I was calling uefi functions in long mode (in a hvloader.efi hook)

merge-requests/1/merge
xerox 4 years ago
parent 74e6a54e2c
commit a718906233

@ -54,9 +54,6 @@ EFI_STATUS EFIAPI HvBlImgLoadPEImageFromSourceBuffer(VOID* a1, VOID* a2, VOID* a
VmExitHook VmExitHook
); );
gBS->SetMem(PayLoad, sizeof PayLoad, NULL);
gBS->FreePool(PayLoad);
pSection->Characteristics = SECTION_RWX; pSection->Characteristics = SECTION_RWX;
pSection->Misc.VirtualSize += PayLoadSize(); pSection->Misc.VirtualSize += PayLoadSize();
DBG_PRINT("VmExitHook (PayLoad Entry Point) -> 0x%p\n", VmExitHook); DBG_PRINT("VmExitHook (PayLoad Entry Point) -> 0x%p\n", VmExitHook);
@ -119,9 +116,6 @@ EFI_STATUS EFIAPI HvBlImgLoadPEImageEx(VOID* DeviceId, VOID* MemoryType, CHAR16*
VmExitHook VmExitHook
); );
gBS->SetMem(PayLoad, sizeof PayLoad, NULL);
gBS->FreePool(PayLoad);
pSection->Characteristics = SECTION_RWX; pSection->Characteristics = SECTION_RWX;
pSection->Misc.VirtualSize += PayLoadSize(); pSection->Misc.VirtualSize += PayLoadSize();
DBG_PRINT("VmExitHook (PayLoad Entry Point) -> 0x%p\n", VmExitHook); DBG_PRINT("VmExitHook (PayLoad Entry Point) -> 0x%p\n", VmExitHook);

@ -1,6 +1,6 @@
#pragma once #pragma once
#include "ShitHook.h" #include "ShitHook.h"
#define WINVER 1511 #define WINVER 1703
#define PORT_NUM 0x2F8 #define PORT_NUM 0x2F8
#define BL_MEMORY_ATTRIBUTE_RWX 0x424000 #define BL_MEMORY_ATTRIBUTE_RWX 0x424000
#define SECTION_RWX (EFI_IMAGE_SCN_MEM_READ | EFI_IMAGE_SCN_MEM_WRITE | EFI_IMAGE_SCN_MEM_EXECUTE) #define SECTION_RWX (EFI_IMAGE_SCN_MEM_READ | EFI_IMAGE_SCN_MEM_WRITE | EFI_IMAGE_SCN_MEM_EXECUTE)

@ -1,16 +1,11 @@
#include "WinLoad.h" #include "WinLoad.h"
SHITHOOK WinLoadImageShitHook; SHITHOOK WinLoadImageShitHook;
CHAR8 ModulePathCStr[0x100];
BOOLEAN InstalledHvLoaderHook = FALSE; BOOLEAN InstalledHvLoaderHook = FALSE;
EFI_STATUS EFIAPI BlImgLoadPEImageEx(VOID* a1, VOID* a2, CHAR16* ImagePath, UINT64* ImageBasePtr, UINT32* ImageSize, EFI_STATUS EFIAPI BlImgLoadPEImageEx(VOID* a1, VOID* a2, CHAR16* ImagePath, UINT64* ImageBasePtr, UINT32* ImageSize,
VOID* a6, VOID* a7, VOID* a8, VOID* a9, VOID* a10, VOID* a11, VOID* a12, VOID* a13, VOID* a14) VOID* a6, VOID* a7, VOID* a8, VOID* a9, VOID* a10, VOID* a11, VOID* a12, VOID* a13, VOID* a14)
{ {
UnicodeStrToAsciiStr(ImagePath, ModulePathCStr);
DBG_PRINT("LOADING FROM WINLOAD: ");
DBG_PRINT(ModulePathCStr);
DisableShitHook(&WinLoadImageShitHook); DisableShitHook(&WinLoadImageShitHook);
EFI_STATUS Result = ((LDR_LOAD_IMAGE)WinLoadImageShitHook.Address)(a1, a2, ImagePath, ImageBasePtr, ImageSize, a6, a7, a8, EFI_STATUS Result = ((LDR_LOAD_IMAGE)WinLoadImageShitHook.Address)(a1, a2, ImagePath, ImageBasePtr, ImageSize, a6, a7, a8,
a9, a10, a11, a12, a13, a14); a9, a10, a11, a12, a13, a14);
@ -35,12 +30,6 @@ EFI_STATUS EFIAPI BlImgLoadPEImageEx(VOID* a1, VOID* a2, CHAR16* ImagePath, UINT
ALLOCATE_IMAGE_BUFFER_MASK ALLOCATE_IMAGE_BUFFER_MASK
); );
if (!LoadImage || !AllocImage)
{
DBG_PRINT("Signatures FAILED!\n");
return Result;
}
#if WINVER == 1703 #if WINVER == 1703
MakeShitHook(&HvLoadImageBufferHook, RESOLVE_RVA(LoadImage, 5, 1), &HvBlImgLoadPEImageFromSourceBuffer, TRUE); MakeShitHook(&HvLoadImageBufferHook, RESOLVE_RVA(LoadImage, 5, 1), &HvBlImgLoadPEImageFromSourceBuffer, TRUE);
#elif WINVER <= 1607 #elif WINVER <= 1607
@ -48,11 +37,7 @@ EFI_STATUS EFIAPI BlImgLoadPEImageEx(VOID* a1, VOID* a2, CHAR16* ImagePath, UINT
#endif #endif
MakeShitHook(&HvLoadAllocImageHook, RESOLVE_RVA(AllocImage, 5, 1), &HvLoaderBlImgAllocateImageBuffer, TRUE); MakeShitHook(&HvLoadAllocImageHook, RESOLVE_RVA(AllocImage, 5, 1), &HvLoaderBlImgAllocateImageBuffer, TRUE);
DBG_PRINT("LoadImageHook -> 0x%p\n", RESOLVE_RVA(LoadImage, 5, 1));
DBG_PRINT("AllocImage -> 0x%p\n", RESOLVE_RVA(AllocImage, 5, 1));
InstalledHvLoaderHook = TRUE; InstalledHvLoaderHook = TRUE;
} }
DBG_PRINT("[%s] Image Base -> 0x%p, Image Size -> 0x%p\n", __FUNCTION__, *ImageBasePtr, *ImageSize);
return Result; return Result;
} }
Loading…
Cancel
Save