This code was created by not-wlan (wlan). all credit for this header and source file goes to him !!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ #include #include "../drv_image/drv_image.h" namespace physmeme { drv_image::drv_image(std::vector image) : m_image(std::move(image)) { m_dos_header = reinterpret_cast(m_image.data()); m_nt_headers = reinterpret_cast((uintptr_t)m_dos_header + m_dos_header->e_lfanew); m_section_header = reinterpret_cast((uintptr_t)(&m_nt_headers->OptionalHeader) + m_nt_headers->FileHeader.SizeOfOptionalHeader); } size_t drv_image::size() const { return m_nt_headers->OptionalHeader.SizeOfImage; } uintptr_t drv_image::entry_point() const { return m_nt_headers->OptionalHeader.AddressOfEntryPoint; } void drv_image::map() { m_image_mapped.clear(); m_image_mapped.resize(m_nt_headers->OptionalHeader.SizeOfImage); std::copy_n(m_image.begin(), m_nt_headers->OptionalHeader.SizeOfHeaders, m_image_mapped.begin()); for (size_t i = 0; i < m_nt_headers->FileHeader.NumberOfSections; ++i) { const auto& section = m_section_header[i]; const auto target = (uintptr_t)m_image_mapped.data() + section.VirtualAddress; const auto source = (uintptr_t)m_dos_header + section.PointerToRawData; std::copy_n(m_image.begin() + section.PointerToRawData, section.SizeOfRawData, m_image_mapped.begin() + section.VirtualAddress); } } bool drv_image::process_relocation(uintptr_t image_base_delta, uint16_t data, uint8_t* relocation_base) { #define IMR_RELOFFSET(x) (x & 0xFFF) switch (data >> 12 & 0xF) { case IMAGE_REL_BASED_HIGH: { const auto raw_address = reinterpret_cast(relocation_base + IMR_RELOFFSET(data)); *raw_address += static_cast(HIWORD(image_base_delta)); break; } case IMAGE_REL_BASED_LOW: { const auto raw_address = reinterpret_cast(relocation_base + IMR_RELOFFSET(data)); *raw_address += static_cast(LOWORD(image_base_delta)); break; } case IMAGE_REL_BASED_HIGHLOW: { const auto raw_address = reinterpret_cast(relocation_base + IMR_RELOFFSET(data)); *raw_address += static_cast(image_base_delta); break; } case IMAGE_REL_BASED_DIR64: { auto UNALIGNED raw_address = reinterpret_cast(relocation_base + IMR_RELOFFSET(data)); *raw_address += image_base_delta; break; } case IMAGE_REL_BASED_ABSOLUTE: // No action required case IMAGE_REL_BASED_HIGHADJ: // no action required { break; } default: { return false; } } #undef IMR_RELOFFSET return true; } void drv_image::relocate(void* base) const { if (m_nt_headers->FileHeader.Characteristics & IMAGE_FILE_RELOCS_STRIPPED) return; ULONG total_count_bytes; const auto nt_headers = ImageNtHeader((void*)m_image_mapped.data()); auto relocation_directory = (PIMAGE_BASE_RELOCATION)::ImageDirectoryEntryToData(nt_headers, TRUE, IMAGE_DIRECTORY_ENTRY_BASERELOC, &total_count_bytes); auto image_base_delta = static_cast(reinterpret_cast(base) - (nt_headers->OptionalHeader.ImageBase)); auto relocation_size = total_count_bytes; // This should check (DllCharacteristics & IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE) too but lots of drivers do not have it set due to WDK defaults const bool doRelocations = image_base_delta != 0 && relocation_size > 0; if (!doRelocations) return; void* relocation_end = reinterpret_cast(relocation_directory) + relocation_size; while (relocation_directory < relocation_end) { auto relocation_base = ::ImageRvaToVa(nt_headers, (void*)m_image_mapped.data(), relocation_directory->VirtualAddress, nullptr); auto num_relocs = (relocation_directory->SizeOfBlock - 8) >> 1; auto relocation_data = reinterpret_cast(relocation_directory + 1); for (unsigned long i = 0; i < num_relocs; ++i, ++relocation_data) if (process_relocation(image_base_delta, *relocation_data, (uint8_t*)relocation_base) == FALSE) return; relocation_directory = reinterpret_cast(relocation_data); } } template __forceinline T* ptr_add(void* base, uintptr_t offset) { return (T*)(uintptr_t)base + offset; } void drv_image::fix_imports(const std::function get_module, const std::function get_function) { ULONG size; auto import_descriptors = static_cast(::ImageDirectoryEntryToData(m_image.data(), FALSE, IMAGE_DIRECTORY_ENTRY_IMPORT, &size)); if (import_descriptors == nullptr) return; for (; import_descriptors->Name; import_descriptors++) { IMAGE_THUNK_DATA* image_thunk_data; const auto module_name = get_rva(import_descriptors->Name); const auto module_base = get_module(module_name); if (import_descriptors->OriginalFirstThunk) image_thunk_data = get_rva(import_descriptors->OriginalFirstThunk); else image_thunk_data = get_rva(import_descriptors->FirstThunk); auto image_func_data = get_rva(import_descriptors->FirstThunk); for (; image_thunk_data->u1.AddressOfData; image_thunk_data++, image_func_data++) { uintptr_t function_address; const auto ordinal = (image_thunk_data->u1.Ordinal & IMAGE_ORDINAL_FLAG64) != 0; const auto image_import_by_name = get_rva(*(DWORD*)image_thunk_data); const auto name_of_import = static_cast(image_import_by_name->Name); function_address = get_function(module_name, name_of_import); image_func_data->u1.Function = function_address; } } } void* drv_image::data() { return m_image_mapped.data(); } size_t drv_image::header_size() { return m_nt_headers->OptionalHeader.SizeOfHeaders; } }