style: run clang-format

2024-12-18 10:35:57 +01:00 · 2024-03-30 14:30:08 +08:00 · 2024-03-30 14:30:08 +08:00 · 3c5a0a17db
commit 3c5a0a17db
parent b94cd28371
3 changed files with 1071 additions and 906 deletions
--- a/even.c
+++ b/even.c
@ -18,11 +18,15 @@
 *
 */

-#include <ddk/ntddk.h>
 #include "even_ioctl.h"
 #include "even_names.h"
+#include <ddk/ntddk.h>

-#define uthash_nonfatal_oom(obj) do {return STATUS_INTERNAL_ERROR;} while (0)
+#define uthash_nonfatal_oom(obj)                                                                                       \
+    do                                                                                                                 \
+    {                                                                                                                  \
+        return STATUS_INTERNAL_ERROR;                                                                                  \
+    } while (0)

 #include "even_peb.h"
 #include "uthash.h"
@ -71,36 +75,32 @@ struct even_peb *fake_peb = NULL;

 static NTSTATUS __stdcall even_create_peb(HANDLE pid)
 {
-        struct even_peb *s;
+    struct even_peb *s;

-        HASH_FIND_INT(fake_peb, &pid, s);
-        if (s == NULL) {
-            s = ExAllocatePool(PagedPool, sizeof(*s));
-            s->pid = pid;
+    HASH_FIND_INT(fake_peb, &pid, s);
+    if (s == NULL)
+    {
+        s = ExAllocatePool(PagedPool, sizeof(*s));
+        s->pid = pid;

-            PROCESS_BASIC_INFORMATION ProcessInformation;
-            NtQueryInformationProcess(
-                    pid,
-                    ProcessBasicInformation,
-                    &ProcessInformation,
-                    sizeof(ProcessInformation),
-                    NULL
-            );
+        PROCESS_BASIC_INFORMATION ProcessInformation;
+        NtQueryInformationProcess(pid, ProcessBasicInformation, &ProcessInformation, sizeof(ProcessInformation), NULL);

-            RtlCopyMemory(&s->fake_peb, ProcessInformation.PebBaseAddress, sizeof(*ProcessInformation.PebBaseAddress));
+        RtlCopyMemory(&s->fake_peb, ProcessInformation.PebBaseAddress, sizeof(*ProcessInformation.PebBaseAddress));

-            HASH_ADD_INT(fake_peb, pid, s);
-        }
+        HASH_ADD_INT(fake_peb, pid, s);
+    }

-        s->refcnt += 1;
+    s->refcnt += 1;

-        return STATUS_SUCCESS;
+    return STATUS_SUCCESS;
 }

-static NTSTATUS __stdcall even_delete_peb(struct even_peb* peb)
+static NTSTATUS __stdcall even_delete_peb(struct even_peb *peb)
 {
    DbgPrint("Even Htsysm7679: PEB Refcnt for PID %d: %d\r\n", peb->pid, peb->refcnt);
-    if (peb->refcnt <= 0) {
+    if (peb->refcnt <= 0)
+    {
        DbgPrint("Even Htsysm7679: PEB Refcnt <= 0, deleting\r\n");
        HASH_DEL(fake_peb, peb);
        return STATUS_SUCCESS;
@ -132,7 +132,8 @@ static NTSTATUS __stdcall even_open_close(IN PDEVICE_OBJECT DeviceObject, IN PIR
    switch (io_stack->MajorFunction)
    {
    case IRP_MJ_CREATE:
-        if (pid == 0) goto err_out;
+        if (pid == 0)
+            goto err_out;
        DbgPrint("Even Htsysm7679: Handle to symbolink link opened by PID %d\r\n", pid);

        Irp->IoStatus.Information = 0;
@ -141,7 +142,8 @@ static NTSTATUS __stdcall even_open_close(IN PDEVICE_OBJECT DeviceObject, IN PIR

        return STATUS_SUCCESS;
    case IRP_MJ_CLOSE:
-        if (pid == 0) goto err_out;
+        if (pid == 0)
+            goto err_out;
        DbgPrint("Even Htsysm7679: Handle to symbolink link closed by PID %d\r\n", pid);

        struct even_peb s;
@ -255,12 +257,13 @@ static NTSTATUS __stdcall even_dispatch_device_control(IN PDEVICE_OBJECT DeviceO
        };

        HANDLE pid = PsGetCurrentProcessId();
-        if (even_find_peb(pid, &s) != STATUS_SUCCESS) {
+        if (even_find_peb(pid, &s) != STATUS_SUCCESS)
+        {
            Irp->IoStatus.Status = STATUS_INTERNAL_ERROR;
            goto err_out;
        }

-        void* fake_peb;
+        void *fake_peb;
        fake_peb = &s.fake_peb;

        int value;
@ -302,12 +305,13 @@ static NTSTATUS __stdcall even_dispatch_device_control(IN PDEVICE_OBJECT DeviceO
        };

        HANDLE pid = PsGetCurrentProcessId();
-        if (even_find_peb(pid, &s) != STATUS_SUCCESS) {
+        if (even_find_peb(pid, &s) != STATUS_SUCCESS)
+        {
            Irp->IoStatus.Status = STATUS_INTERNAL_ERROR;
            goto err_out;
        }

-        void* fake_peb;
+        void *fake_peb;
        fake_peb = &s.fake_peb;

        int value;
@ -348,13 +352,13 @@ static NTSTATUS __stdcall even_dispatch_device_control(IN PDEVICE_OBJECT DeviceO
        };

        HANDLE pid = PsGetCurrentProcessId();
-        if (even_find_peb(pid, &s) != STATUS_SUCCESS) {
+        if (even_find_peb(pid, &s) != STATUS_SUCCESS)
+        {
            Irp->IoStatus.Status = STATUS_INTERNAL_ERROR;
            goto err_out;
        }

-
-        void* fake_peb;
+        void *fake_peb;
        fake_peb = &s.fake_peb;

        char value[4];
@ -388,8 +392,7 @@ err_out:
    return Irp->IoStatus.Status;
 }

-NTSTATUS __stdcall
-DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
+NTSTATUS __stdcall DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
 {
    NTSTATUS status;
    /* a particular Device Instance, theoretically one of many,
--- a/even_peb.h
+++ b/even_peb.h
@ -1,28 +1,31 @@
 #ifndef _EVEN_PEB_H_
 #define _EVEN_PEB_H_ 1

+#include "uthash.h"
 #include <ddk/ntddk.h>
 #include <minwindef.h>
-#include "uthash.h"

-typedef struct _PEB_LDR_DATA {
+typedef struct _PEB_LDR_DATA
+{
    BYTE Reserved1[8];
    PVOID Reserved2[3];
    LIST_ENTRY InMemoryOrderModuleList;
-} PEB_LDR_DATA,*PPEB_LDR_DATA;
+} PEB_LDR_DATA, *PPEB_LDR_DATA;

-typedef struct _RTL_USER_PROCESS_PARAMETERS {
+typedef struct _RTL_USER_PROCESS_PARAMETERS
+{
    BYTE Reserved1[16];
    PVOID Reserved2[10];
    UNICODE_STRING ImagePathName;
    UNICODE_STRING CommandLine;
-} RTL_USER_PROCESS_PARAMETERS,*PRTL_USER_PROCESS_PARAMETERS;
+} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;

 /* This function pointer is undocumented and just valid for windows 2000.
   Therefore I guess.  */
-typedef VOID (NTAPI *PPS_POST_PROCESS_INIT_ROUTINE)(VOID); 
+typedef VOID(NTAPI *PPS_POST_PROCESS_INIT_ROUTINE)(VOID);

-typedef struct _PEB {
+typedef struct _PEB
+{
    BYTE Reserved1[2];
    BYTE BeingDebugged;
    BYTE Reserved2[1];
@ -42,9 +45,10 @@ typedef struct _PEB {
    BYTE Reserved11[128];
    PVOID Reserved12[1];
    ULONG SessionId;
-} PEB,*PPEB;
+} PEB, *PPEB;

-struct even_peb {
+struct even_peb
+{
    HANDLE pid;
    int refcnt;
    PEB fake_peb;
--- a/uthash.h
+++ b/uthash.h