implement ability to seperate HMDM entry point from driver entry point

HMDM-MSREXEC/hmdm_ctx.cpp

@@ -79,7 +79,7 @@ namespace drv
 		{
 			reinterpret_cast<std::uintptr_t>(alloc_base),
 			reinterpret_cast<std::uintptr_t>(alloc_base +
-				nt_header->OptionalHeader.AddressOfEntryPoint)
+				locateEntrypoint(image_mapped))
 		};
 	}
 
@@ -142,6 +142,38 @@ namespace drv
 		}
 	}
 
+	auto hmdm_ctx::locateEntrypoint(drv_buffer_t& drv_buffer) const -> DWORD
+	{
+		const auto dos_header =
+			reinterpret_cast<PIMAGE_DOS_HEADER>(drv_buffer.data());
+
+		const auto nt_header =
+			reinterpret_cast<PIMAGE_NT_HEADERS>(
+				drv_buffer.data() + dos_header->e_lfanew);
+
+		DWORD entryPoint = nt_header->OptionalHeader.AddressOfEntryPoint;
+
+		ULONG size;
+		auto export_dir = static_cast<PIMAGE_EXPORT_DIRECTORY>(
+			::ImageDirectoryEntryToData(drv_buffer.data(),
+				TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size));
+
+		if (export_dir) {
+			for (DWORD i = 0; i < export_dir->NumberOfFunctions; i++)
+			{
+				DWORD funcnameaddr = *reinterpret_cast<DWORD*>(drv_buffer.data() + export_dir->AddressOfNames + (i * sizeof(DWORD)));
+				char* funcname = reinterpret_cast<char*>(drv_buffer.data() + funcnameaddr);
+				if (strcmp(funcname, "drv_entry") == 0) {
+					entryPoint = *reinterpret_cast<DWORD*>(drv_buffer.data() + export_dir->AddressOfFunctions + (i * sizeof(DWORD)));
+
+					break;
+				}
+			}
+		}
+
+		return entryPoint;
+	}
+
 	auto hmdm_ctx::resolve_imports(drv_buffer_t& drv_buffer) const -> void
 	{
 		ULONG size;

HMDM-MSREXEC/hmdm_ctx.h

@@ -26,5 +26,6 @@ namespace drv
 	private:
 		auto resolve_imports(drv_buffer_t& drv_buffer) const -> void;
 		auto fix_relocs(drv_buffer_t& drv_buffer, uint8_t* alloc_base) const -> void;
+		auto locateEntrypoint(drv_buffer_t& drv_buffer) const->DWORD;
 	};
 }

HMDM-VDM/hmdm_ctx.cpp

@@ -79,7 +79,7 @@ namespace drv
 		{
 			reinterpret_cast<std::uintptr_t>(alloc_base),
 			reinterpret_cast<std::uintptr_t>(alloc_base +
-				nt_header->OptionalHeader.AddressOfEntryPoint)
+			locateEntrypoint(image_mapped))
 		};
 	}
 
@@ -142,6 +142,38 @@ namespace drv
 		}
 	}
 
+	auto hmdm_ctx::locateEntrypoint(drv_buffer_t& drv_buffer) const -> DWORD
+	{
+		const auto dos_header =
+			reinterpret_cast<PIMAGE_DOS_HEADER>(drv_buffer.data());
+
+		const auto nt_header =
+			reinterpret_cast<PIMAGE_NT_HEADERS>(
+				drv_buffer.data() + dos_header->e_lfanew);
+
+		DWORD entryPoint = nt_header->OptionalHeader.AddressOfEntryPoint;
+
+		ULONG size;
+		auto export_dir = static_cast<PIMAGE_EXPORT_DIRECTORY>(
+			::ImageDirectoryEntryToData(drv_buffer.data(),
+				TRUE, IMAGE_DIRECTORY_ENTRY_EXPORT, &size));
+
+		if (export_dir) {
+			for (DWORD i = 0; i < export_dir->NumberOfFunctions; i++)
+			{
+				DWORD funcnameaddr = *reinterpret_cast<DWORD*>(drv_buffer.data() + export_dir->AddressOfNames + (i * sizeof(DWORD)));
+				char* funcname = reinterpret_cast<char*>(drv_buffer.data() + funcnameaddr);
+				if (strcmp(funcname, "drv_entry") == 0) {
+					entryPoint = *reinterpret_cast<DWORD*>(drv_buffer.data() + export_dir->AddressOfFunctions + (i * sizeof(DWORD)));
+
+					break;
+				}
+			}
+		}
+
+		return entryPoint;
+	}
+
 	auto hmdm_ctx::resolve_imports(drv_buffer_t& drv_buffer) const -> void
 	{
 		ULONG size;

HMDM-VDM/hmdm_ctx.h

@@ -26,5 +26,6 @@ namespace drv
 	private:
 		auto resolve_imports(drv_buffer_t& drv_buffer) const -> void;
 		auto fix_relocs(drv_buffer_t& drv_buffer, uint8_t* alloc_base) const -> void;
+		auto locateEntrypoint(drv_buffer_t& drv_buffer) const->DWORD;
 	};
 }