,11 +18,22 @@
*******************************************************************************/ *******************************************************************************/
#pragma once #pragma once
#include "global.h" VOID cuiPrintTextA(
_In_ HANDLE hOutConsole,
_In_ LPSTR lpText,
_In_ BOOL ConsoleOutputEnabled,
_In_ BOOL UseReturn
);
VOID cuiPrintText( VOID cuiPrintTextW(
_In_ HANDLE hOutConsole, _In_ HANDLE hOutConsole,
_In_ LPWSTR lpText, _In_ LPWSTR lpText,
_In_ BOOL ConsoleOutputEnabled, _In_ BOOL ConsoleOutputEnabled,
_In_ BOOL UseReturn _In_ BOOL UseReturn
); );
#ifdef UNICODE
#define cuiPrintText cuiPrintTextW
#else
#define cuiPrintText cuiPrintTextA
#endif

6
Source/Furutaka/global.h
View File

@ -1,12 +1,12 @@
/******************************************************************************* /*******************************************************************************
* *
* (C) COPYRIGHT AUTHORS, 2016 * (C) COPYRIGHT AUTHORS, 2016 - 2017
* *
* TITLE: GLOBAL.H * TITLE: GLOBAL.H
* *
* VERSION: 1.00 * VERSION: 1.10
* *
* DATE: 01 Feb 2016 * DATE: 17 Apr 2017
* *
* Common header file for the program support routines. * Common header file for the program support routines.
* *

279
Source/Furutaka/instdrv.c
View File

@ -1,12 +1,12 @@
/******************************************************************************* /*******************************************************************************
* *
* (C) COPYRIGHT AUTHORS, 2015 - 2016, portions (C) Mark Russinovich, FileMon * (C) COPYRIGHT AUTHORS, 2015 - 2017, portions (C) Mark Russinovich, FileMon
* *
* TITLE: INSTDRV.C * TITLE: INSTDRV.C
* *
* VERSION: 1.11 * VERSION: 1.10
* *
* DATE: 01 Feb 2016 * DATE: 17 Apr 2017
* *
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@ -25,33 +25,33 @@
* *
*/ */
BOOL scmInstallDriver( BOOL scmInstallDriver(
_In_ SC_HANDLE SchSCManager, _In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName, _In_ LPCTSTR DriverName,
_In_opt_ LPCTSTR ServiceExe _In_opt_ LPCTSTR ServiceExe
) )
{ {
SC_HANDLE schService; SC_HANDLE schService;
schService = CreateService(SchSCManager, // SCManager database schService = CreateService(SchSCManager, // SCManager database
DriverName, // name of service DriverName, // name of service
DriverName, // name to display DriverName, // name to display
SERVICE_ALL_ACCESS, // desired access SERVICE_ALL_ACCESS, // desired access
SERVICE_KERNEL_DRIVER, // service type SERVICE_KERNEL_DRIVER, // service type
SERVICE_DEMAND_START, // start type SERVICE_DEMAND_START, // start type
SERVICE_ERROR_NORMAL, // error control type SERVICE_ERROR_NORMAL, // error control type
ServiceExe, // service's binary ServiceExe, // service's binary
NULL, // no load ordering group NULL, // no load ordering group
NULL, // no tag identifier NULL, // no tag identifier
NULL, // no dependencies NULL, // no dependencies
NULL, // LocalSystem account NULL, // LocalSystem account
NULL // no password NULL // no password
); );
if (schService == NULL) { if (schService == NULL) {
return FALSE; return FALSE;
} }
CloseServiceHandle(schService); CloseServiceHandle(schService);
return TRUE; return TRUE;
} }
/* /*
@ -63,26 +63,26 @@ BOOL scmInstallDriver(
* *
*/ */
BOOL scmStartDriver( BOOL scmStartDriver(
_In_ SC_HANDLE SchSCManager, _In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName _In_ LPCTSTR DriverName
) )
{ {
SC_HANDLE schService; SC_HANDLE schService;
BOOL ret; BOOL ret;
schService = OpenService(SchSCManager, schService = OpenService(SchSCManager,
DriverName, DriverName,
SERVICE_ALL_ACCESS SERVICE_ALL_ACCESS
); );
if (schService == NULL) if (schService == NULL)
return FALSE; return FALSE;
ret = StartService(schService, 0, NULL) ret = StartService(schService, 0, NULL)
|| GetLastError() == ERROR_SERVICE_ALREADY_RUNNING; || GetLastError() == ERROR_SERVICE_ALREADY_RUNNING;
CloseServiceHandle(schService); CloseServiceHandle(schService);
return ret; return ret;
} }
/* /*
@ -94,35 +94,35 @@ BOOL scmStartDriver(
* *
*/ */
BOOL scmOpenDevice( BOOL scmOpenDevice(
_In_ LPCTSTR DriverName, _In_ LPCTSTR DriverName,
_Inout_opt_ PHANDLE lphDevice _Inout_opt_ PHANDLE lphDevice
) )
{ {
TCHAR completeDeviceName[64]; TCHAR completeDeviceName[64];
HANDLE hDevice; HANDLE hDevice;
RtlSecureZeroMemory(completeDeviceName, sizeof(completeDeviceName)); RtlSecureZeroMemory(completeDeviceName, sizeof(completeDeviceName));
wsprintf(completeDeviceName, TEXT("\\\\.\\%s"), DriverName); wsprintf(completeDeviceName, TEXT("\\\\.\\%s"), DriverName);
hDevice = CreateFile(completeDeviceName, hDevice = CreateFile(completeDeviceName,
GENERIC_READ | GENERIC_WRITE, GENERIC_READ | GENERIC_WRITE,
0, 0,
NULL, NULL,
OPEN_EXISTING, OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, FILE_ATTRIBUTE_NORMAL,
NULL NULL
); );
if (hDevice == INVALID_HANDLE_VALUE) if (hDevice == INVALID_HANDLE_VALUE)
return FALSE; return FALSE;
if (lphDevice) { if (lphDevice) {
*lphDevice = hDevice; *lphDevice = hDevice;
} }
else { else {
CloseHandle(hDevice); CloseHandle(hDevice);
} }
return TRUE; return TRUE;
} }
/* /*
@ -134,39 +134,39 @@ BOOL scmOpenDevice(
* *
*/ */
BOOL scmStopDriver( BOOL scmStopDriver(
_In_ SC_HANDLE SchSCManager, _In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName _In_ LPCTSTR DriverName
) )
{ {
INT iRetryCount; BOOL ret;
SC_HANDLE schService; INT iRetryCount;
BOOL ret; SC_HANDLE schService;
SERVICE_STATUS serviceStatus; SERVICE_STATUS serviceStatus;
ret = FALSE; ret = FALSE;
schService = OpenService(SchSCManager, DriverName, SERVICE_ALL_ACCESS); schService = OpenService(SchSCManager, DriverName, SERVICE_ALL_ACCESS);
if (schService == NULL) { if (schService == NULL) {
return ret; return ret;
} }
iRetryCount = 5; iRetryCount = 5;
do { do {
SetLastError(0); SetLastError(0);
ret = ControlService(schService, SERVICE_CONTROL_STOP, &serviceStatus); ret = ControlService(schService, SERVICE_CONTROL_STOP, &serviceStatus);
if (ret == TRUE) if (ret != FALSE)
break; break;
if (GetLastError() != ERROR_DEPENDENT_SERVICES_RUNNING) if (GetLastError() != ERROR_DEPENDENT_SERVICES_RUNNING)
break; break;
Sleep(1000); Sleep(1000);
iRetryCount--; iRetryCount--;
} while (iRetryCount); } while (iRetryCount);
CloseServiceHandle(schService); CloseServiceHandle(schService);
return ret; return ret;
} }
/* /*
@ -178,27 +178,19 @@ BOOL scmStopDriver(
* *
*/ */
BOOL scmRemoveDriver( BOOL scmRemoveDriver(
_In_ SC_HANDLE SchSCManager, _In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName _In_ LPCTSTR DriverName
) )
{ {
SC_HANDLE schService; SC_HANDLE schService;
BOOL bResult = FALSE; BOOL bResult = FALSE;
schService = OpenService(SchSCManager, schService = OpenService(SchSCManager, DriverName, SERVICE_ALL_ACCESS);
DriverName, if (schService) {
DELETE bResult = DeleteService(schService);
); CloseServiceHandle(schService);
}
if (schService == NULL) { return bResult;
return bResult;
}
bResult = DeleteService(schService);
CloseServiceHandle(schService);
return bResult;
} }
/* /*
@ -210,26 +202,23 @@ BOOL scmRemoveDriver(
* *
*/ */
BOOL scmUnloadDeviceDriver( BOOL scmUnloadDeviceDriver(
_In_ LPCTSTR Name _In_ LPCTSTR Name
) )
{ {
SC_HANDLE schSCManager; SC_HANDLE schSCManager;
BOOL bResult = FALSE; BOOL bResult = FALSE;
if (Name == NULL) { if (Name == NULL) {
return bResult; return bResult;
} }
schSCManager = OpenSCManager(NULL, schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
NULL, if (schSCManager) {
SC_MANAGER_ALL_ACCESS scmStopDriver(schSCManager, Name);
); bResult = scmRemoveDriver(schSCManager, Name);
if (schSCManager) { CloseServiceHandle(schSCManager);
scmStopDriver(schSCManager, Name); }
bResult = scmRemoveDriver(schSCManager, Name); return bResult;
CloseServiceHandle(schSCManager);
}
return bResult;
} }
/* /*
@ -241,25 +230,25 @@ BOOL scmUnloadDeviceDriver(
* *
*/ */
BOOL scmLoadDeviceDriver( BOOL scmLoadDeviceDriver(
_In_ LPCTSTR Name, _In_ LPCTSTR Name,
_In_opt_ LPCTSTR Path, _In_opt_ LPCTSTR Path,
_Inout_ PHANDLE lphDevice _Inout_ PHANDLE lphDevice
) )
{ {
SC_HANDLE schSCManager; SC_HANDLE schSCManager;
BOOL bResult = FALSE; BOOL bResult = FALSE;
if (Name == NULL) { if (Name == NULL) {
return bResult; return bResult;
} }
schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (schSCManager) { if (schSCManager) {
scmRemoveDriver(schSCManager, Name); scmRemoveDriver(schSCManager, Name);
scmInstallDriver(schSCManager, Name, Path); scmInstallDriver(schSCManager, Name, Path);
scmStartDriver(schSCManager, Name); scmStartDriver(schSCManager, Name);
bResult = scmOpenDevice(Name, lphDevice); bResult = scmOpenDevice(Name, lphDevice);
CloseServiceHandle(schSCManager); CloseServiceHandle(schSCManager);
} }
return bResult; return bResult;
} }

49
Source/Furutaka/instdrv.h
View File

@ -1,12 +1,12 @@
/******************************************************************************* /*******************************************************************************
* *
* (C) COPYRIGHT AUTHORS, 2015, portions (C) Mark Russinovich, FileMon * (C) COPYRIGHT AUTHORS, 2015 - 2017, portions (C) Mark Russinovich, FileMon
* *
* TITLE: INSTDRV.H * TITLE: INSTDRV.H
* *
* VERSION: 1.10 * VERSION: 1.10
* *
* DATE: 10 Mar 2015 * DATE: 17 Apr 2017
* *
* Common header file for the program SCM usage. * Common header file for the program SCM usage.
* *
@ -16,39 +16,40 @@
* PARTICULAR PURPOSE. * PARTICULAR PURPOSE.
* *
*******************************************************************************/ *******************************************************************************/
#pragma once
BOOL scmInstallDriver( BOOL scmInstallDriver(
_In_ SC_HANDLE SchSCManager, _In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName, _In_ LPCTSTR DriverName,
_In_opt_ LPCTSTR ServiceExe _In_opt_ LPCTSTR ServiceExe
); );
BOOL scmStartDriver( BOOL scmStartDriver(
_In_ SC_HANDLE SchSCManager, _In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName _In_ LPCTSTR DriverName
); );
BOOL scmOpenDevice( BOOL scmOpenDevice(
_In_ LPCTSTR DriverName, _In_ LPCTSTR DriverName,
_Inout_opt_ PHANDLE lphDevice _Inout_opt_ PHANDLE lphDevice
); );
BOOL scmStopDriver( BOOL scmStopDriver(
_In_ SC_HANDLE SchSCManager, _In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName _In_ LPCTSTR DriverName
); );
BOOL scmRemoveDriver( BOOL scmRemoveDriver(
_In_ SC_HANDLE SchSCManager, _In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName _In_ LPCTSTR DriverName
); );
BOOL scmUnloadDeviceDriver( BOOL scmUnloadDeviceDriver(
_In_ LPCTSTR Name _In_ LPCTSTR Name
); );
BOOL scmLoadDeviceDriver( BOOL scmLoadDeviceDriver(
_In_ LPCTSTR Name, _In_ LPCTSTR Name,
_In_opt_ LPCTSTR Path, _In_opt_ LPCTSTR Path,
_Inout_ PHANDLE lphDevice _Inout_ PHANDLE lphDevice
); );

1143
Source/Furutaka/main.c
View File

File diff suppressed because it is too large Load Diff

BIN
Source/Furutaka/resource.rc
View File

Binary file not shown.

186
Source/Furutaka/shellcode.h
View File

@ -1,12 +1,12 @@
/******************************************************************************* /*******************************************************************************
* *
* (C) COPYRIGHT AUTHORS, 2016 * (C) COPYRIGHT AUTHORS, 2016 - 2017
* *
* TITLE: SHELLCODE.H * TITLE: SHELLCODE.H
* *
* VERSION: 1.00 * VERSION: 1.10
* *
* DATE: 30 Jan 2016 * DATE: 17 Apr 2017
* *
* Loader bootstrap shellcode. * Loader bootstrap shellcode.
* *
@ -20,20 +20,20 @@
#pragma once #pragma once
typedef PVOID(NTAPI *PfnExAllocatePoolWithTag)( typedef PVOID(NTAPI *PfnExAllocatePoolWithTag)(
_In_ POOL_TYPE PoolType, _In_ POOL_TYPE PoolType,
_In_ SIZE_T NumberOfBytes, _In_ SIZE_T NumberOfBytes,
_In_ ULONG Tag _In_ ULONG Tag
); );
typedef NTSTATUS(NTAPI *PfnPsCreateSystemThread)( typedef NTSTATUS(NTAPI *PfnPsCreateSystemThread)(
_Out_ PHANDLE ThreadHandle, _Out_ PHANDLE ThreadHandle,
_In_ ULONG DesiredAccess, _In_ ULONG DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
_In_opt_ HANDLE ProcessHandle, _In_opt_ HANDLE ProcessHandle,
_Out_opt_ PCLIENT_ID ClientId, _Out_opt_ PCLIENT_ID ClientId,
_In_ PKSTART_ROUTINE StartRoutine, _In_ PKSTART_ROUTINE StartRoutine,
_In_opt_ PVOID StartContext _In_opt_ PVOID StartContext
); );
/* /*
* TDLBootstrapLoader * TDLBootstrapLoader
@ -45,101 +45,101 @@ typedef NTSTATUS(NTAPI *PfnPsCreateSystemThread)(
*/ */
/* /*
void TDLBootstrapLoader( void TDLBootstrapLoader(
PfnExAllocatePoolWithTag ExAllocatePoolWithTag, PfnExAllocatePoolWithTag ExAllocatePoolWithTag,
PfnPsCreateSystemThread PsCreateSystemThread) PfnPsCreateSystemThread PsCreateSystemThread)
{ {
ULONG_PTR pos, exbuffer, ULONG_PTR pos, exbuffer,
Image = ((ULONG_PTR)&TDLBootstrapLoader) + 0x200; Image = ((ULONG_PTR)&TDLBootstrapLoader) + 0x200;
PIMAGE_DOS_HEADER dosh = (PIMAGE_DOS_HEADER)Image; PIMAGE_DOS_HEADER dosh = (PIMAGE_DOS_HEADER)Image;
PIMAGE_FILE_HEADER fileh = PIMAGE_FILE_HEADER fileh =
(PIMAGE_FILE_HEADER)(Image + sizeof(DWORD) + dosh->e_lfanew); (PIMAGE_FILE_HEADER)(Image + sizeof(DWORD) + dosh->e_lfanew);
PIMAGE_OPTIONAL_HEADER popth = PIMAGE_OPTIONAL_HEADER popth =
(PIMAGE_OPTIONAL_HEADER)((PBYTE)fileh + sizeof(IMAGE_FILE_HEADER)); (PIMAGE_OPTIONAL_HEADER)((PBYTE)fileh + sizeof(IMAGE_FILE_HEADER));
ULONG isz = popth->SizeOfImage; ULONG isz = popth->SizeOfImage;
HANDLE th; HANDLE th;
PIMAGE_BASE_RELOCATION rel; PIMAGE_BASE_RELOCATION rel;
DWORD_PTR delta; DWORD_PTR delta;
LPWORD chains; LPWORD chains;
DWORD c, p, rsz; DWORD c, p, rsz;
OBJECT_ATTRIBUTES attr; OBJECT_ATTRIBUTES attr;
exbuffer = (ULONG_PTR)ExAllocatePoolWithTag( exbuffer = (ULONG_PTR)ExAllocatePoolWithTag(
NonPagedPool, isz + PAGE_SIZE, 'SldT') + PAGE_SIZE; NonPagedPool, isz + PAGE_SIZE, 'SldT') + PAGE_SIZE;
exbuffer &= ~(PAGE_SIZE - 1); exbuffer &= ~(PAGE_SIZE - 1);
if (popth->NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC) if (popth->NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC)
if (popth->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != 0) if (popth->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != 0)
{ {
rel = (PIMAGE_BASE_RELOCATION)((PBYTE)Image + rel = (PIMAGE_BASE_RELOCATION)((PBYTE)Image +
popth->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress); popth->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
rsz = popth->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size; rsz = popth->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
delta = (DWORD_PTR)exbuffer - popth->ImageBase; delta = (DWORD_PTR)exbuffer - popth->ImageBase;
c = 0; c = 0;
while (c < rsz) { while (c < rsz) {
p = sizeof(IMAGE_BASE_RELOCATION); p = sizeof(IMAGE_BASE_RELOCATION);
chains = (LPWORD)((PBYTE)rel + p); chains = (LPWORD)((PBYTE)rel + p);
while (p < rel->SizeOfBlock) { while (p < rel->SizeOfBlock) {
switch (*chains >> 12) { switch (*chains >> 12) {
case IMAGE_REL_BASED_HIGHLOW: case IMAGE_REL_BASED_HIGHLOW:
*(LPDWORD)((ULONG_PTR)Image + rel->VirtualAddress + (*chains & 0x0fff)) += (DWORD)delta; *(LPDWORD)((ULONG_PTR)Image + rel->VirtualAddress + (*chains & 0x0fff)) += (DWORD)delta;
break; break;
case IMAGE_REL_BASED_DIR64: case IMAGE_REL_BASED_DIR64:
*(PULONGLONG)((ULONG_PTR)Image + rel->VirtualAddress + (*chains & 0x0fff)) += delta; *(PULONGLONG)((ULONG_PTR)Image + rel->VirtualAddress + (*chains & 0x0fff)) += delta;
break; break;
} }
chains++; chains++;
p += sizeof(WORD); p += sizeof(WORD);
} }
c += rel->SizeOfBlock; c += rel->SizeOfBlock;
rel = (PIMAGE_BASE_RELOCATION)((PBYTE)rel + rel->SizeOfBlock); rel = (PIMAGE_BASE_RELOCATION)((PBYTE)rel + rel->SizeOfBlock);
} }
} }
isz >>= 3; isz >>= 3;
for (pos = 0; pos < isz; pos++) for (pos = 0; pos < isz; pos++)
((PULONG64)exbuffer)[pos] = ((PULONG64)Image)[pos]; ((PULONG64)exbuffer)[pos] = ((PULONG64)Image)[pos];
InitializeObjectAttributes(&attr, NULL, OBJ_KERNEL_HANDLE, NULL, NULL); InitializeObjectAttributes(&attr, NULL, OBJ_KERNEL_HANDLE, NULL, NULL);
PsCreateSystemThread(&th, THREAD_ALL_ACCESS, &attr, NULL, NULL, PsCreateSystemThread(&th, THREAD_ALL_ACCESS, &attr, NULL, NULL,
(PKSTART_ROUTINE)(exbuffer + popth->AddressOfEntryPoint), NULL); (PKSTART_ROUTINE)(exbuffer + popth->AddressOfEntryPoint), NULL);
} }
*/ */
static const unsigned char TDLBootstrapLoader_code[415] = { static const unsigned char TDLBootstrapLoader_code[415] = {
0x40, 0x53, 0x56, 0x41, 0x54, 0x41, 0x55, 0x41, 0x56, 0x48, 0x83, 0xEC, 0x70, 0x4C, 0x8B, 0xE2, 0x40, 0x53, 0x56, 0x41, 0x54, 0x41, 0x55, 0x41, 0x56, 0x48, 0x83, 0xEC, 0x70, 0x4C, 0x8B, 0xE2,
0x4C, 0x89, 0xBC, 0x24, 0xB8, 0x00, 0x00, 0x00, 0x4C, 0x8B, 0xC9, 0x48, 0x8D, 0x1D, 0xDE, 0xFF, 0x4C, 0x89, 0xBC, 0x24, 0xB8, 0x00, 0x00, 0x00, 0x4C, 0x8B, 0xC9, 0x48, 0x8D, 0x1D, 0xDE, 0xFF,
0xFF, 0xFF, 0x48, 0x81, 0xC3, 0x00, 0x02, 0x00, 0x00, 0x33, 0xC9, 0x41, 0xB8, 0x54, 0x64, 0x6C, 0xFF, 0xFF, 0x48, 0x81, 0xC3, 0x00, 0x02, 0x00, 0x00, 0x33, 0xC9, 0x41, 0xB8, 0x54, 0x64, 0x6C,
0x53, 0x4C, 0x63, 0x73, 0x3C, 0x4C, 0x03, 0xF3, 0x45, 0x8B, 0x7E, 0x50, 0x41, 0x8D, 0x97, 0x00, 0x53, 0x4C, 0x63, 0x73, 0x3C, 0x4C, 0x03, 0xF3, 0x45, 0x8B, 0x7E, 0x50, 0x41, 0x8D, 0x97, 0x00,
0x10, 0x00, 0x00, 0x41, 0xFF, 0xD1, 0x45, 0x33, 0xED, 0x48, 0x8D, 0xB0, 0x00, 0x10, 0x00, 0x00, 0x10, 0x00, 0x00, 0x41, 0xFF, 0xD1, 0x45, 0x33, 0xED, 0x48, 0x8D, 0xB0, 0x00, 0x10, 0x00, 0x00,
0x48, 0x81, 0xE6, 0x00, 0xF0, 0xFF, 0xFF, 0x41, 0x83, 0xBE, 0x84, 0x00, 0x00, 0x00, 0x05, 0x0F, 0x48, 0x81, 0xE6, 0x00, 0xF0, 0xFF, 0xFF, 0x41, 0x83, 0xBE, 0x84, 0x00, 0x00, 0x00, 0x05, 0x0F,
0x86, 0xAB, 0x00, 0x00, 0x00, 0x41, 0x8B, 0x8E, 0xB0, 0x00, 0x00, 0x00, 0x85, 0xC9, 0x0F, 0x84, 0x86, 0xAB, 0x00, 0x00, 0x00, 0x41, 0x8B, 0x8E, 0xB0, 0x00, 0x00, 0x00, 0x85, 0xC9, 0x0F, 0x84,
0x9C, 0x00, 0x00, 0x00, 0x48, 0x89, 0xAC, 0x24, 0xA8, 0x00, 0x00, 0x00, 0x4C, 0x8D, 0x04, 0x0B, 0x9C, 0x00, 0x00, 0x00, 0x48, 0x89, 0xAC, 0x24, 0xA8, 0x00, 0x00, 0x00, 0x4C, 0x8D, 0x04, 0x0B,
0x41, 0x8B, 0xAE, 0xB4, 0x00, 0x00, 0x00, 0x4C, 0x8B, 0xDE, 0x4D, 0x2B, 0x5E, 0x30, 0x48, 0x89, 0x41, 0x8B, 0xAE, 0xB4, 0x00, 0x00, 0x00, 0x4C, 0x8B, 0xDE, 0x4D, 0x2B, 0x5E, 0x30, 0x48, 0x89,
0xBC, 0x24, 0xB0, 0x00, 0x00, 0x00, 0x41, 0x8B, 0xFD, 0x85, 0xED, 0x74, 0x63, 0x0F, 0x1F, 0x00, 0xBC, 0x24, 0xB0, 0x00, 0x00, 0x00, 0x41, 0x8B, 0xFD, 0x85, 0xED, 0x74, 0x63, 0x0F, 0x1F, 0x00,
0x41, 0xB9, 0x08, 0x00, 0x00, 0x00, 0x4D, 0x8D, 0x50, 0x08, 0x45, 0x39, 0x48, 0x04, 0x76, 0x43, 0x41, 0xB9, 0x08, 0x00, 0x00, 0x00, 0x4D, 0x8D, 0x50, 0x08, 0x45, 0x39, 0x48, 0x04, 0x76, 0x43,
0x41, 0x0F, 0xB7, 0x02, 0x8B, 0xC8, 0xC1, 0xE9, 0x0C, 0x83, 0xF9, 0x03, 0x74, 0x17, 0x83, 0xF9, 0x41, 0x0F, 0xB7, 0x02, 0x8B, 0xC8, 0xC1, 0xE9, 0x0C, 0x83, 0xF9, 0x03, 0x74, 0x17, 0x83, 0xF9,
0x0A, 0x75, 0x22, 0x41, 0x8B, 0x10, 0x25, 0xFF, 0x0F, 0x00, 0x00, 0x48, 0x8D, 0x0C, 0x03, 0x4C, 0x0A, 0x75, 0x22, 0x41, 0x8B, 0x10, 0x25, 0xFF, 0x0F, 0x00, 0x00, 0x48, 0x8D, 0x0C, 0x03, 0x4C,
0x01, 0x1C, 0x0A, 0xEB, 0x10, 0x41, 0x8B, 0x10, 0x25, 0xFF, 0x0F, 0x00, 0x00, 0x48, 0x8D, 0x0C, 0x01, 0x1C, 0x0A, 0xEB, 0x10, 0x41, 0x8B, 0x10, 0x25, 0xFF, 0x0F, 0x00, 0x00, 0x48, 0x8D, 0x0C,
0x03, 0x44, 0x01, 0x1C, 0x0A, 0x49, 0x83, 0xC2, 0x02, 0x41, 0x83, 0xC1, 0x02, 0x45, 0x3B, 0x48, 0x03, 0x44, 0x01, 0x1C, 0x0A, 0x49, 0x83, 0xC2, 0x02, 0x41, 0x83, 0xC1, 0x02, 0x45, 0x3B, 0x48,
0x04, 0x72, 0xBD, 0x41, 0x8B, 0x40, 0x04, 0x03, 0xF8, 0x4C, 0x03, 0xC0, 0x3B, 0xFD, 0x72, 0xA0, 0x04, 0x72, 0xBD, 0x41, 0x8B, 0x40, 0x04, 0x03, 0xF8, 0x4C, 0x03, 0xC0, 0x3B, 0xFD, 0x72, 0xA0,
0x48, 0x8B, 0xAC, 0x24, 0xA8, 0x00, 0x00, 0x00, 0x48, 0x8B, 0xBC, 0x24, 0xB0, 0x00, 0x00, 0x00, 0x48, 0x8B, 0xAC, 0x24, 0xA8, 0x00, 0x00, 0x00, 0x48, 0x8B, 0xBC, 0x24, 0xB0, 0x00, 0x00, 0x00,
0x49, 0x8B, 0xD7, 0x4C, 0x8B, 0xBC, 0x24, 0xB8, 0x00, 0x00, 0x00, 0x48, 0xC1, 0xEA, 0x03, 0x48, 0x49, 0x8B, 0xD7, 0x4C, 0x8B, 0xBC, 0x24, 0xB8, 0x00, 0x00, 0x00, 0x48, 0xC1, 0xEA, 0x03, 0x48,
0x85, 0xD2, 0x74, 0x1D, 0x48, 0x8B, 0xCE, 0x48, 0x2B, 0xDE, 0x66, 0x0F, 0x1F, 0x44, 0x00, 0x00, 0x85, 0xD2, 0x74, 0x1D, 0x48, 0x8B, 0xCE, 0x48, 0x2B, 0xDE, 0x66, 0x0F, 0x1F, 0x44, 0x00, 0x00,
0x48, 0x8B, 0x04, 0x0B, 0x48, 0x89, 0x01, 0x48, 0x8D, 0x49, 0x08, 0x48, 0x83, 0xEA, 0x01, 0x75, 0x48, 0x8B, 0x04, 0x0B, 0x48, 0x89, 0x01, 0x48, 0x8D, 0x49, 0x08, 0x48, 0x83, 0xEA, 0x01, 0x75,
0xEF, 0x0F, 0x57, 0xC0, 0xC7, 0x44, 0x24, 0x40, 0x30, 0x00, 0x00, 0x00, 0xF3, 0x0F, 0x7F, 0x44, 0xEF, 0x0F, 0x57, 0xC0, 0xC7, 0x44, 0x24, 0x40, 0x30, 0x00, 0x00, 0x00, 0xF3, 0x0F, 0x7F, 0x44,
0x24, 0x60, 0x4C, 0x89, 0x6C, 0x24, 0x48, 0x4C, 0x8D, 0x44, 0x24, 0x40, 0xC7, 0x44, 0x24, 0x58, 0x24, 0x60, 0x4C, 0x89, 0x6C, 0x24, 0x48, 0x4C, 0x8D, 0x44, 0x24, 0x40, 0xC7, 0x44, 0x24, 0x58,
0x00, 0x02, 0x00, 0x00, 0x48, 0x8D, 0x8C, 0x24, 0xA0, 0x00, 0x00, 0x00, 0x4C, 0x89, 0x6C, 0x24, 0x00, 0x02, 0x00, 0x00, 0x48, 0x8D, 0x8C, 0x24, 0xA0, 0x00, 0x00, 0x00, 0x4C, 0x89, 0x6C, 0x24,
0x50, 0x45, 0x33, 0xC9, 0x41, 0x8B, 0x46, 0x28, 0xBA, 0xFF, 0xFF, 0x1F, 0x00, 0x48, 0x03, 0xC6, 0x50, 0x45, 0x33, 0xC9, 0x41, 0x8B, 0x46, 0x28, 0xBA, 0xFF, 0xFF, 0x1F, 0x00, 0x48, 0x03, 0xC6,
0x4C, 0x89, 0x6C, 0x24, 0x30, 0x48, 0x89, 0x44, 0x24, 0x28, 0x4C, 0x89, 0x6C, 0x24, 0x20, 0x41, 0x4C, 0x89, 0x6C, 0x24, 0x30, 0x48, 0x89, 0x44, 0x24, 0x28, 0x4C, 0x89, 0x6C, 0x24, 0x20, 0x41,
0xFF, 0xD4, 0x48, 0x83, 0xC4, 0x70, 0x41, 0x5E, 0x41, 0x5D, 0x41, 0x5C, 0x5E, 0x5B, 0xC3 0xFF, 0xD4, 0x48, 0x83, 0xC4, 0x70, 0x41, 0x5E, 0x41, 0x5D, 0x41, 0x5C, 0x5E, 0x5B, 0xC3
}; };

534
Source/Furutaka/sup.c
View File

@ -1,12 +1,12 @@
/******************************************************************************* /*******************************************************************************
* *
* (C) COPYRIGHT AUTHORS, 2016 * (C) COPYRIGHT AUTHORS, 2016 - 2017
* *
* TITLE: SUP.C * TITLE: SUP.C
* *
* VERSION: 1.00 * VERSION: 1.10
* *
* DATE: 01 Feb 2016 * DATE: 17 Apr 2017
* *
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF * THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED * ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@ -25,43 +25,43 @@
* *
*/ */
PVOID supGetSystemInfo( PVOID supGetSystemInfo(
_In_ SYSTEM_INFORMATION_CLASS InfoClass _In_ SYSTEM_INFORMATION_CLASS InfoClass
) )
{ {
INT c = 0; INT c = 0;
PVOID Buffer = NULL; PVOID Buffer = NULL;
ULONG Size = 0x1000; ULONG Size = 0x1000;
NTSTATUS status; NTSTATUS status;
ULONG memIO; ULONG memIO;
PVOID hHeap = NtCurrentPeb()->ProcessHeap; PVOID hHeap = NtCurrentPeb()->ProcessHeap;
do { do {
Buffer = RtlAllocateHeap(hHeap, HEAP_ZERO_MEMORY, (SIZE_T)Size); Buffer = RtlAllocateHeap(hHeap, HEAP_ZERO_MEMORY, (SIZE_T)Size);
if (Buffer != NULL) { if (Buffer != NULL) {
status = NtQuerySystemInformation(InfoClass, Buffer, Size, &memIO); status = NtQuerySystemInformation(InfoClass, Buffer, Size, &memIO);
} }
else { else {
return NULL; return NULL;
} }
if (status == STATUS_INFO_LENGTH_MISMATCH) { if (status == STATUS_INFO_LENGTH_MISMATCH) {
RtlFreeHeap(hHeap, 0, Buffer); RtlFreeHeap(hHeap, 0, Buffer);
Size *= 2; Size *= 2;
c++; c++;
if (c > 100) { if (c > 100) {
status = STATUS_SECRET_TOO_LONG; status = STATUS_SECRET_TOO_LONG;
break; break;
} }
} }
} while (status == STATUS_INFO_LENGTH_MISMATCH); } while (status == STATUS_INFO_LENGTH_MISMATCH);
if (NT_SUCCESS(status)) { if (NT_SUCCESS(status)) {
return Buffer; return Buffer;
} }
if (Buffer) { if (Buffer) {
RtlFreeHeap(hHeap, 0, Buffer); RtlFreeHeap(hHeap, 0, Buffer);
} }
return NULL; return NULL;
} }
/* /*
@ -73,19 +73,19 @@ PVOID supGetSystemInfo(
* *
*/ */
ULONG_PTR supGetNtOsBase( ULONG_PTR supGetNtOsBase(
VOID VOID
) )
{ {
PRTL_PROCESS_MODULES miSpace; PRTL_PROCESS_MODULES miSpace;
ULONG_PTR NtOsBase = 0; ULONG_PTR NtOsBase = 0;
miSpace = supGetSystemInfo(SystemModuleInformation); miSpace = supGetSystemInfo(SystemModuleInformation);
while (miSpace != NULL) { while (miSpace != NULL) {
NtOsBase = (ULONG_PTR)miSpace->Modules[0].ImageBase; NtOsBase = (ULONG_PTR)miSpace->Modules[0].ImageBase;
RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, miSpace); RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, miSpace);
break; break;
} }
return NtOsBase; return NtOsBase;
} }
/* /*
@ -97,34 +97,34 @@ ULONG_PTR supGetNtOsBase(
* *
*/ */
PBYTE supQueryResourceData( PBYTE supQueryResourceData(
_In_ ULONG_PTR ResourceId, _In_ ULONG_PTR ResourceId,
_In_ PVOID DllHandle, _In_ PVOID DllHandle,
_In_ PULONG DataSize _In_ PULONG DataSize
) )
{ {
NTSTATUS status; NTSTATUS status;
ULONG_PTR IdPath[3]; ULONG_PTR IdPath[3];
IMAGE_RESOURCE_DATA_ENTRY *DataEntry; IMAGE_RESOURCE_DATA_ENTRY *DataEntry;
PBYTE Data = NULL; PBYTE Data = NULL;
ULONG SizeOfData = 0; ULONG SizeOfData = 0;
if (DllHandle != NULL) { if (DllHandle != NULL) {
IdPath[0] = (ULONG_PTR)RT_RCDATA; //type IdPath[0] = (ULONG_PTR)RT_RCDATA; //type
IdPath[1] = ResourceId; //id IdPath[1] = ResourceId; //id
IdPath[2] = 0; //lang IdPath[2] = 0; //lang
status = LdrFindResource_U(DllHandle, (ULONG_PTR*)&IdPath, 3, &DataEntry); status = LdrFindResource_U(DllHandle, (ULONG_PTR*)&IdPath, 3, &DataEntry);
if (NT_SUCCESS(status)) { if (NT_SUCCESS(status)) {
status = LdrAccessResource(DllHandle, DataEntry, &Data, &SizeOfData); status = LdrAccessResource(DllHandle, DataEntry, &Data, &SizeOfData);
if (NT_SUCCESS(status)) { if (NT_SUCCESS(status)) {
if (DataSize) { if (DataSize) {
*DataSize = SizeOfData; *DataSize = SizeOfData;
} }
} }
} }
} }
return Data; return Data;
} }
/* /*
@ -136,39 +136,39 @@ PBYTE supQueryResourceData(
* *
*/ */
BOOL supBackupVBoxDrv( BOOL supBackupVBoxDrv(
_In_ BOOL bRestore _In_ BOOL bRestore
) )
{ {
BOOL bResult = FALSE; BOOL bResult = FALSE;
WCHAR szOldDriverName[MAX_PATH * 2]; WCHAR szOldDriverName[MAX_PATH * 2];
WCHAR szNewDriverName[MAX_PATH * 2]; WCHAR szNewDriverName[MAX_PATH * 2];
WCHAR szDriverDirName[MAX_PATH * 2]; WCHAR szDriverDirName[MAX_PATH * 2];
if (!GetSystemDirectory(szDriverDirName, MAX_PATH)) { if (!GetSystemDirectory(szDriverDirName, MAX_PATH)) {
return FALSE; return FALSE;
} }
_strcat(szDriverDirName, TEXT("\\drivers\\")); _strcat(szDriverDirName, TEXT("\\drivers\\"));
if (bRestore) { if (bRestore) {
_strcpy(szOldDriverName, szDriverDirName); _strcpy(szOldDriverName, szDriverDirName);
_strcat(szOldDriverName, TEXT("VBoxDrv.backup")); _strcat(szOldDriverName, TEXT("VBoxDrv.backup"));
if (PathFileExists(szOldDriverName)) { if (PathFileExists(szOldDriverName)) {
_strcpy(szNewDriverName, szDriverDirName); _strcpy(szNewDriverName, szDriverDirName);
_strcat(szNewDriverName, TEXT("VBoxDrv.sys")); _strcat(szNewDriverName, TEXT("VBoxDrv.sys"));
bResult = MoveFileEx(szOldDriverName, szNewDriverName, bResult = MoveFileEx(szOldDriverName, szNewDriverName,
MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH); MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH);
} }
} }
else { else {
_strcpy(szOldDriverName, szDriverDirName); _strcpy(szOldDriverName, szDriverDirName);
_strcat(szOldDriverName, TEXT("VBoxDrv.sys")); _strcat(szOldDriverName, TEXT("VBoxDrv.sys"));
_strcpy(szNewDriverName, szDriverDirName); _strcpy(szNewDriverName, szDriverDirName);
_strcat(szNewDriverName, TEXT("VBoxDrv.backup")); _strcat(szNewDriverName, TEXT("VBoxDrv.backup"));
bResult = MoveFileEx(szOldDriverName, szNewDriverName, bResult = MoveFileEx(szOldDriverName, szNewDriverName,
MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH); MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH);
} }
return bResult; return bResult;
} }
/* /*
@ -180,93 +180,93 @@ BOOL supBackupVBoxDrv(
* *
*/ */
SIZE_T supWriteBufferToFile( SIZE_T supWriteBufferToFile(
_In_ PWSTR lpFileName, _In_ PWSTR lpFileName,
_In_ PVOID Buffer, _In_ PVOID Buffer,
_In_ SIZE_T Size, _In_ SIZE_T Size,
_In_ BOOL Flush, _In_ BOOL Flush,
_In_ BOOL Append _In_ BOOL Append
) )
{ {
NTSTATUS Status; NTSTATUS Status;
DWORD dwFlag; DWORD dwFlag;
HANDLE hFile = NULL; HANDLE hFile = NULL;
OBJECT_ATTRIBUTES attr; OBJECT_ATTRIBUTES attr;
UNICODE_STRING NtFileName; UNICODE_STRING NtFileName;
IO_STATUS_BLOCK IoStatus; IO_STATUS_BLOCK IoStatus;
LARGE_INTEGER Position; LARGE_INTEGER Position;
ACCESS_MASK DesiredAccess; ACCESS_MASK DesiredAccess;
PLARGE_INTEGER pPosition = NULL; PLARGE_INTEGER pPosition = NULL;
ULONG_PTR nBlocks, BlockIndex; ULONG_PTR nBlocks, BlockIndex;
ULONG BlockSize, RemainingSize; ULONG BlockSize, RemainingSize;
PBYTE ptr = (PBYTE)Buffer; PBYTE ptr = (PBYTE)Buffer;
SIZE_T BytesWritten = 0; SIZE_T BytesWritten = 0;
if (RtlDosPathNameToNtPathName_U(lpFileName, &NtFileName, NULL, NULL) == FALSE) if (RtlDosPathNameToNtPathName_U(lpFileName, &NtFileName, NULL, NULL) == FALSE)
return 0; return 0;
DesiredAccess = FILE_WRITE_ACCESS | SYNCHRONIZE; DesiredAccess = FILE_WRITE_ACCESS | SYNCHRONIZE;
dwFlag = FILE_OVERWRITE_IF; dwFlag = FILE_OVERWRITE_IF;
if (Append == TRUE) { if (Append != FALSE) {
DesiredAccess |= FILE_READ_ACCESS; DesiredAccess |= FILE_READ_ACCESS;
dwFlag = FILE_OPEN_IF; dwFlag = FILE_OPEN_IF;
} }
InitializeObjectAttributes(&attr, &NtFileName, OBJ_CASE_INSENSITIVE, 0, NULL); InitializeObjectAttributes(&attr, &NtFileName, OBJ_CASE_INSENSITIVE, 0, NULL);
__try { __try {
Status = NtCreateFile(&hFile, DesiredAccess, &attr, Status = NtCreateFile(&hFile, DesiredAccess, &attr,
&IoStatus, NULL, FILE_ATTRIBUTE_NORMAL, 0, dwFlag, &IoStatus, NULL, FILE_ATTRIBUTE_NORMAL, 0, dwFlag,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE, NULL, 0); FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE, NULL, 0);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
__leave; __leave;
pPosition = NULL; pPosition = NULL;
if (Append == TRUE) { if (Append != FALSE) {
Position.LowPart = FILE_WRITE_TO_END_OF_FILE; Position.LowPart = FILE_WRITE_TO_END_OF_FILE;
Position.HighPart = -1; Position.HighPart = -1;
pPosition = &Position; pPosition = &Position;
} }
if (Size < 0x80000000) { if (Size < 0x80000000) {
BlockSize = (ULONG)Size; BlockSize = (ULONG)Size;
Status = NtWriteFile(hFile, 0, NULL, NULL, &IoStatus, ptr, BlockSize, pPosition, NULL); Status = NtWriteFile(hFile, 0, NULL, NULL, &IoStatus, ptr, BlockSize, pPosition, NULL);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
__leave; __leave;
BytesWritten += IoStatus.Information; BytesWritten += IoStatus.Information;
} }
else { else {
BlockSize = 0x7FFFFFFF; BlockSize = 0x7FFFFFFF;
nBlocks = (Size / BlockSize); nBlocks = (Size / BlockSize);
for (BlockIndex = 0; BlockIndex < nBlocks; BlockIndex++) { for (BlockIndex = 0; BlockIndex < nBlocks; BlockIndex++) {
Status = NtWriteFile(hFile, 0, NULL, NULL, &IoStatus, ptr, BlockSize, pPosition, NULL); Status = NtWriteFile(hFile, 0, NULL, NULL, &IoStatus, ptr, BlockSize, pPosition, NULL);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
__leave; __leave;
ptr += BlockSize; ptr += BlockSize;
BytesWritten += IoStatus.Information; BytesWritten += IoStatus.Information;
} }
RemainingSize = Size % BlockSize; RemainingSize = (ULONG)(Size % BlockSize);
if (RemainingSize != 0) { if (RemainingSize != 0) {
Status = NtWriteFile(hFile, 0, NULL, NULL, &IoStatus, ptr, RemainingSize, pPosition, NULL); Status = NtWriteFile(hFile, 0, NULL, NULL, &IoStatus, ptr, RemainingSize, pPosition, NULL);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
__leave; __leave;
BytesWritten += IoStatus.Information; BytesWritten += IoStatus.Information;
} }
} }
} }
__finally { __finally {
if (hFile != NULL) { if (hFile != NULL) {
if (Flush == TRUE) NtFlushBuffersFile(hFile, &IoStatus); if (Flush != FALSE) NtFlushBuffersFile(hFile, &IoStatus);
NtClose(hFile); NtClose(hFile);
} }
RtlFreeUnicodeString(&NtFileName); RtlFreeUnicodeString(&NtFileName);
} }
return BytesWritten; return BytesWritten;
} }
/* /*
@ -278,30 +278,30 @@ SIZE_T supWriteBufferToFile(
* *
*/ */
NTSTATUS NTAPI supDetectObjectCallback( NTSTATUS NTAPI supDetectObjectCallback(
_In_ POBJECT_DIRECTORY_INFORMATION Entry, _In_ POBJECT_DIRECTORY_INFORMATION Entry,
_In_ PVOID CallbackParam _In_ PVOID CallbackParam
) )
{ {
POBJSCANPARAM Param = (POBJSCANPARAM)CallbackParam; POBJSCANPARAM Param = (POBJSCANPARAM)CallbackParam;
if (Entry == NULL) { if (Entry == NULL) {
return STATUS_INVALID_PARAMETER_1; return STATUS_INVALID_PARAMETER_1;
} }
if (CallbackParam == NULL) { if (CallbackParam == NULL) {
return STATUS_INVALID_PARAMETER_2; return STATUS_INVALID_PARAMETER_2;
} }
if (Param->Buffer == NULL || Param->BufferSize == 0) { if (Param->Buffer == NULL || Param->BufferSize == 0) {
return STATUS_MEMORY_NOT_ALLOCATED; return STATUS_MEMORY_NOT_ALLOCATED;
} }
if (Entry->Name.Buffer) { if (Entry->Name.Buffer) {
if (_strcmpi_w(Entry->Name.Buffer, Param->Buffer) == 0) { if (_strcmpi_w(Entry->Name.Buffer, Param->Buffer) == 0) {
return STATUS_SUCCESS; return STATUS_SUCCESS;
} }
} }
return STATUS_UNSUCCESSFUL; return STATUS_UNSUCCESSFUL;
} }
/* /*
@ -313,87 +313,87 @@ NTSTATUS NTAPI supDetectObjectCallback(
* *
*/ */
NTSTATUS NTAPI supEnumSystemObjects( NTSTATUS NTAPI supEnumSystemObjects(
_In_opt_ LPWSTR pwszRootDirectory, _In_opt_ LPWSTR pwszRootDirectory,
_In_opt_ HANDLE hRootDirectory, _In_opt_ HANDLE hRootDirectory,
_In_ PENUMOBJECTSCALLBACK CallbackProc, _In_ PENUMOBJECTSCALLBACK CallbackProc,
_In_opt_ PVOID CallbackParam _In_opt_ PVOID CallbackParam
) )
{ {
BOOL cond = TRUE; BOOL cond = TRUE;
ULONG ctx, rlen; ULONG ctx, rlen;
HANDLE hDirectory = NULL; HANDLE hDirectory = NULL;
NTSTATUS status; NTSTATUS status;
NTSTATUS CallbackStatus; NTSTATUS CallbackStatus;
OBJECT_ATTRIBUTES attr; OBJECT_ATTRIBUTES attr;
UNICODE_STRING sname; UNICODE_STRING sname;
POBJECT_DIRECTORY_INFORMATION objinf; POBJECT_DIRECTORY_INFORMATION objinf;
if (CallbackProc == NULL) { if (CallbackProc == NULL) {
return STATUS_INVALID_PARAMETER_4; return STATUS_INVALID_PARAMETER_4;
} }
status = STATUS_UNSUCCESSFUL; status = STATUS_UNSUCCESSFUL;
__try { __try {
// We can use root directory. // We can use root directory.
if (pwszRootDirectory != NULL) { if (pwszRootDirectory != NULL) {
RtlSecureZeroMemory(&sname, sizeof(sname)); RtlSecureZeroMemory(&sname, sizeof(sname));
RtlInitUnicodeString(&sname, pwszRootDirectory); RtlInitUnicodeString(&sname, pwszRootDirectory);
InitializeObjectAttributes(&attr, &sname, OBJ_CASE_INSENSITIVE, NULL, NULL); InitializeObjectAttributes(&attr, &sname, OBJ_CASE_INSENSITIVE, NULL, NULL);
status = NtOpenDirectoryObject(&hDirectory, DIRECTORY_QUERY, &attr); status = NtOpenDirectoryObject(&hDirectory, DIRECTORY_QUERY, &attr);
if (!NT_SUCCESS(status)) { if (!NT_SUCCESS(status)) {
return status; return status;
} }
} }
else { else {
if (hRootDirectory == NULL) { if (hRootDirectory == NULL) {
return STATUS_INVALID_PARAMETER_2; return STATUS_INVALID_PARAMETER_2;
} }
hDirectory = hRootDirectory; hDirectory = hRootDirectory;
} }
// Enumerate objects in directory. // Enumerate objects in directory.
ctx = 0; ctx = 0;
do { do {
rlen = 0; rlen = 0;
status = NtQueryDirectoryObject(hDirectory, NULL, 0, TRUE, FALSE, &ctx, &rlen); status = NtQueryDirectoryObject(hDirectory, NULL, 0, TRUE, FALSE, &ctx, &rlen);
if (status != STATUS_BUFFER_TOO_SMALL) if (status != STATUS_BUFFER_TOO_SMALL)
break; break;
objinf = RtlAllocateHeap(NtCurrentPeb()->ProcessHeap, HEAP_ZERO_MEMORY, rlen); objinf = RtlAllocateHeap(NtCurrentPeb()->ProcessHeap, HEAP_ZERO_MEMORY, rlen);
if (objinf == NULL) if (objinf == NULL)
break; break;
status = NtQueryDirectoryObject(hDirectory, objinf, rlen, TRUE, FALSE, &ctx, &rlen); status = NtQueryDirectoryObject(hDirectory, objinf, rlen, TRUE, FALSE, &ctx, &rlen);
if (!NT_SUCCESS(status)) { if (!NT_SUCCESS(status)) {
RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, objinf); RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, objinf);
break; break;
} }
CallbackStatus = CallbackProc(objinf, CallbackParam); CallbackStatus = CallbackProc(objinf, CallbackParam);
RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, objinf); RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, objinf);
if (NT_SUCCESS(CallbackStatus)) { if (NT_SUCCESS(CallbackStatus)) {
status = STATUS_SUCCESS; status = STATUS_SUCCESS;
break; break;
} }
} while (cond); } while (cond);
if (hDirectory != NULL) { if (hDirectory != NULL) {
NtClose(hDirectory); NtClose(hDirectory);
} }
} }
__except (EXCEPTION_EXECUTE_HANDLER) { __except (EXCEPTION_EXECUTE_HANDLER) {
status = STATUS_ACCESS_VIOLATION; status = STATUS_ACCESS_VIOLATION;
} }
return status; return status;
} }
/* /*
@ -405,18 +405,18 @@ NTSTATUS NTAPI supEnumSystemObjects(
* *
*/ */
BOOL supIsObjectExists( BOOL supIsObjectExists(
_In_ LPWSTR RootDirectory, _In_ LPWSTR RootDirectory,
_In_ LPWSTR ObjectName _In_ LPWSTR ObjectName
) )
{ {
OBJSCANPARAM Param; OBJSCANPARAM Param;
if (ObjectName == NULL) { if (ObjectName == NULL) {
return FALSE; return FALSE;
} }
Param.Buffer = ObjectName; Param.Buffer = ObjectName;
Param.BufferSize = (ULONG)_strlen(ObjectName); Param.BufferSize = (ULONG)_strlen(ObjectName);
return NT_SUCCESS(supEnumSystemObjects(RootDirectory, NULL, supDetectObjectCallback, &Param)); return NT_SUCCESS(supEnumSystemObjects(RootDirectory, NULL, supDetectObjectCallback, &Param));
} }

48
Source/Furutaka/sup.h
View File

@ -1,12 +1,12 @@
/******************************************************************************* /*******************************************************************************
* *
* (C) COPYRIGHT AUTHORS, 2016 * (C) COPYRIGHT AUTHORS, 2016 - 2017
* *
* TITLE: SUP.H * TITLE: SUP.H
* *
* VERSION: 1.00 * VERSION: 1.10
* *
* DATE: 01 Feb 2016 * DATE: 17 Apr 2017
* *
* Common header file for the program support routines. * Common header file for the program support routines.
* *
@ -21,39 +21,39 @@
typedef NTSTATUS(NTAPI *PENUMOBJECTSCALLBACK)(POBJECT_DIRECTORY_INFORMATION Entry, PVOID CallbackParam); typedef NTSTATUS(NTAPI *PENUMOBJECTSCALLBACK)(POBJECT_DIRECTORY_INFORMATION Entry, PVOID CallbackParam);
typedef struct _OBJSCANPARAM { typedef struct _OBJSCANPARAM {
PWSTR Buffer; PWSTR Buffer;
ULONG BufferSize; ULONG BufferSize;
} OBJSCANPARAM, *POBJSCANPARAM; } OBJSCANPARAM, *POBJSCANPARAM;
ULONG_PTR supGetNtOsBase( ULONG_PTR supGetNtOsBase(
VOID VOID
); );
PVOID supGetSystemInfo( PVOID supGetSystemInfo(
_In_ SYSTEM_INFORMATION_CLASS InfoClass _In_ SYSTEM_INFORMATION_CLASS InfoClass
); );
PBYTE supQueryResourceData( PBYTE supQueryResourceData(
_In_ ULONG_PTR ResourceId, _In_ ULONG_PTR ResourceId,
_In_ PVOID DllHandle, _In_ PVOID DllHandle,
_In_ PULONG DataSize _In_ PULONG DataSize
); );
BOOL supBackupVBoxDrv( BOOL supBackupVBoxDrv(
_In_ BOOL bRestore _In_ BOOL bRestore
); );
SIZE_T supWriteBufferToFile( SIZE_T supWriteBufferToFile(
_In_ PWSTR lpFileName, _In_ PWSTR lpFileName,
_In_ PVOID Buffer, _In_ PVOID Buffer,
_In_ SIZE_T Size, _In_ SIZE_T Size,
_In_ BOOL Flush, _In_ BOOL Flush,
_In_ BOOL Append _In_ BOOL Append
); );
BOOL supIsObjectExists( BOOL supIsObjectExists(
_In_ LPWSTR RootDirectory, _In_ LPWSTR RootDirectory,
_In_ LPWSTR ObjectName _In_ LPWSTR ObjectName
); );
#define PathFileExists(lpszPath) (GetFileAttributes(lpszPath) != (DWORD)-1) #define PathFileExists(lpszPath) (GetFileAttributes(lpszPath) != (DWORD)-1)

40
TDL.sha256
View File

@ -1,29 +1,36 @@
c371453e2eb9edab0949472d14871f09a6c60e4bab647910da83943bb4d3104c *Compiled\dummy.sys c371453e2eb9edab0949472d14871f09a6c60e4bab647910da83943bb4d3104c *Compiled\dummy.sys
4c8d13b1693c77bc4b75ae0f6262260cbc1478f3da33d039930d265db5d7eb3e *Compiled\dummy2.sys 4c8d13b1693c77bc4b75ae0f6262260cbc1478f3da33d039930d265db5d7eb3e *Compiled\dummy2.sys
48820631b430a40f296b17280bc18736f8ac428514ffd931b4b529dc5cc04136 *Compiled\Furutaka.exe 9c81608bea1766f195ddf49f9a07b23da96dbf17a5e2d66405492eaa3155996e *Compiled\Furutaka.exe
c366e840cdcb157bd40f722935ad8646046bc6cd013817d400617bd8d90de0e0 *Source\DummyDrv\dummy.sln
01662c807519eac05d7082c151be3824418ccf1716216895680fe5598093d245 *Source\DummyDrv\dummy\dummy.vcxproj 01662c807519eac05d7082c151be3824418ccf1716216895680fe5598093d245 *Source\DummyDrv\dummy\dummy.vcxproj
2d469aafdb7e37a2d58d4e7875abbfd27599762333cba8e28376c16fa7446e9c *Source\DummyDrv\dummy\dummy.vcxproj.filters 2d469aafdb7e37a2d58d4e7875abbfd27599762333cba8e28376c16fa7446e9c *Source\DummyDrv\dummy\dummy.vcxproj.filters
d45cf40c855a135898e4b35d0b5b2d00e3ad251a97d3f47990248116f22ff45e *Source\DummyDrv\dummy\dummy.vcxproj.user d45cf40c855a135898e4b35d0b5b2d00e3ad251a97d3f47990248116f22ff45e *Source\DummyDrv\dummy\dummy.vcxproj.user
da9e4121c5a6970b0e10e6cca6fa6065e758f5b54b46c33ff99e7f98d98d00bc *Source\DummyDrv\dummy\main.c da9e4121c5a6970b0e10e6cca6fa6065e758f5b54b46c33ff99e7f98d98d00bc *Source\DummyDrv\dummy\main.c
c366e840cdcb157bd40f722935ad8646046bc6cd013817d400617bd8d90de0e0 *Source\DummyDrv\dummy.sln c366e840cdcb157bd40f722935ad8646046bc6cd013817d400617bd8d90de0e0 *Source\DummyDrv2\dummy.sln
2fd78ce2843d7c77b1249bb7288d87605a4b3979b150a982eae56ecbabdcfb32 *Source\DummyDrv2\dummy\dummy.vcxproj 2fd78ce2843d7c77b1249bb7288d87605a4b3979b150a982eae56ecbabdcfb32 *Source\DummyDrv2\dummy\dummy.vcxproj
f53e8133a9d12b751445ed57f4574bbeba722d26096196f544ed1794adf699f4 *Source\DummyDrv2\dummy\dummy.vcxproj.filters f53e8133a9d12b751445ed57f4574bbeba722d26096196f544ed1794adf699f4 *Source\DummyDrv2\dummy\dummy.vcxproj.filters
d45cf40c855a135898e4b35d0b5b2d00e3ad251a97d3f47990248116f22ff45e *Source\DummyDrv2\dummy\dummy.vcxproj.user d45cf40c855a135898e4b35d0b5b2d00e3ad251a97d3f47990248116f22ff45e *Source\DummyDrv2\dummy\dummy.vcxproj.user
a23f846a6321b8e411dce50c61c5d2675ee7dc6fef0e3b69d8a671120cd27b76 *Source\DummyDrv2\dummy\main.c a23f846a6321b8e411dce50c61c5d2675ee7dc6fef0e3b69d8a671120cd27b76 *Source\DummyDrv2\dummy\main.c
cc5dab13546ffcb16e97b664783e6a9121c99f89ece7dd63300714246e9622fa *Source\DummyDrv2\dummy\main.h cc5dab13546ffcb16e97b664783e6a9121c99f89ece7dd63300714246e9622fa *Source\DummyDrv2\dummy\main.h
10b9fe09b9357cb3c35a00a8b09ae24141ec5941a37c461c2a296d822aa2b512 *Source\DummyDrv2\dummy\r3request.c 10b9fe09b9357cb3c35a00a8b09ae24141ec5941a37c461c2a296d822aa2b512 *Source\DummyDrv2\dummy\r3request.c
c366e840cdcb157bd40f722935ad8646046bc6cd013817d400617bd8d90de0e0 *Source\DummyDrv2\dummy.sln e25d0088a6c73c51243aac3a21e9384b24844e54f0a093d75fbf0ef44c2ff83d *Source\Furutaka\cui.c
746efc13f8d0f96856876e4027a6c7d1f28f2791173c492ef185a436fd464bf6 *Source\Furutaka\cui.c 6f145796c9bb2bd9413fe12926436c04cc0dd596be716d7423150299b39d02a0 *Source\Furutaka\cui.h
3a5e784c79832cd497782267212edf8118431a38e16c11f890e413a12e3cb68c *Source\Furutaka\cui.h 24bd86affa81071e8e4ba82368e6004ede1c4dd5234c21098c4e7563ee25721a *Source\Furutaka\Furutaka.sln
cf3a7d4285d65bf8688215407bce1b51d7c6b22497f09021f0fce31cbeb78986 *Source\Furutaka\drv\vboxdrv_exploitable.sys 16bd5cb1f9114683a8f5b91d8f5492319b64f5b1dd5103b56c9c29c39b06237b *Source\Furutaka\Furutaka.vcxproj
01e8b1256c0ea978f3f100602732e1314a5108a2aa4563f1d4c98e0d5faebb85 *Source\Furutaka\Furutaka.sln
c7eaba7f4bb49fceac5c13d1a2abd23782c14c167ea6c57a7f65407cd7034149 *Source\Furutaka\Furutaka.vcxproj
b28c810f46cd167ac65996dd850ac0743756a76a928ea445bb3d255d5200c5b7 *Source\Furutaka\Furutaka.vcxproj.filters b28c810f46cd167ac65996dd850ac0743756a76a928ea445bb3d255d5200c5b7 *Source\Furutaka\Furutaka.vcxproj.filters
2b04b5603a1ad01bf21aadb13539b7de81e4a6c414b187c4a021dc8356da3e37 *Source\Furutaka\Furutaka.vcxproj.user b4d5fe6532f439d6c1161b06dfe90a6bee063c003645204d31b678efd033ae51 *Source\Furutaka\Furutaka.vcxproj.user
1f1f6d73a914729da08ad347c3bdb7d031c51a354339d0a26b72efcb799dfde1 *Source\Furutaka\global.h 1a80c208b491fcd2704761490a12067ae8aa73d8bde834a20920cbd231affaf7 *Source\Furutaka\global.h
c90a5fa589457ed25641ec8bd7da6b3be603ad5001fa9c4c8c378a47068737d2 *Source\Furutaka\instdrv.c 94cbbb81022dbd0205a3e7ede89775b43f9f45e934a3079fdb7f5217d8794fe0 *Source\Furutaka\instdrv.c
964d46b2540f1e91797750eb1f2b9c4c0f037792c2066d653727e223222b6208 *Source\Furutaka\instdrv.h 33b8666748f027ff93707e6e2a1b52303c3664399000ff18b4a8fe864b731640 *Source\Furutaka\instdrv.h
8f309aca118c967f283db492cfda3493bded9dbafebf580a4b5ce8bfd22ce318 *Source\Furutaka\main.c c1747f460d8e42e18f3fce8c30c51be75fe382332f586756bbb86af81e8a5a45 *Source\Furutaka\main.c
8ad5fc39c371439f2d53028e660b2d84f9238651e6311b4b28c1b714da1ee7fc *Source\Furutaka\ntos.h
fe6f865af4e22a2f7e1349891e935d7825caf08a06993d4e24d1596dab77963e *Source\Furutaka\resource.h
2dad59a7d37bfc28fc1e0f3599584454084e5837649facde829373f41b86e08f *Source\Furutaka\resource.rc
f8cafd307ba14b60970fe8caf73fbb2f178d3877a3d8b51f507b431e3bf5506e *Source\Furutaka\shellcode.h
fd0fc26c051a852fe3eaf9cb44615543b92e642274fc1eb58b53f23457fd4e89 *Source\Furutaka\sup.c
059014233efa8963d28b21f77aa37ae1c0ed3e152a9737ae8ec45338dee1d860 *Source\Furutaka\sup.h
12a9c986e4589a613e4d8e0e30a7bfa41191283a53b2eafab3483b0884a93d82 *Source\Furutaka\vbox.h
cf3a7d4285d65bf8688215407bce1b51d7c6b22497f09021f0fce31cbeb78986 *Source\Furutaka\drv\vboxdrv_exploitable.sys
893b90b942372928009bad64f166c7018701497e4f7cd1753cdc44f76da06707 *Source\Furutaka\minirtl\cmdline.c 893b90b942372928009bad64f166c7018701497e4f7cd1753cdc44f76da06707 *Source\Furutaka\minirtl\cmdline.c
bd6fe82852c4fcdfab559defa33ea394b752a4e4a5ac0653ae20c4a94b0175ed *Source\Furutaka\minirtl\cmdline.h bd6fe82852c4fcdfab559defa33ea394b752a4e4a5ac0653ae20c4a94b0175ed *Source\Furutaka\minirtl\cmdline.h
107245437ed86b6f1e839b2d3d9bbadb3d9980046cb5c7001f985fed3627962f *Source\Furutaka\minirtl\minirtl.h 107245437ed86b6f1e839b2d3d9bbadb3d9980046cb5c7001f985fed3627962f *Source\Furutaka\minirtl\minirtl.h
@ -38,10 +45,3 @@ ef1b18997ea473ac8d516ef60efc64b9175418b8f078e088d783fdaef2544969 *Source\Furutak
27159b8ff67d3f8e6c7fdb4b57b9f57f899bdfedf92cf10276269245c6f4e066 *Source\Furutaka\minirtl\_strend.c 27159b8ff67d3f8e6c7fdb4b57b9f57f899bdfedf92cf10276269245c6f4e066 *Source\Furutaka\minirtl\_strend.c
60f19c6b805801e13824c4d9d44748da8245cd936971411d3d36b873121888eb *Source\Furutaka\minirtl\_strlen.c 60f19c6b805801e13824c4d9d44748da8245cd936971411d3d36b873121888eb *Source\Furutaka\minirtl\_strlen.c
87cc72bb8e3f1534bee09ee278ecd928d975ebb94aeffc767b67249815a0bf3a *Source\Furutaka\minirtl\_strncmpi.c 87cc72bb8e3f1534bee09ee278ecd928d975ebb94aeffc767b67249815a0bf3a *Source\Furutaka\minirtl\_strncmpi.c
8ad5fc39c371439f2d53028e660b2d84f9238651e6311b4b28c1b714da1ee7fc *Source\Furutaka\ntos.h
fe6f865af4e22a2f7e1349891e935d7825caf08a06993d4e24d1596dab77963e *Source\Furutaka\resource.h
8a28b38ff5a64f0d2a52c019ce8a77ed1f098cfa499c2f27208b0621690022fc *Source\Furutaka\resource.rc
a12de2f7e249ea16519644494c7724e8d5aee23e3744a98019cf9821f054db75 *Source\Furutaka\shellcode.h
2978d95a800f049956b0e3ef53d398003d94e051a463e79796aff4247959e93e *Source\Furutaka\sup.c
d131357000587b1c25adb90dece9558afc38c4fbe77d04e8acb3e6c84a5e2fd1 *Source\Furutaka\sup.h
12a9c986e4589a613e4d8e0e30a7bfa41191283a53b2eafab3483b0884a93d82 *Source\Furutaka\vbox.h