mirror of
https://gitea.tendokyu.moe/self/even
synced 2024-12-19 19:15:58 +01:00
style: run clang-format
This commit is contained in:
Zephyr Lykos
parent
b94cd28371
commit
3c5a0a17db
41
even.c
41
even.c
@ -18,11 +18,15 @@
|
|||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <ddk/ntddk.h>
|
|
||||||
#include "even_ioctl.h"
|
#include "even_ioctl.h"
|
||||||
#include "even_names.h"
|
#include "even_names.h"
|
||||||
|
#include <ddk/ntddk.h>
|
||||||
|
|
||||||
#define uthash_nonfatal_oom(obj) do {return STATUS_INTERNAL_ERROR;} while (0)
|
#define uthash_nonfatal_oom(obj) \
|
||||||
|
do \
|
||||||
|
{ \
|
||||||
|
return STATUS_INTERNAL_ERROR; \
|
||||||
|
} while (0)
|
||||||
|
|
||||||
#include "even_peb.h"
|
#include "even_peb.h"
|
||||||
#include "uthash.h"
|
#include "uthash.h"
|
||||||
@ -74,18 +78,13 @@ static NTSTATUS __stdcall even_create_peb(HANDLE pid)
|
|||||||
struct even_peb *s;
|
struct even_peb *s;
|
||||||
|
|
||||||
HASH_FIND_INT(fake_peb, &pid, s);
|
HASH_FIND_INT(fake_peb, &pid, s);
|
||||||
if (s == NULL) {
|
if (s == NULL)
|
||||||
|
{
|
||||||
s = ExAllocatePool(PagedPool, sizeof(*s));
|
s = ExAllocatePool(PagedPool, sizeof(*s));
|
||||||
s->pid = pid;
|
s->pid = pid;
|
||||||
|
|
||||||
PROCESS_BASIC_INFORMATION ProcessInformation;
|
PROCESS_BASIC_INFORMATION ProcessInformation;
|
||||||
NtQueryInformationProcess(
|
NtQueryInformationProcess(pid, ProcessBasicInformation, &ProcessInformation, sizeof(ProcessInformation), NULL);
|
||||||
pid,
|
|
||||||
ProcessBasicInformation,
|
|
||||||
&ProcessInformation,
|
|
||||||
sizeof(ProcessInformation),
|
|
||||||
NULL
|
|
||||||
);
|
|
||||||
|
|
||||||
RtlCopyMemory(&s->fake_peb, ProcessInformation.PebBaseAddress, sizeof(*ProcessInformation.PebBaseAddress));
|
RtlCopyMemory(&s->fake_peb, ProcessInformation.PebBaseAddress, sizeof(*ProcessInformation.PebBaseAddress));
|
||||||
|
|
||||||
@ -100,7 +99,8 @@ static NTSTATUS __stdcall even_create_peb(HANDLE pid)
|
|||||||
static NTSTATUS __stdcall even_delete_peb(struct even_peb *peb)
|
static NTSTATUS __stdcall even_delete_peb(struct even_peb *peb)
|
||||||
{
|
{
|
||||||
DbgPrint("Even Htsysm7679: PEB Refcnt for PID %d: %d\r\n", peb->pid, peb->refcnt);
|
DbgPrint("Even Htsysm7679: PEB Refcnt for PID %d: %d\r\n", peb->pid, peb->refcnt);
|
||||||
if (peb->refcnt <= 0) {
|
if (peb->refcnt <= 0)
|
||||||
|
{
|
||||||
DbgPrint("Even Htsysm7679: PEB Refcnt <= 0, deleting\r\n");
|
DbgPrint("Even Htsysm7679: PEB Refcnt <= 0, deleting\r\n");
|
||||||
HASH_DEL(fake_peb, peb);
|
HASH_DEL(fake_peb, peb);
|
||||||
return STATUS_SUCCESS;
|
return STATUS_SUCCESS;
|
||||||
@ -132,7 +132,8 @@ static NTSTATUS __stdcall even_open_close(IN PDEVICE_OBJECT DeviceObject, IN PIR
|
|||||||
switch (io_stack->MajorFunction)
|
switch (io_stack->MajorFunction)
|
||||||
{
|
{
|
||||||
case IRP_MJ_CREATE:
|
case IRP_MJ_CREATE:
|
||||||
if (pid == 0) goto err_out;
|
if (pid == 0)
|
||||||
|
goto err_out;
|
||||||
DbgPrint("Even Htsysm7679: Handle to symbolink link opened by PID %d\r\n", pid);
|
DbgPrint("Even Htsysm7679: Handle to symbolink link opened by PID %d\r\n", pid);
|
||||||
|
|
||||||
Irp->IoStatus.Information = 0;
|
Irp->IoStatus.Information = 0;
|
||||||
@ -141,7 +142,8 @@ static NTSTATUS __stdcall even_open_close(IN PDEVICE_OBJECT DeviceObject, IN PIR
|
|||||||
|
|
||||||
return STATUS_SUCCESS;
|
return STATUS_SUCCESS;
|
||||||
case IRP_MJ_CLOSE:
|
case IRP_MJ_CLOSE:
|
||||||
if (pid == 0) goto err_out;
|
if (pid == 0)
|
||||||
|
goto err_out;
|
||||||
DbgPrint("Even Htsysm7679: Handle to symbolink link closed by PID %d\r\n", pid);
|
DbgPrint("Even Htsysm7679: Handle to symbolink link closed by PID %d\r\n", pid);
|
||||||
|
|
||||||
struct even_peb s;
|
struct even_peb s;
|
||||||
@ -255,7 +257,8 @@ static NTSTATUS __stdcall even_dispatch_device_control(IN PDEVICE_OBJECT DeviceO
|
|||||||
};
|
};
|
||||||
|
|
||||||
HANDLE pid = PsGetCurrentProcessId();
|
HANDLE pid = PsGetCurrentProcessId();
|
||||||
if (even_find_peb(pid, &s) != STATUS_SUCCESS) {
|
if (even_find_peb(pid, &s) != STATUS_SUCCESS)
|
||||||
|
{
|
||||||
Irp->IoStatus.Status = STATUS_INTERNAL_ERROR;
|
Irp->IoStatus.Status = STATUS_INTERNAL_ERROR;
|
||||||
goto err_out;
|
goto err_out;
|
||||||
}
|
}
|
||||||
@ -302,7 +305,8 @@ static NTSTATUS __stdcall even_dispatch_device_control(IN PDEVICE_OBJECT DeviceO
|
|||||||
};
|
};
|
||||||
|
|
||||||
HANDLE pid = PsGetCurrentProcessId();
|
HANDLE pid = PsGetCurrentProcessId();
|
||||||
if (even_find_peb(pid, &s) != STATUS_SUCCESS) {
|
if (even_find_peb(pid, &s) != STATUS_SUCCESS)
|
||||||
|
{
|
||||||
Irp->IoStatus.Status = STATUS_INTERNAL_ERROR;
|
Irp->IoStatus.Status = STATUS_INTERNAL_ERROR;
|
||||||
goto err_out;
|
goto err_out;
|
||||||
}
|
}
|
||||||
@ -348,12 +352,12 @@ static NTSTATUS __stdcall even_dispatch_device_control(IN PDEVICE_OBJECT DeviceO
|
|||||||
};
|
};
|
||||||
|
|
||||||
HANDLE pid = PsGetCurrentProcessId();
|
HANDLE pid = PsGetCurrentProcessId();
|
||||||
if (even_find_peb(pid, &s) != STATUS_SUCCESS) {
|
if (even_find_peb(pid, &s) != STATUS_SUCCESS)
|
||||||
|
{
|
||||||
Irp->IoStatus.Status = STATUS_INTERNAL_ERROR;
|
Irp->IoStatus.Status = STATUS_INTERNAL_ERROR;
|
||||||
goto err_out;
|
goto err_out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void *fake_peb;
|
void *fake_peb;
|
||||||
fake_peb = &s.fake_peb;
|
fake_peb = &s.fake_peb;
|
||||||
|
|
||||||
@ -388,8 +392,7 @@ err_out:
|
|||||||
return Irp->IoStatus.Status;
|
return Irp->IoStatus.Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
NTSTATUS __stdcall
|
NTSTATUS __stdcall DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
|
||||||
DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
|
|
||||||
{
|
{
|
||||||
NTSTATUS status;
|
NTSTATUS status;
|
||||||
/* a particular Device Instance, theoretically one of many,
|
/* a particular Device Instance, theoretically one of many,
|
||||||
|
|||||||
14
even_peb.h
14
even_peb.h
@ -1,17 +1,19 @@
|
|||||||
#ifndef _EVEN_PEB_H_
|
#ifndef _EVEN_PEB_H_
|
||||||
#define _EVEN_PEB_H_ 1
|
#define _EVEN_PEB_H_ 1
|
||||||
|
|
||||||
|
#include "uthash.h"
|
||||||
#include <ddk/ntddk.h>
|
#include <ddk/ntddk.h>
|
||||||
#include <minwindef.h>
|
#include <minwindef.h>
|
||||||
#include "uthash.h"
|
|
||||||
|
|
||||||
typedef struct _PEB_LDR_DATA {
|
typedef struct _PEB_LDR_DATA
|
||||||
|
{
|
||||||
BYTE Reserved1[8];
|
BYTE Reserved1[8];
|
||||||
PVOID Reserved2[3];
|
PVOID Reserved2[3];
|
||||||
LIST_ENTRY InMemoryOrderModuleList;
|
LIST_ENTRY InMemoryOrderModuleList;
|
||||||
} PEB_LDR_DATA, *PPEB_LDR_DATA;
|
} PEB_LDR_DATA, *PPEB_LDR_DATA;
|
||||||
|
|
||||||
typedef struct _RTL_USER_PROCESS_PARAMETERS {
|
typedef struct _RTL_USER_PROCESS_PARAMETERS
|
||||||
|
{
|
||||||
BYTE Reserved1[16];
|
BYTE Reserved1[16];
|
||||||
PVOID Reserved2[10];
|
PVOID Reserved2[10];
|
||||||
UNICODE_STRING ImagePathName;
|
UNICODE_STRING ImagePathName;
|
||||||
@ -22,7 +24,8 @@ typedef struct _RTL_USER_PROCESS_PARAMETERS {
|
|||||||
Therefore I guess. */
|
Therefore I guess. */
|
||||||
typedef VOID(NTAPI *PPS_POST_PROCESS_INIT_ROUTINE)(VOID);
|
typedef VOID(NTAPI *PPS_POST_PROCESS_INIT_ROUTINE)(VOID);
|
||||||
|
|
||||||
typedef struct _PEB {
|
typedef struct _PEB
|
||||||
|
{
|
||||||
BYTE Reserved1[2];
|
BYTE Reserved1[2];
|
||||||
BYTE BeingDebugged;
|
BYTE BeingDebugged;
|
||||||
BYTE Reserved2[1];
|
BYTE Reserved2[1];
|
||||||
@ -44,7 +47,8 @@ typedef struct _PEB {
|
|||||||
ULONG SessionId;
|
ULONG SessionId;
|
||||||
} PEB, *PPEB;
|
} PEB, *PPEB;
|
||||||
|
|
||||||
struct even_peb {
|
struct even_peb
|
||||||
|
{
|
||||||
HANDLE pid;
|
HANDLE pid;
|
||||||
int refcnt;
|
int refcnt;
|
||||||
PEB fake_peb;
|
PEB fake_peb;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user