From d2431f60db684de5707c9e108c17330aa7a723e3 Mon Sep 17 00:00:00 2001 From: hfiref0x Date: Sat, 20 Apr 2019 01:19:55 +0700 Subject: [PATCH] Update TDLStartVulnerableDriver unload order Move VBoxUsbMon unload prior to network drivers. --- Compiled/Furutaka.exe | Bin 133632 -> 133632 bytes Source/Furutaka/main.c | 10 +++++----- TDL.sha256 | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Compiled/Furutaka.exe b/Compiled/Furutaka.exe index 61dddbff1e04b47c19112b45cdc612f70c5daee5..edb7c837535e6ae115716476cfc1bdc137ca23b4 100644 GIT binary patch delta 64 zcmZpe!qG5=V*>{x^B(?PlermvndB5VM=@?IpUhDuFj=80VRAzyAFm@r3PS+{6ik+` PeA?VlwY{N=v7sLTbKMh~ delta 70 zcmZpe!qG5=V*>{x^P`BJlermvnVhpWM=@?IpWIO?FnK}cgUJn*9KxXt!3<6ez6|*c Vc??i6S-LW{xuI%%Llt8~KLA237IOdq diff --git a/Source/Furutaka/main.c b/Source/Furutaka/main.c index aa6fab3..71f1fe2 100644 --- a/Source/Furutaka/main.c +++ b/Source/Furutaka/main.c @@ -533,6 +533,11 @@ HANDLE TDLStartVulnerableDriver( cuiPrintText(TEXT("Ldr: Active VirtualBox found in system, attempt stop (unload) it drivers"), TRUE); + if (!supStopVBoxService(schSCManager, VBOXUSBMON_SVC)) { + cuiPrintText(TEXT("SCM: Error stopping VBoxUSBMon, cannot continue"), TRUE); + break; + } + if (!supStopVBoxService(schSCManager, VBOXNETADP_SVC)) { cuiPrintText(TEXT("SCM: Error stopping VBoxNetAdp, cannot continue"), TRUE); break; @@ -543,11 +548,6 @@ HANDLE TDLStartVulnerableDriver( break; } - if (!supStopVBoxService(schSCManager, VBOXUSBMON_SVC)) { - cuiPrintText(TEXT("SCM: Error stopping VBoxUSBMon, cannot continue"), TRUE); - break; - } - Sleep(1000); if (!supStopVBoxService(schSCManager, VBoxDrvSvc)) { diff --git a/TDL.sha256 b/TDL.sha256 index 1a2753f..f2e1bd0 100644 --- a/TDL.sha256 +++ b/TDL.sha256 @@ -1,6 +1,6 @@ a761bbb4a1b7813132dc8d8ed526d24289dc603bc706da238e1f23d75dbd66aa *Compiled\dummy.sys f6610691bc3b9f96dad8bfc00b3ceb939ebcb17844d1ca5ee26f8364944ca110 *Compiled\dummy2.sys -f79353dc1489d7e4059acb948d9c4ad7e6f282e24371972e577bcde89fececcb *Compiled\Furutaka.exe +37805cc7ae226647753aca1a32d7106d804556a98e1a21ac324e5b880b9a04da *Compiled\Furutaka.exe 14eec2753d0e9b432c54c4a70fc59e3be75674313b6308a7a820e6682f775eb9 *Source\DummyDrv\dummy.sln d61ebda2674d2db05a235478f89fed02c2de049b00ac5648fcebd4c4e638f71c *Source\DummyDrv\dummy\dummy.vcxproj 2d469aafdb7e37a2d58d4e7875abbfd27599762333cba8e28376c16fa7446e9c *Source\DummyDrv\dummy\dummy.vcxproj.filters @@ -22,7 +22,7 @@ feebf1c788d97bd616267c136e88fdf21f4ba09f528507cdf8a2659d1dd0a8cd *Source\Furutak 4b16411f96538d38f05b5d949710ace54839d4a9aee9dcc2a61a4b2f4dbfc9cc *Source\Furutaka\global.h 94cbbb81022dbd0205a3e7ede89775b43f9f45e934a3079fdb7f5217d8794fe0 *Source\Furutaka\instdrv.c 33b8666748f027ff93707e6e2a1b52303c3664399000ff18b4a8fe864b731640 *Source\Furutaka\instdrv.h -5b074150fd30a7552ab5dfbcd8cdb49c0fbada91b20c4cafe6331120f761a395 *Source\Furutaka\main.c +2525f63ec3f9fb008edaffb7ff7f970d6777ddaf8511f60a95326f60f6ed80f0 *Source\Furutaka\main.c 5b0b4376df8fb5b43d8a0d4130ad3523d4325718ea4991d11498961f33e7e38d *Source\Furutaka\ntos.h fe6f865af4e22a2f7e1349891e935d7825caf08a06993d4e24d1596dab77963e *Source\Furutaka\resource.h 140441e10f8ff80be91ed5d1fa30cd099bb6e02b97434926d14048006bdaec8f *Source\Furutaka\resource.rc