|
|
@ -151,8 +151,13 @@ EFI_STATUS EFIAPI BlImgLoadPEImageEx
|
|
|
|
if (!InstalledHvLoaderHook)
|
|
|
|
if (!InstalledHvLoaderHook)
|
|
|
|
EnableShitHook(&WinLoadImageShitHook);
|
|
|
|
EnableShitHook(&WinLoadImageShitHook);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
CHAR8 ModuleName[0x100];
|
|
|
|
|
|
|
|
UnicodeStrToAsciiStr(ImagePath, ModuleName);
|
|
|
|
|
|
|
|
DBG_PRINT("module loading -> %s\n", ModuleName);
|
|
|
|
|
|
|
|
|
|
|
|
if (StrStr(ImagePath, L"hvloader.efi"))
|
|
|
|
if (StrStr(ImagePath, L"hvloader.efi"))
|
|
|
|
{
|
|
|
|
{
|
|
|
|
|
|
|
|
DBG_PRINT("hvloader loaded into memory...\n");
|
|
|
|
VOID* LoadImage =
|
|
|
|
VOID* LoadImage =
|
|
|
|
FindPattern(
|
|
|
|
FindPattern(
|
|
|
|
*ImageBasePtr,
|
|
|
|
*ImageBasePtr,
|
|
|
@ -169,10 +174,13 @@ EFI_STATUS EFIAPI BlImgLoadPEImageEx
|
|
|
|
HV_ALLOCATE_IMAGE_BUFFER_MASK
|
|
|
|
HV_ALLOCATE_IMAGE_BUFFER_MASK
|
|
|
|
);
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
DBG_PRINT("LoadImage -> 0x%p\n", LoadImage);
|
|
|
|
|
|
|
|
DBG_PRINT("AllocImage -> 0x%p\n", AllocImage);
|
|
|
|
|
|
|
|
|
|
|
|
#if WINVER == 1703
|
|
|
|
#if WINVER == 1703
|
|
|
|
MakeShitHook(&HvLoadImageBufferHook, RESOLVE_RVA(LoadImage, 5, 1), &HvBlImgLoadPEImageFromSourceBuffer, TRUE);
|
|
|
|
MakeShitHook(&HvLoadImageBufferHook, RESOLVE_RVA(LoadImage, 10, 6), &HvBlImgLoadPEImageFromSourceBuffer, TRUE);
|
|
|
|
#elif WINVER <= 1607 // 1511 is the same...
|
|
|
|
#elif WINVER <= 1607
|
|
|
|
MakeShitHook(&HvLoadImageHook, RESOLVE_RVA(LoadImage, 5, 1), &HvBlImgLoadPEImageEx, TRUE);
|
|
|
|
MakeShitHook(&HvLoadImageHook, RESOLVE_RVA(LoadImage, 10, 6), &HvBlImgLoadPEImageEx, TRUE);
|
|
|
|
#endif
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
MakeShitHook(&HvLoadAllocImageHook, RESOLVE_RVA(AllocImage, 5, 1), &HvBlImgAllocateImageBuffer, TRUE);
|
|
|
|
MakeShitHook(&HvLoadAllocImageHook, RESOLVE_RVA(AllocImage, 5, 1), &HvBlImgAllocateImageBuffer, TRUE);
|
|
|
|