switched to ExAllocatePool

xrv3ovl · Jan 6, 2018 · ad5510b · ad5510b
1 parent fcdd689
commit ad5510b
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 3 deletions.
diff --git a/capcom/capcom.cpp b/capcom/capcom.cpp
@@ -156,6 +156,34 @@ namespace capcom
 		return address;
 	}
 
+	uintptr_t capcom_driver::allocate_pool(size_t size,  kernel::POOL_TYPE pool_type, const bool page_align, size_t* out_size)
+	{
+		constexpr auto page_size = 0x1000u;
+
+		uintptr_t address = { 0 };
+
+		if (page_align && size % page_size != 0)
+		{
+			auto pages = size / page_size;
+			size = page_size * ++pages;
+		}
+
+		auto ex_allocate_pool = reinterpret_cast<kernel::ExAllocatePoolFn>(get_system_routine(kernel::names::ExAllocatePool));
+		assert(ex_allocate_pool != nullptr);
+
+		const auto allocate_fn = [&size, &pool_type, &ex_allocate_pool, &address](auto mm_get)
+		{
+			address = reinterpret_cast<uintptr_t>(ex_allocate_pool(pool_type, size);
+		};
+
+		run(allocate_fn);
+
+		if (out_size != nullptr)
+			*out_size = size;
+
+		return address;
+	}
+
 	uintptr_t capcom_driver::allocate_pool(size_t size, uint16_t pooltag, kernel::POOL_TYPE pool_type, const bool page_align, size_t* out_size)
 	{
 		constexpr auto page_size = 0x1000u;

diff --git a/capcom/capcom.hpp b/capcom/capcom.hpp
@@ -29,6 +29,7 @@ namespace capcom
 		uintptr_t get_system_routine(const std::wstring& name);
 		static uintptr_t get_kernel_module(const std::string_view kmodule);
 		uintptr_t get_export(uintptr_t base, const char* name);
+		uintptr_t allocate_pool(size_t size, kernel::POOL_TYPE pool_type, const bool page_align, size_t* out_size);
 		uintptr_t allocate_pool(std::size_t size, uint16_t pooltag, kernel::POOL_TYPE = kernel::NonPagedPool, bool page_align = false, size_t* out_size = nullptr);
 		template <typename T>
 		T get_system_routine(const std::wstring& name)

diff --git a/capcom/kernel.hpp b/capcom/kernel.hpp
@@ -56,10 +56,12 @@ namespace kernel
 	using MmGetSystemRoutineAddressFn = PVOID(NTAPI*)(PUNICODE_STRING);
 	using ExAllocatePoolWithTagFn = PVOID(*)(POOL_TYPE, SIZE_T, ULONG);
 	using RtlFindExportedRoutineByNameFn = void*(__fastcall*)(void *, const char *);
+	using ExAllocatePoolFn = PVOID(*)(POOL_TYPE, SIZE_T);
 
 	namespace names
 	{
 		constexpr auto RtlFindExportedRoutineByName = L"RtlFindExportedRoutineByName";
 		constexpr auto ExAllocatePoolWithTag = L"ExAllocatePoolWithTag";
+		constexpr auto ExAllocatePool = L"ExAllocatePool";
 	}
 }
diff --git a/drvmap/main.cpp b/drvmap/main.cpp
@@ -8,8 +8,6 @@
 #pragma comment(lib, "capcom.lib")
 
 constexpr auto page_size = 0x1000u;
-constexpr uint16_t pool_tag = uint16_t('naJ?');
-
 
 int __stdcall main(const int argc, char** argv)
 {
@@ -40,7 +38,7 @@ int __stdcall main(const int argc, char** argv)
 	drvmap::util::open_binary_file(argv[1], driver_image);
 	drvmap::drv_image driver(driver_image);
 
-	const auto kernel_memory = capcom->allocate_pool(driver.size(), pool_tag, kernel::NonPagedPool, true);
+	const auto kernel_memory = capcom->allocate_pool(driver.size(), kernel::NonPagedPool, true);
 
 	assert(kernel_memory != 0);