added support for imports by ordinalsa

xrv3ovl · Jan 6, 2018 · ea9a163 · ea9a163
1 parent ad5510b
commit ea9a163
Show file tree

Hide file tree

Showing 9 changed files with 81 additions and 23 deletions.
diff --git a/capcom/capcom.cpp b/capcom/capcom.cpp
@@ -138,6 +138,53 @@ namespace capcom
 		return 0;
 	}
 
+	size_t capcom_driver::get_header_size(uintptr_t base)
+	{
+		uintptr_t header_size = { 0 };
+
+		run([&base, &header_size](auto mm_get)
+		{
+			const auto dos_header = (PIMAGE_DOS_HEADER)base;
+			if (dos_header->e_magic != IMAGE_DOS_SIGNATURE)
+				return;
+			const auto nt_headers = (PIMAGE_NT_HEADERS64)base;
+			if (nt_headers->Signature != IMAGE_NT_SIGNATURE || nt_headers->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR64_MAGIC)
+				return;
+			header_size = nt_headers->OptionalHeader.SizeOfHeaders;
+		});
+
+		return header_size;
+	}
+
+	uintptr_t capcom_driver::get_export(uintptr_t base, uint16_t ordinal)
+	{
+		uintptr_t address = { 0 };
+
+		run([&base, &ordinal,&address](auto mm_get)
+		{
+			const auto dos_header = (PIMAGE_DOS_HEADER)base;
+			if (dos_header->e_magic != IMAGE_DOS_SIGNATURE)
+				return;
+			const auto nt_headers = (PIMAGE_NT_HEADERS64)(base + dos_header->e_lfanew);
+			if (nt_headers->Signature != IMAGE_NT_SIGNATURE)
+				return;
+			if (nt_headers->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR64_MAGIC)
+				return;
+			const auto export_ptr = (PIMAGE_EXPORT_DIRECTORY)(nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress + base);
+			auto address_of_funcs = (PULONG)(export_ptr->AddressOfFunctions + base);
+			for (ULONG i = 0; i < export_ptr->NumberOfFunctions; ++i)
+			{
+				if (export_ptr->Base + (uint16_t)i == ordinal) {
+					address = address_of_funcs[i] + base;
+					return;
+				}
+			}
+		});
+
+		assert(address != 0);
+		return address;
+	}
+
 	uintptr_t capcom_driver::get_export(uintptr_t base, const char* name)
 	{
 		auto RtlFindExportedRoutineByName = reinterpret_cast<kernel::RtlFindExportedRoutineByNameFn>(get_system_routine(kernel::names::RtlFindExportedRoutineByName));
@@ -149,7 +196,7 @@ namespace capcom
 		{
 			address = (uintptr_t)RtlFindExportedRoutineByName((void*)base, name);
 		};
-
+		
 		run(_get_export);
 
 		assert(address != 0);
@@ -173,7 +220,7 @@ namespace capcom
 
 		const auto allocate_fn = [&size, &pool_type, &ex_allocate_pool, &address](auto mm_get)
 		{
-			address = reinterpret_cast<uintptr_t>(ex_allocate_pool(pool_type, size);
+			address = reinterpret_cast<uintptr_t>(ex_allocate_pool(pool_type, size));
 		};
 
 		run(allocate_fn);
@@ -184,6 +231,8 @@ namespace capcom
 		return address;
 	}
 
+
+
 	uintptr_t capcom_driver::allocate_pool(size_t size, uint16_t pooltag, kernel::POOL_TYPE pool_type, const bool page_align, size_t* out_size)
 	{
 		constexpr auto page_size = 0x1000u;

diff --git a/capcom/capcom.hpp b/capcom/capcom.hpp
@@ -10,7 +10,7 @@
 
 namespace capcom
 {
-	constexpr auto device_name = "\\\\.\\Htsysm72FB";
+	constexpr auto device_name = TEXT("\\\\.\\Htsysm72FB");
 	constexpr auto ioctl_x86 = 0xAA012044u;
 	constexpr auto ioctl_x64 = 0xAA013044u;
 
@@ -28,14 +28,19 @@ namespace capcom
 		void run(user_function, bool enable_interrupts = true);
 		uintptr_t get_system_routine(const std::wstring& name);
 		static uintptr_t get_kernel_module(const std::string_view kmodule);
+		size_t get_header_size(uintptr_t base);
+		uintptr_t get_export(uintptr_t base, uint16_t ordinal);
 		uintptr_t get_export(uintptr_t base, const char* name);
-		uintptr_t allocate_pool(size_t size, kernel::POOL_TYPE pool_type, const bool page_align, size_t* out_size);
+		uintptr_t allocate_pool(size_t size, kernel::POOL_TYPE pool_type, const bool page_align, size_t* out_size = nullptr);
 		uintptr_t allocate_pool(std::size_t size, uint16_t pooltag, kernel::POOL_TYPE = kernel::NonPagedPool, bool page_align = false, size_t* out_size = nullptr);
 		template <typename T>
 		T get_system_routine(const std::wstring& name)
 		{
 			return (T)get_system_routine(name);
 		}
+
 	};
 
+
+
 }
diff --git a/capcom/capcom.vcxproj b/capcom/capcom.vcxproj
@@ -25,21 +25,21 @@
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <PlatformToolset>v141</PlatformToolset>
-    <CharacterSet>MultiByte</CharacterSet>
+    <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <PlatformToolset>v141</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
-    <CharacterSet>MultiByte</CharacterSet>
+    <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='LibRelease|x64'" Label="Configuration">
     <ConfigurationType>StaticLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <PlatformToolset>v141</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
-    <CharacterSet>MultiByte</CharacterSet>
+    <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -75,13 +75,16 @@
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <SDLCheck>true</SDLCheck>
       <ConformanceMode>true</ConformanceMode>
-      <LanguageStandard>stdcpp17</LanguageStandard>
+      <LanguageStandard>stdcpplatest</LanguageStandard>
     </ClCompile>
     <Link>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <AdditionalLibraryDirectories>C:\Program Files (x86)\Windows Kits\10\Lib\10.0.16299.0\km\x64;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
     </Link>
+    <Lib>
+      <AdditionalOptions>/NODEFAULTLIB %(AdditionalOptions)</AdditionalOptions>
+    </Lib>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='LibRelease|x64'">
     <ClCompile>

diff --git a/capcom/capcom.vcxproj.filters b/capcom/capcom.vcxproj.filters
@@ -1,7 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <ItemGroup>
-    <ClCompile Include="main.cpp" />
     <ClCompile Include="capcom.cpp" />
     <ClCompile Include="process.cpp" />
     <ClCompile Include="kernel.cpp" />

diff --git a/capcom/kernel.hpp b/capcom/kernel.hpp
@@ -57,11 +57,13 @@ namespace kernel
 	using ExAllocatePoolWithTagFn = PVOID(*)(POOL_TYPE, SIZE_T, ULONG);
 	using RtlFindExportedRoutineByNameFn = void*(__fastcall*)(void *, const char *);
 	using ExAllocatePoolFn = PVOID(*)(POOL_TYPE, SIZE_T);
+	using DbgPrintFn = ULONG(*)(const char*, ...);
 
 	namespace names
 	{
 		constexpr auto RtlFindExportedRoutineByName = L"RtlFindExportedRoutineByName";
 		constexpr auto ExAllocatePoolWithTag = L"ExAllocatePoolWithTag";
 		constexpr auto ExAllocatePool = L"ExAllocatePool";
+		constexpr auto DbgPrint = L"DbgPrint";
 	}
 }
diff --git a/drvmap/drv_image.cpp b/drvmap/drv_image.cpp
@@ -15,7 +15,6 @@ namespace drvmap
 		assert(m_nt_headers->Signature == IMAGE_NT_SIGNATURE);
 		assert(m_nt_headers->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC);
 		m_section_header = reinterpret_cast<IMAGE_SECTION_HEADER*>((uintptr_t)(&m_nt_headers->OptionalHeader) + m_nt_headers->FileHeader.SizeOfOptionalHeader);
-
 	}
 
 	size_t drv_image::size() const
@@ -49,7 +48,7 @@ namespace drvmap
 		//m_nt_headers = (PIMAGE_NT_HEADERS64)((uintptr_t)m_dos_header + m_dos_header->e_lfanew);
 	}
 
-	bool drv_image::process_relocation(uintptr_t image_base_delta, uint16_t data, uint8_t* relocation_base) const
+	bool drv_image::process_relocation(uintptr_t image_base_delta, uint16_t data, uint8_t* relocation_base)
 	{
 #define IMR_RELOFFSET(x)			(x & 0xFFF)
 
@@ -146,8 +145,6 @@ namespace drvmap
 		return (T*)(uintptr_t)base + offset;
 	}
 
-
-
 	void drv_image::fix_imports(const std::function<uintptr_t(std::string_view)> get_module, const std::function<uintptr_t(uintptr_t, const char*)> get_function, const std::function<uintptr_t(uintptr_t, uint16_t)> get_function_ord){
 
 		ULONG size;
@@ -189,7 +186,7 @@ namespace drvmap
 
 				if(ordinal)
 				{
-					auto import_ordinal = static_cast<uint16_t>(image_thunk_data->u1.Ordinal & 0xffff);
+					const auto import_ordinal = static_cast<uint16_t>(image_thunk_data->u1.Ordinal & 0xffff);
 					function_address = get_function_ord(module_base, import_ordinal);
 					printf("function: %hu [0x%I64X]\n", import_ordinal, function_address);
 				} else

diff --git a/drvmap/drv_image.hpp b/drvmap/drv_image.hpp
@@ -26,7 +26,7 @@ namespace drvmap
 		size_t size() const;
 		uintptr_t entry_point() const;
 		void map();
-		bool process_relocation(size_t image_base_delta, uint16_t data, uint8_t* relocation_base) const;
+		static bool process_relocation(size_t image_base_delta, uint16_t data, uint8_t* relocation_base);
 		void relocate(uintptr_t base) const;
 
 		template<typename T>

diff --git a/drvmap/drvmap.vcxproj b/drvmap/drvmap.vcxproj
@@ -29,14 +29,14 @@
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>true</UseDebugLibraries>
     <PlatformToolset>v141</PlatformToolset>
-    <CharacterSet>MultiByte</CharacterSet>
+    <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <PlatformToolset>v141</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
-    <CharacterSet>MultiByte</CharacterSet>
+    <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
@@ -49,7 +49,7 @@
     <UseDebugLibraries>false</UseDebugLibraries>
     <PlatformToolset>v141</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
-    <CharacterSet>MultiByte</CharacterSet>
+    <CharacterSet>Unicode</CharacterSet>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
   <ImportGroup Label="ExtensionSettings">
@@ -84,8 +84,11 @@
     <Link>
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
-      <SubSystem>NotSet</SubSystem>
+      <SubSystem>Console</SubSystem>
       <AdditionalLibraryDirectories>D:\Dev\asmjit\build\MinSizeRel;C:\Users\Jan\source\repos\capcom\x64\Release;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <FullProgramDatabaseFile>false</FullProgramDatabaseFile>
+      <AssemblyDebug>false</AssemblyDebug>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">

diff --git a/drvmap/main.cpp b/drvmap/main.cpp
@@ -29,9 +29,9 @@ int __stdcall main(const int argc, char** argv)
 		return capcom->get_export(base, name);
 	};
 
-	const std::function<uintptr_t(uintptr_t, uint16_t)> _get_export_ordinal = [&capcom](uintptr_t base, uint16_t)
+	const std::function<uintptr_t(uintptr_t, uint16_t)> _get_export_ordinal = [&capcom](uintptr_t base, uint16_t ord)
 	{
-		return 0;
+		return capcom->get_export(base, ord);
 	};
 
 	std::vector<uint8_t> driver_image;
@@ -71,9 +71,9 @@ int __stdcall main(const int argc, char** argv)
 
 	auto status = STATUS_SUCCESS;
 
-	capcom->run([&entry_point, &status](auto mm_get) {
+	capcom->run([&entry_point, &status, &kernel_memory, &size](auto mm_get) {
 		using namespace drvmap::structs;
-		status = ((PDRIVER_INITIALIZE)entry_point)(nullptr, nullptr);
+		status = ((PDRIVER_INITIALIZE)entry_point)((_DRIVER_OBJECT*)kernel_memory, (PUNICODE_STRING)size);
 	});
 
 	if(NT_SUCCESS(status))