From 615e624c7beffddd46e9fc8dd1f28a6236e28dcd Mon Sep 17 00:00:00 2001 From: xerox Date: Sat, 3 Oct 2020 04:44:32 -0700 Subject: [PATCH] fixed some issues with finding bootmgfw... --- Voyager-1/Voyager-1 (1703-1511)/BootMgfw.c | 23 +++++++++++----------- Voyager-1/Voyager-1 (2004-1709)/BootMgfw.c | 19 +++++++++--------- Voyager-1/Voyager-1 (2004-1709)/UefiMain.c | 2 +- Voyager-1/Voyager-1 (2004-1709)/Utils.h | 2 +- Voyager-2/Voyager-2 (1703-1511)/BootMgfw.c | 19 +++++++++--------- Voyager-2/Voyager-2 (2004-1709)/BootMgfw.c | 19 +++++++++--------- Voyager-2/Voyager-2 (2004-1709)/Utils.h | 2 +- 7 files changed, 44 insertions(+), 42 deletions(-) diff --git a/Voyager-1/Voyager-1 (1703-1511)/BootMgfw.c b/Voyager-1/Voyager-1 (1703-1511)/BootMgfw.c index e5ad410..33fe8b0 100644 --- a/Voyager-1/Voyager-1 (1703-1511)/BootMgfw.c +++ b/Voyager-1/Voyager-1 (1703-1511)/BootMgfw.c @@ -136,7 +136,6 @@ EFI_DEVICE_PATH* EFIAPI GetBootMgfwPath(VOID) UINTN HandleCount = NULL; EFI_STATUS Result; EFI_HANDLE* Handles = NULL; - EFI_DEVICE_PATH* DevicePath = NULL; EFI_FILE_HANDLE VolumeHandle; EFI_FILE_HANDLE BootMgfwHandle; EFI_FILE_IO_INTERFACE* FileSystem = NULL; @@ -144,34 +143,36 @@ EFI_DEVICE_PATH* EFIAPI GetBootMgfwPath(VOID) if (EFI_ERROR((Result = gBS->LocateHandleBuffer(ByProtocol, &gEfiSimpleFileSystemProtocolGuid, NULL, &HandleCount, &Handles)))) { Print(L"error getting file system handles -> 0x%p\n", Result); - return DevicePath; + return NULL; } - for (UINT32 Idx = 0u; Idx < HandleCount && !FileSystem; ++Idx) + for (UINT32 Idx = 0u; Idx < HandleCount; ++Idx) { if (EFI_ERROR((Result = gBS->OpenProtocol(Handles[Idx], &gEfiSimpleFileSystemProtocolGuid, (VOID**)&FileSystem, gImageHandle, NULL, EFI_OPEN_PROTOCOL_GET_PROTOCOL)))) { Print(L"error opening protocol -> 0x%p\n", Result); - return DevicePath; + return NULL; } if (EFI_ERROR((Result = FileSystem->OpenVolume(FileSystem, &VolumeHandle)))) { Print(L"error opening file system -> 0x%p\n", Result); - return DevicePath; + return NULL; } if (!EFI_ERROR(VolumeHandle->Open(VolumeHandle, &BootMgfwHandle, WINDOWS_BOOTMGFW_PATH, EFI_FILE_MODE_READ, EFI_FILE_READ_ONLY))) - DevicePath = FileDevicePath(Handles[Idx], WINDOWS_BOOTMGFW_PATH); + { + VolumeHandle->Close(BootMgfwHandle); + return FileDevicePath(Handles[Idx], WINDOWS_BOOTMGFW_PATH); + } - VolumeHandle->Close(BootMgfwHandle); if (EFI_ERROR((Result = gBS->CloseProtocol(Handles[Idx], &gEfiSimpleFileSystemProtocolGuid, gImageHandle, NULL)))) { Print(L"error closing protocol -> 0x%p\n", Result); - return DevicePath; + return NULL; } } - return DevicePath; + return NULL; } EFI_STATUS EFIAPI InstallBootMgfwHooks(EFI_HANDLE ImageHandle) @@ -192,9 +193,6 @@ EFI_STATUS EFIAPI InstallBootMgfwHooks(EFI_HANDLE ImageHandle) START_BOOT_APPLICATION_MASK ); - if (!ArchStartBootApplication) - return EFI_ABORTED; - Print(L"BootMgfw.ArchStartBootApplication -> 0x%p\n", ArchStartBootApplication); MakeShitHook(&BootMgfwShitHook, RESOLVE_RVA(ArchStartBootApplication, 5, 1), &ArchStartBootApplicationHook, TRUE); return EFI_SUCCESS; @@ -214,6 +212,7 @@ EFI_STATUS EFIAPI ArchStartBootApplicationHook(VOID* AppEntry, VOID* ImageBase, gST->ConOut->ClearScreen(gST->ConOut); gST->ConOut->OutputString(gST->ConOut, AsciiArt); Print(L"\n"); + Print(L"PE PayLoad Size -> 0x%x\n", PayLoadSize()); Print(L"winload.BlImgLoadPEImageEx -> 0x%p\n", RESOLVE_RVA(ImgLoadPEImageEx, 5, 1)); diff --git a/Voyager-1/Voyager-1 (2004-1709)/BootMgfw.c b/Voyager-1/Voyager-1 (2004-1709)/BootMgfw.c index 41cf541..bf9ed2d 100644 --- a/Voyager-1/Voyager-1 (2004-1709)/BootMgfw.c +++ b/Voyager-1/Voyager-1 (2004-1709)/BootMgfw.c @@ -136,7 +136,6 @@ EFI_DEVICE_PATH* EFIAPI GetBootMgfwPath(VOID) UINTN HandleCount = NULL; EFI_STATUS Result; EFI_HANDLE* Handles = NULL; - EFI_DEVICE_PATH* DevicePath = NULL; EFI_FILE_HANDLE VolumeHandle; EFI_FILE_HANDLE BootMgfwHandle; EFI_FILE_IO_INTERFACE* FileSystem = NULL; @@ -144,34 +143,36 @@ EFI_DEVICE_PATH* EFIAPI GetBootMgfwPath(VOID) if (EFI_ERROR((Result = gBS->LocateHandleBuffer(ByProtocol, &gEfiSimpleFileSystemProtocolGuid, NULL, &HandleCount, &Handles)))) { Print(L"error getting file system handles -> 0x%p\n", Result); - return DevicePath; + return NULL; } - for (UINT32 Idx = 0u; Idx < HandleCount && !FileSystem; ++Idx) + for (UINT32 Idx = 0u; Idx < HandleCount; ++Idx) { if (EFI_ERROR((Result = gBS->OpenProtocol(Handles[Idx], &gEfiSimpleFileSystemProtocolGuid, (VOID**)&FileSystem, gImageHandle, NULL, EFI_OPEN_PROTOCOL_GET_PROTOCOL)))) { Print(L"error opening protocol -> 0x%p\n", Result); - return DevicePath; + return NULL; } if (EFI_ERROR((Result = FileSystem->OpenVolume(FileSystem, &VolumeHandle)))) { Print(L"error opening file system -> 0x%p\n", Result); - return DevicePath; + return NULL; } if (!EFI_ERROR(VolumeHandle->Open(VolumeHandle, &BootMgfwHandle, WINDOWS_BOOTMGFW_PATH, EFI_FILE_MODE_READ, EFI_FILE_READ_ONLY))) - DevicePath = FileDevicePath(Handles[Idx], WINDOWS_BOOTMGFW_PATH); + { + VolumeHandle->Close(BootMgfwHandle); + return FileDevicePath(Handles[Idx], WINDOWS_BOOTMGFW_PATH); + } - VolumeHandle->Close(BootMgfwHandle); if (EFI_ERROR((Result = gBS->CloseProtocol(Handles[Idx], &gEfiSimpleFileSystemProtocolGuid, gImageHandle, NULL)))) { Print(L"error closing protocol -> 0x%p\n", Result); - return DevicePath; + return NULL; } } - return DevicePath; + return NULL; } EFI_STATUS EFIAPI InstallBootMgfwHooks(EFI_HANDLE BootMgfwPath) diff --git a/Voyager-1/Voyager-1 (2004-1709)/UefiMain.c b/Voyager-1/Voyager-1 (2004-1709)/UefiMain.c index 509f930..6c0c76c 100644 --- a/Voyager-1/Voyager-1 (2004-1709)/UefiMain.c +++ b/Voyager-1/Voyager-1 (2004-1709)/UefiMain.c @@ -27,7 +27,7 @@ EFI_STATUS EFIAPI UefiMain(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE* SystemTable return Result; } - // the payload is sitting on disk... we are going to load it into memory... + // the payload is sitting on disk... we are going to load it into memory then delete it... if (EFI_ERROR((Result = LoadPayLoadFromDisk(&PayLoad)))) { Print(L"failed to read payload from disk... reason -> %r\n", Result); diff --git a/Voyager-1/Voyager-1 (2004-1709)/Utils.h b/Voyager-1/Voyager-1 (2004-1709)/Utils.h index 8b25594..7b582fe 100644 --- a/Voyager-1/Voyager-1 (2004-1709)/Utils.h +++ b/Voyager-1/Voyager-1 (2004-1709)/Utils.h @@ -1,6 +1,6 @@ #pragma once #include "ShitHook.h" -#define WINVER 1709 +#define WINVER 2004 #define PORT_NUM 0x2F8 #define BL_MEMORY_ATTRIBUTE_RWX 0x424000 #define SECTION_RWX (EFI_IMAGE_SCN_MEM_READ | EFI_IMAGE_SCN_MEM_WRITE | EFI_IMAGE_SCN_MEM_EXECUTE) diff --git a/Voyager-2/Voyager-2 (1703-1511)/BootMgfw.c b/Voyager-2/Voyager-2 (1703-1511)/BootMgfw.c index 3a65c6e..1b695cc 100644 --- a/Voyager-2/Voyager-2 (1703-1511)/BootMgfw.c +++ b/Voyager-2/Voyager-2 (1703-1511)/BootMgfw.c @@ -136,7 +136,6 @@ EFI_DEVICE_PATH* EFIAPI GetBootMgfwPath(VOID) UINTN HandleCount = NULL; EFI_STATUS Result; EFI_HANDLE* Handles = NULL; - EFI_DEVICE_PATH* DevicePath = NULL; EFI_FILE_HANDLE VolumeHandle; EFI_FILE_HANDLE BootMgfwHandle; EFI_FILE_IO_INTERFACE* FileSystem = NULL; @@ -144,34 +143,36 @@ EFI_DEVICE_PATH* EFIAPI GetBootMgfwPath(VOID) if (EFI_ERROR((Result = gBS->LocateHandleBuffer(ByProtocol, &gEfiSimpleFileSystemProtocolGuid, NULL, &HandleCount, &Handles)))) { Print(L"error getting file system handles -> 0x%p\n", Result); - return DevicePath; + return NULL; } - for (UINT32 Idx = 0u; Idx < HandleCount && !FileSystem; ++Idx) + for (UINT32 Idx = 0u; Idx < HandleCount; ++Idx) { if (EFI_ERROR((Result = gBS->OpenProtocol(Handles[Idx], &gEfiSimpleFileSystemProtocolGuid, (VOID**)&FileSystem, gImageHandle, NULL, EFI_OPEN_PROTOCOL_GET_PROTOCOL)))) { Print(L"error opening protocol -> 0x%p\n", Result); - return DevicePath; + return NULL; } if (EFI_ERROR((Result = FileSystem->OpenVolume(FileSystem, &VolumeHandle)))) { Print(L"error opening file system -> 0x%p\n", Result); - return DevicePath; + return NULL; } if (!EFI_ERROR(VolumeHandle->Open(VolumeHandle, &BootMgfwHandle, WINDOWS_BOOTMGFW_PATH, EFI_FILE_MODE_READ, EFI_FILE_READ_ONLY))) - DevicePath = FileDevicePath(Handles[Idx], WINDOWS_BOOTMGFW_PATH); + { + VolumeHandle->Close(BootMgfwHandle); + return FileDevicePath(Handles[Idx], WINDOWS_BOOTMGFW_PATH); + } - VolumeHandle->Close(BootMgfwHandle); if (EFI_ERROR((Result = gBS->CloseProtocol(Handles[Idx], &gEfiSimpleFileSystemProtocolGuid, gImageHandle, NULL)))) { Print(L"error closing protocol -> 0x%p\n", Result); - return DevicePath; + return NULL; } } - return DevicePath; + return NULL; } EFI_STATUS EFIAPI InstallBootMgfwHooks(EFI_HANDLE ImageHandle) diff --git a/Voyager-2/Voyager-2 (2004-1709)/BootMgfw.c b/Voyager-2/Voyager-2 (2004-1709)/BootMgfw.c index 200e64d..efc4da7 100644 --- a/Voyager-2/Voyager-2 (2004-1709)/BootMgfw.c +++ b/Voyager-2/Voyager-2 (2004-1709)/BootMgfw.c @@ -136,7 +136,6 @@ EFI_DEVICE_PATH* EFIAPI GetBootMgfwPath(VOID) UINTN HandleCount = NULL; EFI_STATUS Result; EFI_HANDLE* Handles = NULL; - EFI_DEVICE_PATH* DevicePath = NULL; EFI_FILE_HANDLE VolumeHandle; EFI_FILE_HANDLE BootMgfwHandle; EFI_FILE_IO_INTERFACE* FileSystem = NULL; @@ -144,34 +143,36 @@ EFI_DEVICE_PATH* EFIAPI GetBootMgfwPath(VOID) if (EFI_ERROR((Result = gBS->LocateHandleBuffer(ByProtocol, &gEfiSimpleFileSystemProtocolGuid, NULL, &HandleCount, &Handles)))) { Print(L"error getting file system handles -> 0x%p\n", Result); - return DevicePath; + return NULL; } - for (UINT32 Idx = 0u; Idx < HandleCount && !FileSystem; ++Idx) + for (UINT32 Idx = 0u; Idx < HandleCount; ++Idx) { if (EFI_ERROR((Result = gBS->OpenProtocol(Handles[Idx], &gEfiSimpleFileSystemProtocolGuid, (VOID**)&FileSystem, gImageHandle, NULL, EFI_OPEN_PROTOCOL_GET_PROTOCOL)))) { Print(L"error opening protocol -> 0x%p\n", Result); - return DevicePath; + return NULL; } if (EFI_ERROR((Result = FileSystem->OpenVolume(FileSystem, &VolumeHandle)))) { Print(L"error opening file system -> 0x%p\n", Result); - return DevicePath; + return NULL; } if (!EFI_ERROR(VolumeHandle->Open(VolumeHandle, &BootMgfwHandle, WINDOWS_BOOTMGFW_PATH, EFI_FILE_MODE_READ, EFI_FILE_READ_ONLY))) - DevicePath = FileDevicePath(Handles[Idx], WINDOWS_BOOTMGFW_PATH); + { + VolumeHandle->Close(BootMgfwHandle); + return FileDevicePath(Handles[Idx], WINDOWS_BOOTMGFW_PATH); + } - VolumeHandle->Close(BootMgfwHandle); if (EFI_ERROR((Result = gBS->CloseProtocol(Handles[Idx], &gEfiSimpleFileSystemProtocolGuid, gImageHandle, NULL)))) { Print(L"error closing protocol -> 0x%p\n", Result); - return DevicePath; + return NULL; } } - return DevicePath; + return NULL; } EFI_STATUS EFIAPI InstallBootMgfwHooks(EFI_HANDLE BootMgfwPath) diff --git a/Voyager-2/Voyager-2 (2004-1709)/Utils.h b/Voyager-2/Voyager-2 (2004-1709)/Utils.h index 8b25594..7b582fe 100644 --- a/Voyager-2/Voyager-2 (2004-1709)/Utils.h +++ b/Voyager-2/Voyager-2 (2004-1709)/Utils.h @@ -1,6 +1,6 @@ #pragma once #include "ShitHook.h" -#define WINVER 1709 +#define WINVER 2004 #define PORT_NUM 0x2F8 #define BL_MEMORY_ATTRIBUTE_RWX 0x424000 #define SECTION_RWX (EFI_IMAGE_SCN_MEM_READ | EFI_IMAGE_SCN_MEM_WRITE | EFI_IMAGE_SCN_MEM_EXECUTE)