minor changes

gmh5225 · Aug 3, 2018 · 55c3571 · 55c3571
1 parent 307f137
commit 55c3571
Show file tree

Hide file tree

Showing 10 changed files with 16 additions and 17 deletions.
diff --git a/AttackServices/DLLInjectionAttack/InjectorTest.exe b/AttackServices/DLLInjectionAttack/InjectorTest.exe
diff --git a/AttackServices/Direct3D11HookAttack/Direct3DTestApp.exe b/AttackServices/Direct3D11HookAttack/Direct3DTestApp.exe
diff --git a/AttackServices/HiddenKernelDLLInjectionAttack/AttackTest.exe b/AttackServices/HiddenKernelDLLInjectionAttack/AttackTest.exe
diff --git a/AttackServices/HiddenKernelDLLInjectionAttack/Injector.h b/AttackServices/HiddenKernelDLLInjectionAttack/Injector.h
@@ -244,8 +244,7 @@ BOOL StealthInject(string processName, string dllPath) {
 	SetTargetEProcessIfCanRead(eProcess, padSpace);
 	WriteVirtual(backup1.data(), padSpace, pidBasedHook.size());
 
-	// TODO Use ntdll.dll imports instead of GetKernelRoutine() and see if it's still crashing on PC
-	// first try NON_PAGED_CODE and NON_PAGED_DATA if possible
+	// TODO write test cases for the driver (e.g. loading & unloading 100x, init memory controller 100x, ...)
 
     return TRUE;
 }

diff --git a/AttackServices/HiddenKernelDLLInjectionAttack/MemoryController.h b/AttackServices/HiddenKernelDLLInjectionAttack/MemoryController.h
@@ -147,7 +147,7 @@ NON_PAGED_DATA static kernelFuncCall PsGetProcessId;
 NON_PAGED_DATA static kernelFuncCall ZwOpenSection;
 NON_PAGED_DATA static kernelFuncCall ZwMapViewOfSection;
 NON_PAGED_DATA static kernelFuncCall ZwClose;
-NON_PAGED_DATA PPHYSICAL_MEMORY_RANGE(NTAPI* MmGetPhysicalMemoryRanges)(void);
+NON_PAGED_DATA static PPHYSICAL_MEMORY_RANGE(NTAPI* MmGetPhysicalMemoryRanges)(void);
 
 /** Functions executed in kernel mode **/
 
@@ -396,30 +396,33 @@ void InitKernelFunctions() {
     ZwMapViewOfSection = GetKernelProcAddress<>("ZwMapViewOfSection");
     ZwClose = GetKernelProcAddress<>("ZwClose");
     MmGetPhysicalMemoryRanges = GetKernelProcAddress<PPHYSICAL_MEMORY_RANGE(*)()>("MmGetPhysicalMemoryRanges");
+
+    // cout << ExAllocatePool << endl;
+    // cout << PsGetCurrentProcess << endl;
+    // cout << PsGetProcessId << endl;
+    // cout << ZwOpenSection << endl;
+    // cout << ZwMapViewOfSection << endl;
+    // cout << ZwClose << endl;
+    // cout << MmGetPhysicalMemoryRanges << endl;
 }
 
 BOOL InitMemoryController() {
 
-    if (!InitKernelModuleInfo()) {
-        return FALSE;
-    }
     InitKernelFunctions();
 
+    cout << "loading driver..." << endl;
+    // system("PAUSE");
     if (!InitDriver()) {
         return FALSE;
     }
-    cout << "about to init kernel funcs" << endl;
-    system("PAUSE");
-    // RunInKernel(InitKernelFunctions, NULL);
-    cout << "done init kernel funcs" << endl;
-    system("PAUSE");
-    cout << "about to GetPhysicalMemoryData" << endl;
+    cout << "getting GetPhysicalMemoryData" << endl;
+    // system("PAUSE");
     RunInKernel(GetPhysicalMemoryData, NULL);
-    cout << "done GetPhysicalMemoryData" << endl;
-    system("PAUSE");
     if (!physicalMemoryBegin || !physicalMemorySize || !uniqueProcessIdOffset || !activeProcessLinksOffset) {
         return FALSE;
     }
+    cout << "got GetPhysicalMemoryData" << endl;
+    // system("PAUSE");
     targetDirectoryBase = currentDirectoryBase;
 
 

diff --git a/AttackServices/HiddenKernelDLLInjectionAttack/workspace.code-workspace b/AttackServices/HiddenKernelDLLInjectionAttack/workspace.code-workspace
diff --git a/AttackServices/IATHookAttack/IATHookTest.exe b/AttackServices/IATHookAttack/IATHookTest.exe
diff --git a/AttackServices/JmpHookAttack/InjectorTest.exe b/AttackServices/JmpHookAttack/InjectorTest.exe
diff --git a/AttackServices/SystemProcessInjectionAttack/ServicesTest.exe b/AttackServices/SystemProcessInjectionAttack/ServicesTest.exe
diff --git a/AttackServices/ThreadHijackAttack/ThreadHijackTest.exe b/AttackServices/ThreadHijackAttack/ThreadHijackTest.exe