bundler works, able to replace bootmgfw on disk..

merge-requests/1/merge
xerox 4 years ago
parent 7b7cd7a9a7
commit 6e26985d98

@ -16,7 +16,7 @@ namespace shellcode
auto reloc = reinterpret_cast<PIMAGE_BASE_RELOCATION>(module_base + base_reloc_dir->VirtualAddress); auto reloc = reinterpret_cast<PIMAGE_BASE_RELOCATION>(module_base + base_reloc_dir->VirtualAddress);
for (auto current_size = 0u; current_size < base_reloc_dir->Size; ) for (auto current_size = 0u; current_size < base_reloc_dir->Size; )
{ {
auto reloc_count = (reloc->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(UINT16); std::uint32_t reloc_count = (reloc->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(UINT16);
auto reloc_data = reinterpret_cast<std::uint16_t*>((UINT8*)reloc + sizeof(IMAGE_BASE_RELOCATION)); auto reloc_data = reinterpret_cast<std::uint16_t*>((UINT8*)reloc + sizeof(IMAGE_BASE_RELOCATION));
auto reloc_base = reinterpret_cast<std::uint8_t*>(module_base) + reloc->VirtualAddress; auto reloc_base = reinterpret_cast<std::uint8_t*>(module_base) + reloc->VirtualAddress;
@ -28,6 +28,8 @@ namespace shellcode
switch (type) switch (type)
{ {
case IMAGE_REL_BASED_ABSOLUTE:
break;
case IMAGE_REL_BASED_DIR64: case IMAGE_REL_BASED_DIR64:
{ {
auto rva = reinterpret_cast<std::uintptr_t*>(reloc_base + offset); auto rva = reinterpret_cast<std::uintptr_t*>(reloc_base + offset);

@ -1,7 +1,7 @@
#include "BootMgfw.h" #include "BootMgfw.h"
SHITHOOK BootMgfwShitHook; SHITHOOK BootMgfwShitHook;
EFI_STATUS EFIAPI GetBootMgfwPath(EFI_DEVICE_PATH_PROTOCOL** BootMgfwPathProtocol) EFI_STATUS EFIAPI RestoreBootMgfw(VOID)
{ {
UINTN HandleCount = NULL; UINTN HandleCount = NULL;
EFI_STATUS Result; EFI_STATUS Result;
@ -33,11 +33,83 @@ EFI_STATUS EFIAPI GetBootMgfwPath(EFI_DEVICE_PATH_PROTOCOL** BootMgfwPathProtoco
return Result; return Result;
} }
// if we found the correct file (\\efi\\microsoft\\boot\\bootmgfw.efi) if (!EFI_ERROR(VolumeHandle->Open(VolumeHandle, &BootMgfwHandle, WINDOWS_BOOTMGFW_PATH, EFI_FILE_MODE_READ, EFI_FILE_READ_ONLY)))
if (!EFI_ERROR(VolumeHandle->Open(VolumeHandle, &BootMgfwHandle, WINDOWS_BOOTMGR_PATH, EFI_FILE_MODE_READ, EFI_FILE_READ_ONLY)))
{ {
VolumeHandle->Close(BootMgfwHandle); EFI_FILE_PROTOCOL* BootMgfwFile = NULL;
*BootMgfwPathProtocol = FileDevicePath(Handles[Idx], WINDOWS_BOOTMGR_PATH); EFI_DEVICE_PATH* BootMgfwPathProtocol = FileDevicePath(Handles[Idx], WINDOWS_BOOTMGFW_PATH);
if (EFI_ERROR((Result = EfiOpenFileByDevicePath(&BootMgfwPathProtocol, &BootMgfwFile, EFI_FILE_MODE_WRITE | EFI_FILE_MODE_READ, NULL))))
{
DBG_PRINT("error opening bootmgfw... reason -> %r\n", Result);
return Result;
}
if (EFI_ERROR((Result = BootMgfwFile->Delete(BootMgfwFile))))
{
DBG_PRINT("error deleting bootmgfw... reason -> %r\n", Result);
return Result;
}
BootMgfwPathProtocol = FileDevicePath(Handles[Idx], WINDOWS_BOOTMGFW_BACKUP_PATH);
if (EFI_ERROR((Result = EfiOpenFileByDevicePath(&BootMgfwPathProtocol, &BootMgfwFile, EFI_FILE_MODE_WRITE | EFI_FILE_MODE_READ, NULL))))
{
DBG_PRINT("failed to open backup file... reason -> %r\n", Result);
return Result;
}
EFI_FILE_INFO* FileInfoPtr = NULL;
UINTN FileInfoSize = NULL;
if (EFI_ERROR((Result = BootMgfwFile->GetInfo(BootMgfwFile, &gEfiFileInfoGuid, &FileInfoSize, NULL))))
{
if (Result == EFI_BUFFER_TOO_SMALL)
{
gBS->AllocatePool(EfiBootServicesData, FileInfoSize, &FileInfoPtr);
if (EFI_ERROR(Result = BootMgfwFile->GetInfo(BootMgfwFile, &gEfiFileInfoGuid, &FileInfoSize, FileInfoPtr)))
{
DBG_PRINT("get backup file information failed... reason -> %r\n", Result);
return Result;
}
}
else
{
DBG_PRINT("Failed to get file information... reason -> %r\n", Result);
return Result;
}
}
VOID* BootMgfwBuffer = NULL;
gBS->AllocatePool(EfiBootServicesData, FileInfoPtr->FileSize, &BootMgfwBuffer);
UINTN BootMgfwSize = FileInfoPtr->FileSize;
if (EFI_ERROR((Result = BootMgfwFile->Read(BootMgfwFile, &BootMgfwSize, BootMgfwBuffer))))
{
DBG_PRINT("Failed to read backup file into buffer... reason -> %r\n", Result);
return Result;
}
if (EFI_ERROR((Result = BootMgfwFile->Delete(BootMgfwFile))))
{
DBG_PRINT("unable to delete backup file... reason -> %r\n", Result);
return Result;
}
BootMgfwPathProtocol = FileDevicePath(Handles[Idx], WINDOWS_BOOTMGFW_PATH);
if (EFI_ERROR((Result = EfiOpenFileByDevicePath(&BootMgfwPathProtocol, &BootMgfwFile, EFI_FILE_MODE_CREATE | EFI_FILE_MODE_WRITE | EFI_FILE_MODE_READ, EFI_FILE_SYSTEM))))
{
DBG_PRINT("unable to create new bootmgfw on disk... reason -> %r\n", Result);
return Result;
}
BootMgfwSize = FileInfoPtr->FileSize;
if (EFI_ERROR((Result = BootMgfwFile->Write(BootMgfwFile, &BootMgfwSize, BootMgfwBuffer))))
{
DBG_PRINT("unable to write to newly created bootmgfw.efi... reason -> %r\n", Result);
return Result;
}
VolumeHandle->Close(VolumeHandle);
BootMgfwFile->Close(BootMgfwFile);
gBS->FreePool(FileInfoPtr);
gBS->FreePool(BootMgfwBuffer);
return EFI_SUCCESS; return EFI_SUCCESS;
} }

@ -18,9 +18,11 @@
#define START_BOOT_APPLICATION_MASK "x????xxxxxx????xxx" #define START_BOOT_APPLICATION_MASK "x????xxxxxx????xxx"
static_assert(sizeof(START_BOOT_APPLICATION_SIG) == sizeof(START_BOOT_APPLICATION_MASK), "signature and mask size's dont match..."); static_assert(sizeof(START_BOOT_APPLICATION_SIG) == sizeof(START_BOOT_APPLICATION_MASK), "signature and mask size's dont match...");
#define WINDOWS_BOOTMGR_PATH L"\\efi\\microsoft\\boot\\bootmgfw.efi" #define WINDOWS_BOOTMGFW_PATH L"\\efi\\microsoft\\boot\\bootmgfw.efi"
#define WINDOWS_BOOTMGFW_BACKUP_PATH L"\\efi\\microsoft\\boot\\bootmgfw.efi.backup"
extern SHITHOOK BootMgfwShitHook; extern SHITHOOK BootMgfwShitHook;
typedef EFI_STATUS(EFIAPI* IMG_ARCH_START_BOOT_APPLICATION)(VOID*, VOID*, UINT32, UINT8, VOID*); typedef EFI_STATUS(EFIAPI* IMG_ARCH_START_BOOT_APPLICATION)(VOID*, VOID*, UINT32, UINT8, VOID*);
EFI_STATUS EFIAPI GetBootMgfwPath(EFI_DEVICE_PATH_PROTOCOL** BootMgfwPathProtocol); EFI_STATUS EFIAPI RestoreBootMgfw(VOID);
EFI_STATUS EFIAPI InstallBootMgfwHooks(EFI_HANDLE ImageHandle); EFI_STATUS EFIAPI InstallBootMgfwHooks(EFI_HANDLE ImageHandle);
EFI_STATUS EFIAPI ArchStartBootApplicationHook(VOID* AppEntry, VOID* ImageBase, UINT32 ImageSize, UINT8 BootOption, VOID* ReturnArgs); EFI_STATUS EFIAPI ArchStartBootApplicationHook(VOID* AppEntry, VOID* ImageBase, UINT32 ImageSize, UINT8 BootOption, VOID* ReturnArgs);

@ -15,31 +15,17 @@ EFI_STATUS EFIAPI UefiMain
) )
{ {
EFI_STATUS Result; EFI_STATUS Result;
EFI_HANDLE BootMgfwHandle; EFI_DEVICE_PATH_PROTOCOL* BootMgfwPath;
EFI_DEVICE_PATH* BootMgfwPath; if (EFI_ERROR((Result = RestoreBootMgfw())))
if (EFI_ERROR((Result = GetBootMgfwPath(&BootMgfwPath))))
{
Print(L"unable to get bootmgfw file path... reason -> %r\n", Result);
return EFI_NOT_FOUND;
}
if (EFI_ERROR((Result = gBS->LoadImage(TRUE, ImageHandle, BootMgfwPath, NULL, 0, &BootMgfwHandle))))
{
Print(L"failed to load bootmgfw.efi... reason -> %r\n", Result);
return EFI_ABORTED;
}
if (EFI_ERROR((Result = InstallBootMgfwHooks(BootMgfwHandle))))
{ {
Print(L"Failed to install bootmgfw hooks... reason -> %r\n", Result); DBG_PRINT("unable to get bootmgfw path... reason -> %r\n", Result);
return EFI_ABORTED; return Result;
} }
if (EFI_ERROR((Result = gBS->StartImage(BootMgfwHandle, NULL, NULL)))) if (EFI_ERROR((Result = InstallBootMgfwHooks(ImageHandle))))
{ {
Print(L"Failed to start bootmgfw.efi...\n"); DBG_PRINT("Failed to install bootmgfw hooks... reason -> %r\n", Result);
return EFI_ABORTED; return Result;
} }
return EFI_SUCCESS; return EFI_SUCCESS;
} }

@ -1,7 +1,7 @@
#include "BootMgfw.h" #include "BootMgfw.h"
SHITHOOK BootMgfwShitHook; SHITHOOK BootMgfwShitHook;
EFI_STATUS EFIAPI GetBootMgfwPath(EFI_DEVICE_PATH_PROTOCOL** BootMgfwPathProtocol) EFI_STATUS EFIAPI RestoreBootMgfw(VOID)
{ {
UINTN HandleCount = NULL; UINTN HandleCount = NULL;
EFI_STATUS Result; EFI_STATUS Result;
@ -33,11 +33,83 @@ EFI_STATUS EFIAPI GetBootMgfwPath(EFI_DEVICE_PATH_PROTOCOL** BootMgfwPathProtoco
return Result; return Result;
} }
// if we found the correct file (\\efi\\microsoft\\boot\\bootmgfw.efi) if (!EFI_ERROR(VolumeHandle->Open(VolumeHandle, &BootMgfwHandle, WINDOWS_BOOTMGFW_PATH, EFI_FILE_MODE_READ, EFI_FILE_READ_ONLY)))
if (!EFI_ERROR(VolumeHandle->Open(VolumeHandle, &BootMgfwHandle, WINDOWS_BOOTMGR_PATH, EFI_FILE_MODE_READ, EFI_FILE_READ_ONLY)))
{ {
VolumeHandle->Close(BootMgfwHandle); EFI_FILE_PROTOCOL* BootMgfwFile = NULL;
*BootMgfwPathProtocol = FileDevicePath(Handles[Idx], WINDOWS_BOOTMGR_PATH); EFI_DEVICE_PATH* BootMgfwPathProtocol = FileDevicePath(Handles[Idx], WINDOWS_BOOTMGFW_PATH);
if (EFI_ERROR((Result = EfiOpenFileByDevicePath(&BootMgfwPathProtocol, &BootMgfwFile, EFI_FILE_MODE_WRITE | EFI_FILE_MODE_READ, NULL))))
{
DBG_PRINT("error opening bootmgfw... reason -> %r\n", Result);
return Result;
}
if (EFI_ERROR((Result = BootMgfwFile->Delete(BootMgfwFile))))
{
DBG_PRINT("error deleting bootmgfw... reason -> %r\n", Result);
return Result;
}
BootMgfwPathProtocol = FileDevicePath(Handles[Idx], WINDOWS_BOOTMGFW_BACKUP_PATH);
if (EFI_ERROR((Result = EfiOpenFileByDevicePath(&BootMgfwPathProtocol, &BootMgfwFile, EFI_FILE_MODE_WRITE | EFI_FILE_MODE_READ, NULL))))
{
DBG_PRINT("failed to open backup file... reason -> %r\n", Result);
return Result;
}
EFI_FILE_INFO* FileInfoPtr = NULL;
UINTN FileInfoSize = NULL;
if (EFI_ERROR((Result = BootMgfwFile->GetInfo(BootMgfwFile, &gEfiFileInfoGuid, &FileInfoSize, NULL))))
{
if (Result == EFI_BUFFER_TOO_SMALL)
{
gBS->AllocatePool(EfiBootServicesData, FileInfoSize, &FileInfoPtr);
if (EFI_ERROR(Result = BootMgfwFile->GetInfo(BootMgfwFile, &gEfiFileInfoGuid, &FileInfoSize, FileInfoPtr)))
{
DBG_PRINT("get backup file information failed... reason -> %r\n", Result);
return Result;
}
}
else
{
DBG_PRINT("Failed to get file information... reason -> %r\n", Result);
return Result;
}
}
VOID* BootMgfwBuffer = NULL;
gBS->AllocatePool(EfiBootServicesData, FileInfoPtr->FileSize, &BootMgfwBuffer);
UINTN BootMgfwSize = FileInfoPtr->FileSize;
if (EFI_ERROR((Result = BootMgfwFile->Read(BootMgfwFile, &BootMgfwSize, BootMgfwBuffer))))
{
DBG_PRINT("Failed to read backup file into buffer... reason -> %r\n", Result);
return Result;
}
if (EFI_ERROR((Result = BootMgfwFile->Delete(BootMgfwFile))))
{
DBG_PRINT("unable to delete backup file... reason -> %r\n", Result);
return Result;
}
BootMgfwPathProtocol = FileDevicePath(Handles[Idx], WINDOWS_BOOTMGFW_PATH);
if (EFI_ERROR((Result = EfiOpenFileByDevicePath(&BootMgfwPathProtocol, &BootMgfwFile, EFI_FILE_MODE_CREATE | EFI_FILE_MODE_WRITE | EFI_FILE_MODE_READ, EFI_FILE_SYSTEM))))
{
DBG_PRINT("unable to create new bootmgfw on disk... reason -> %r\n", Result);
return Result;
}
BootMgfwSize = FileInfoPtr->FileSize;
if (EFI_ERROR((Result = BootMgfwFile->Write(BootMgfwFile, &BootMgfwSize, BootMgfwBuffer))))
{
DBG_PRINT("unable to write to newly created bootmgfw.efi... reason -> %r\n", Result);
return Result;
}
VolumeHandle->Close(VolumeHandle);
BootMgfwFile->Close(BootMgfwFile);
gBS->FreePool(FileInfoPtr);
gBS->FreePool(BootMgfwBuffer);
return EFI_SUCCESS; return EFI_SUCCESS;
} }

@ -11,6 +11,7 @@
#include <Protocol/LoadedImage.h> #include <Protocol/LoadedImage.h>
#include <IndustryStandard/PeImage.h> #include <IndustryStandard/PeImage.h>
#include <Guid/GlobalVariable.h> #include <Guid/GlobalVariable.h>
#include <Library/ShellLib.h>
#include "WinLoad.h" #include "WinLoad.h"
#if WINVER > 1709 #if WINVER > 1709
@ -25,9 +26,11 @@
#endif #endif
static_assert(sizeof(START_BOOT_APPLICATION_SIG) == sizeof(START_BOOT_APPLICATION_MASK), "signature and mask size's dont match..."); static_assert(sizeof(START_BOOT_APPLICATION_SIG) == sizeof(START_BOOT_APPLICATION_MASK), "signature and mask size's dont match...");
#define WINDOWS_BOOTMGR_PATH L"\\efi\\microsoft\\boot\\bootmgfw.efi" #define WINDOWS_BOOTMGFW_PATH L"\\efi\\microsoft\\boot\\bootmgfw.efi"
#define WINDOWS_BOOTMGFW_BACKUP_PATH L"\\efi\\microsoft\\boot\\bootmgfw.efi.backup"
extern SHITHOOK BootMgfwShitHook; extern SHITHOOK BootMgfwShitHook;
typedef EFI_STATUS(EFIAPI* IMG_ARCH_START_BOOT_APPLICATION)(VOID*, VOID*, UINT32, UINT8, VOID*); typedef EFI_STATUS(EFIAPI* IMG_ARCH_START_BOOT_APPLICATION)(VOID*, VOID*, UINT32, UINT8, VOID*);
EFI_STATUS EFIAPI GetBootMgfwPath(EFI_DEVICE_PATH_PROTOCOL** BootMgfwPathProtocol); EFI_STATUS EFIAPI RestoreBootMgfw(VOID);
EFI_STATUS EFIAPI InstallBootMgfwHooks(EFI_HANDLE BootMgfwPath); EFI_STATUS EFIAPI InstallBootMgfwHooks(EFI_HANDLE BootMgfwPath);
EFI_STATUS EFIAPI ArchStartBootApplicationHook(VOID* AppEntry, VOID* ImageBase, UINT32 ImageSize, UINT8 BootOption, VOID* ReturnArgs); EFI_STATUS EFIAPI ArchStartBootApplicationHook(VOID* AppEntry, VOID* ImageBase, UINT32 ImageSize, UINT8 BootOption, VOID* ReturnArgs);

@ -1,5 +1,4 @@
#include "BootMgfw.h" #include "BootMgfw.h"
#include <Library/ShellLib.h>
CHAR8* gEfiCallerBaseName = "Voyager"; CHAR8* gEfiCallerBaseName = "Voyager";
const UINT32 _gUefiDriverRevision = 0x200; const UINT32 _gUefiDriverRevision = 0x200;
@ -7,7 +6,9 @@ const UINT32 _gUefiDriverRevision = 0x200;
EFI_STATUS EFIAPI UefiUnload( EFI_STATUS EFIAPI UefiUnload(
IN EFI_HANDLE ImageHandle IN EFI_HANDLE ImageHandle
) )
{ return EFI_SUCCESS; } {
return EFI_SUCCESS;
}
EFI_STATUS EFIAPI UefiMain EFI_STATUS EFIAPI UefiMain
( (
@ -16,31 +17,17 @@ EFI_STATUS EFIAPI UefiMain
) )
{ {
EFI_STATUS Result; EFI_STATUS Result;
EFI_HANDLE BootMgfwHandle; EFI_DEVICE_PATH_PROTOCOL* BootMgfwPath;
EFI_DEVICE_PATH* BootMgfwPath; if (EFI_ERROR((Result = RestoreBootMgfw())))
if (EFI_ERROR((Result = GetBootMgfwPath(&BootMgfwPath))))
{
Print(L"unable to get bootmgfw file path... reason -> %r\n", Result);
return EFI_NOT_FOUND;
}
if (EFI_ERROR((Result = gBS->LoadImage(TRUE, ImageHandle, BootMgfwPath, NULL, 0, &BootMgfwHandle))))
{
Print(L"failed to load bootmgfw.efi...\n");
return EFI_ABORTED;
}
if (EFI_ERROR(InstallBootMgfwHooks(BootMgfwHandle)))
{ {
Print(L"Failed to install bootmgfw hooks...\n"); DBG_PRINT("unable to get bootmgfw path... reason -> %r\n", Result);
return EFI_ABORTED; return Result;
} }
if (EFI_ERROR(gBS->StartImage(BootMgfwHandle, NULL, NULL))) if (EFI_ERROR((Result = InstallBootMgfwHooks(ImageHandle))))
{ {
Print(L"Failed to start bootmgfw.efi...\n"); DBG_PRINT("Failed to install bootmgfw hooks... reason -> %r\n", Result);
return EFI_ABORTED; return Result;
} }
return EFI_SUCCESS; return EFI_SUCCESS;
} }
Loading…
Cancel
Save