commit
eb59cbfb7c
@ -0,0 +1,388 @@
|
|||||||
|
## Ignore Visual Studio temporary files, build results, and
|
||||||
|
## files generated by popular Visual Studio add-ons.
|
||||||
|
##
|
||||||
|
## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
|
||||||
|
|
||||||
|
# User-specific files
|
||||||
|
*.rsuser
|
||||||
|
*.suo
|
||||||
|
*.user
|
||||||
|
*.userosscache
|
||||||
|
*.sln.docstates
|
||||||
|
|
||||||
|
# User-specific files (MonoDevelop/Xamarin Studio)
|
||||||
|
*.userprefs
|
||||||
|
|
||||||
|
# Mono auto generated files
|
||||||
|
mono_crash.*
|
||||||
|
|
||||||
|
# Build results
|
||||||
|
[Dd]ebug/
|
||||||
|
[Dd]ebugPublic/
|
||||||
|
[Rr]elease/
|
||||||
|
[Rr]eleases/
|
||||||
|
x64/
|
||||||
|
x86/
|
||||||
|
[Ww][Ii][Nn]32/
|
||||||
|
[Aa][Rr][Mm]/
|
||||||
|
[Aa][Rr][Mm]64/
|
||||||
|
bld/
|
||||||
|
[Bb]in/
|
||||||
|
[Oo]bj/
|
||||||
|
[Ll]og/
|
||||||
|
[Ll]ogs/
|
||||||
|
|
||||||
|
# Visual Studio 2015/2017 cache/options directory
|
||||||
|
.vs/
|
||||||
|
# Uncomment if you have tasks that create the project's static files in wwwroot
|
||||||
|
#wwwroot/
|
||||||
|
|
||||||
|
# Visual Studio 2017 auto generated files
|
||||||
|
Generated\ Files/
|
||||||
|
|
||||||
|
# MSTest test Results
|
||||||
|
[Tt]est[Rr]esult*/
|
||||||
|
[Bb]uild[Ll]og.*
|
||||||
|
|
||||||
|
# NUnit
|
||||||
|
*.VisualState.xml
|
||||||
|
TestResult.xml
|
||||||
|
nunit-*.xml
|
||||||
|
|
||||||
|
# Build Results of an ATL Project
|
||||||
|
[Dd]ebugPS/
|
||||||
|
[Rr]eleasePS/
|
||||||
|
dlldata.c
|
||||||
|
|
||||||
|
# Benchmark Results
|
||||||
|
BenchmarkDotNet.Artifacts/
|
||||||
|
|
||||||
|
# .NET Core
|
||||||
|
project.lock.json
|
||||||
|
project.fragment.lock.json
|
||||||
|
artifacts/
|
||||||
|
|
||||||
|
# ASP.NET Scaffolding
|
||||||
|
ScaffoldingReadMe.txt
|
||||||
|
|
||||||
|
# StyleCop
|
||||||
|
StyleCopReport.xml
|
||||||
|
|
||||||
|
# Files built by Visual Studio
|
||||||
|
*_i.c
|
||||||
|
*_p.c
|
||||||
|
*_h.h
|
||||||
|
*.ilk
|
||||||
|
*.meta
|
||||||
|
*.obj
|
||||||
|
*.iobj
|
||||||
|
*.pch
|
||||||
|
*.pdb
|
||||||
|
*.ipdb
|
||||||
|
*.pgc
|
||||||
|
*.pgd
|
||||||
|
*.rsp
|
||||||
|
*.sbr
|
||||||
|
*.tlb
|
||||||
|
*.tli
|
||||||
|
*.tlh
|
||||||
|
*.tmp
|
||||||
|
*.tmp_proj
|
||||||
|
*_wpftmp.csproj
|
||||||
|
*.log
|
||||||
|
*.tlog
|
||||||
|
*.vspscc
|
||||||
|
*.vssscc
|
||||||
|
.builds
|
||||||
|
*.pidb
|
||||||
|
*.svclog
|
||||||
|
*.scc
|
||||||
|
|
||||||
|
# Chutzpah Test files
|
||||||
|
_Chutzpah*
|
||||||
|
|
||||||
|
# Visual C++ cache files
|
||||||
|
ipch/
|
||||||
|
*.aps
|
||||||
|
*.ncb
|
||||||
|
*.opendb
|
||||||
|
*.opensdf
|
||||||
|
*.sdf
|
||||||
|
*.cachefile
|
||||||
|
*.VC.db
|
||||||
|
*.VC.VC.opendb
|
||||||
|
|
||||||
|
# Visual Studio profiler
|
||||||
|
*.psess
|
||||||
|
*.vsp
|
||||||
|
*.vspx
|
||||||
|
*.sap
|
||||||
|
|
||||||
|
# Visual Studio Trace Files
|
||||||
|
*.e2e
|
||||||
|
|
||||||
|
# TFS 2012 Local Workspace
|
||||||
|
$tf/
|
||||||
|
|
||||||
|
# Guidance Automation Toolkit
|
||||||
|
*.gpState
|
||||||
|
|
||||||
|
# ReSharper is a .NET coding add-in
|
||||||
|
_ReSharper*/
|
||||||
|
*.[Rr]e[Ss]harper
|
||||||
|
*.DotSettings.user
|
||||||
|
|
||||||
|
# TeamCity is a build add-in
|
||||||
|
_TeamCity*
|
||||||
|
|
||||||
|
# DotCover is a Code Coverage Tool
|
||||||
|
*.dotCover
|
||||||
|
|
||||||
|
# AxoCover is a Code Coverage Tool
|
||||||
|
.axoCover/*
|
||||||
|
!.axoCover/settings.json
|
||||||
|
|
||||||
|
# Coverlet is a free, cross platform Code Coverage Tool
|
||||||
|
coverage*.json
|
||||||
|
coverage*.xml
|
||||||
|
coverage*.info
|
||||||
|
|
||||||
|
# Visual Studio code coverage results
|
||||||
|
*.coverage
|
||||||
|
*.coveragexml
|
||||||
|
|
||||||
|
# NCrunch
|
||||||
|
_NCrunch_*
|
||||||
|
.*crunch*.local.xml
|
||||||
|
nCrunchTemp_*
|
||||||
|
|
||||||
|
# MightyMoose
|
||||||
|
*.mm.*
|
||||||
|
AutoTest.Net/
|
||||||
|
|
||||||
|
# Web workbench (sass)
|
||||||
|
.sass-cache/
|
||||||
|
|
||||||
|
# Installshield output folder
|
||||||
|
[Ee]xpress/
|
||||||
|
|
||||||
|
# DocProject is a documentation generator add-in
|
||||||
|
DocProject/buildhelp/
|
||||||
|
DocProject/Help/*.HxT
|
||||||
|
DocProject/Help/*.HxC
|
||||||
|
DocProject/Help/*.hhc
|
||||||
|
DocProject/Help/*.hhk
|
||||||
|
DocProject/Help/*.hhp
|
||||||
|
DocProject/Help/Html2
|
||||||
|
DocProject/Help/html
|
||||||
|
|
||||||
|
# Click-Once directory
|
||||||
|
publish/
|
||||||
|
|
||||||
|
# Publish Web Output
|
||||||
|
*.[Pp]ublish.xml
|
||||||
|
*.azurePubxml
|
||||||
|
# Note: Comment the next line if you want to checkin your web deploy settings,
|
||||||
|
# but database connection strings (with potential passwords) will be unencrypted
|
||||||
|
*.pubxml
|
||||||
|
*.publishproj
|
||||||
|
|
||||||
|
# Microsoft Azure Web App publish settings. Comment the next line if you want to
|
||||||
|
# checkin your Azure Web App publish settings, but sensitive information contained
|
||||||
|
# in these scripts will be unencrypted
|
||||||
|
PublishScripts/
|
||||||
|
|
||||||
|
# NuGet Packages
|
||||||
|
*.nupkg
|
||||||
|
# NuGet Symbol Packages
|
||||||
|
*.snupkg
|
||||||
|
# The packages folder can be ignored because of Package Restore
|
||||||
|
**/[Pp]ackages/*
|
||||||
|
# except build/, which is used as an MSBuild target.
|
||||||
|
!**/[Pp]ackages/build/
|
||||||
|
# Uncomment if necessary however generally it will be regenerated when needed
|
||||||
|
#!**/[Pp]ackages/repositories.config
|
||||||
|
# NuGet v3's project.json files produces more ignorable files
|
||||||
|
*.nuget.props
|
||||||
|
*.nuget.targets
|
||||||
|
|
||||||
|
# Nuget personal access tokens and Credentials
|
||||||
|
nuget.config
|
||||||
|
|
||||||
|
# Microsoft Azure Build Output
|
||||||
|
csx/
|
||||||
|
*.build.csdef
|
||||||
|
|
||||||
|
# Microsoft Azure Emulator
|
||||||
|
ecf/
|
||||||
|
rcf/
|
||||||
|
|
||||||
|
# Windows Store app package directories and files
|
||||||
|
AppPackages/
|
||||||
|
BundleArtifacts/
|
||||||
|
Package.StoreAssociation.xml
|
||||||
|
_pkginfo.txt
|
||||||
|
*.appx
|
||||||
|
*.appxbundle
|
||||||
|
*.appxupload
|
||||||
|
|
||||||
|
# Visual Studio cache files
|
||||||
|
# files ending in .cache can be ignored
|
||||||
|
*.[Cc]ache
|
||||||
|
# but keep track of directories ending in .cache
|
||||||
|
!?*.[Cc]ache/
|
||||||
|
|
||||||
|
# Others
|
||||||
|
ClientBin/
|
||||||
|
~$*
|
||||||
|
*~
|
||||||
|
*.dbmdl
|
||||||
|
*.dbproj.schemaview
|
||||||
|
*.jfm
|
||||||
|
*.pfx
|
||||||
|
*.publishsettings
|
||||||
|
orleans.codegen.cs
|
||||||
|
|
||||||
|
# Including strong name files can present a security risk
|
||||||
|
# (https://github.com/github/gitignore/pull/2483#issue-259490424)
|
||||||
|
#*.snk
|
||||||
|
|
||||||
|
# Since there are multiple workflows, uncomment next line to ignore bower_components
|
||||||
|
# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
|
||||||
|
#bower_components/
|
||||||
|
|
||||||
|
# RIA/Silverlight projects
|
||||||
|
Generated_Code/
|
||||||
|
|
||||||
|
# Backup & report files from converting an old project file
|
||||||
|
# to a newer Visual Studio version. Backup files are not needed,
|
||||||
|
# because we have git ;-)
|
||||||
|
_UpgradeReport_Files/
|
||||||
|
Backup*/
|
||||||
|
UpgradeLog*.XML
|
||||||
|
UpgradeLog*.htm
|
||||||
|
ServiceFabricBackup/
|
||||||
|
*.rptproj.bak
|
||||||
|
|
||||||
|
# SQL Server files
|
||||||
|
*.mdf
|
||||||
|
*.ldf
|
||||||
|
*.ndf
|
||||||
|
|
||||||
|
# Business Intelligence projects
|
||||||
|
*.rdl.data
|
||||||
|
*.bim.layout
|
||||||
|
*.bim_*.settings
|
||||||
|
*.rptproj.rsuser
|
||||||
|
*- [Bb]ackup.rdl
|
||||||
|
*- [Bb]ackup ([0-9]).rdl
|
||||||
|
*- [Bb]ackup ([0-9][0-9]).rdl
|
||||||
|
|
||||||
|
# Microsoft Fakes
|
||||||
|
FakesAssemblies/
|
||||||
|
|
||||||
|
# GhostDoc plugin setting file
|
||||||
|
*.GhostDoc.xml
|
||||||
|
|
||||||
|
# Node.js Tools for Visual Studio
|
||||||
|
.ntvs_analysis.dat
|
||||||
|
node_modules/
|
||||||
|
|
||||||
|
# Visual Studio 6 build log
|
||||||
|
*.plg
|
||||||
|
|
||||||
|
# Visual Studio 6 workspace options file
|
||||||
|
*.opt
|
||||||
|
|
||||||
|
# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
|
||||||
|
*.vbw
|
||||||
|
|
||||||
|
# Visual Studio LightSwitch build output
|
||||||
|
**/*.HTMLClient/GeneratedArtifacts
|
||||||
|
**/*.DesktopClient/GeneratedArtifacts
|
||||||
|
**/*.DesktopClient/ModelManifest.xml
|
||||||
|
**/*.Server/GeneratedArtifacts
|
||||||
|
**/*.Server/ModelManifest.xml
|
||||||
|
_Pvt_Extensions
|
||||||
|
|
||||||
|
# Paket dependency manager
|
||||||
|
.paket/paket.exe
|
||||||
|
paket-files/
|
||||||
|
|
||||||
|
# FAKE - F# Make
|
||||||
|
.fake/
|
||||||
|
|
||||||
|
# CodeRush personal settings
|
||||||
|
.cr/personal
|
||||||
|
|
||||||
|
# Python Tools for Visual Studio (PTVS)
|
||||||
|
__pycache__/
|
||||||
|
*.pyc
|
||||||
|
|
||||||
|
# Cake - Uncomment if you are using it
|
||||||
|
# tools/**
|
||||||
|
# !tools/packages.config
|
||||||
|
|
||||||
|
# Tabs Studio
|
||||||
|
*.tss
|
||||||
|
|
||||||
|
# Telerik's JustMock configuration file
|
||||||
|
*.jmconfig
|
||||||
|
|
||||||
|
# BizTalk build output
|
||||||
|
*.btp.cs
|
||||||
|
*.btm.cs
|
||||||
|
*.odx.cs
|
||||||
|
*.xsd.cs
|
||||||
|
|
||||||
|
# OpenCover UI analysis results
|
||||||
|
OpenCover/
|
||||||
|
|
||||||
|
# Azure Stream Analytics local run output
|
||||||
|
ASALocalRun/
|
||||||
|
|
||||||
|
# MSBuild Binary and Structured Log
|
||||||
|
*.binlog
|
||||||
|
|
||||||
|
# NVidia Nsight GPU debugger configuration file
|
||||||
|
*.nvuser
|
||||||
|
|
||||||
|
# MFractors (Xamarin productivity tool) working folder
|
||||||
|
.mfractor/
|
||||||
|
|
||||||
|
# Local History for Visual Studio
|
||||||
|
.localhistory/
|
||||||
|
|
||||||
|
# BeatPulse healthcheck temp database
|
||||||
|
healthchecksdb
|
||||||
|
|
||||||
|
# Backup folder for Package Reference Convert tool in Visual Studio 2017
|
||||||
|
MigrationBackup/
|
||||||
|
|
||||||
|
# Ionide (cross platform F# VS Code tools) working folder
|
||||||
|
.ionide/
|
||||||
|
|
||||||
|
# Fody - auto-generated XML schema
|
||||||
|
FodyWeavers.xsd
|
||||||
|
|
||||||
|
# VS Code files for those working on multiple tools
|
||||||
|
.vscode/*
|
||||||
|
!.vscode/settings.json
|
||||||
|
!.vscode/tasks.json
|
||||||
|
!.vscode/launch.json
|
||||||
|
!.vscode/extensions.json
|
||||||
|
*.code-workspace
|
||||||
|
|
||||||
|
# Local History for Visual Studio Code
|
||||||
|
.history/
|
||||||
|
|
||||||
|
# Windows Installer files from build outputs
|
||||||
|
*.cab
|
||||||
|
*.msi
|
||||||
|
*.msix
|
||||||
|
*.msm
|
||||||
|
*.msp
|
||||||
|
|
||||||
|
# JetBrains Rider
|
||||||
|
.idea/
|
||||||
|
*.sln.iml
|
@ -0,0 +1,6 @@
|
|||||||
|
[submodule "dependencies/vmhook"]
|
||||||
|
path = dependencies/vmhook
|
||||||
|
url = https://githacks.org/vmp2/vmhook.git
|
||||||
|
[submodule "dependencies/ZwSwapCert"]
|
||||||
|
path = dependencies/ZwSwapCert
|
||||||
|
url = https://githacks.org/_xeroxz/zwswapcert.git
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -0,0 +1 @@
|
|||||||
|
Subproject commit bf5f30c360f7e9d87a0cdba82d70008fd64c5c1c
|
@ -0,0 +1 @@
|
|||||||
|
Subproject commit aec227a091e0a2a5a591d0e77df5243270d99672
|
@ -0,0 +1,189 @@
|
|||||||
|
//
|
||||||
|
// Registers on image load callback then applies vmhook to EAC
|
||||||
|
//
|
||||||
|
//
|
||||||
|
|
||||||
|
#include <ntifs.h>
|
||||||
|
#include <intrin.h>
|
||||||
|
#include <vmhook.hpp>
|
||||||
|
|
||||||
|
//
|
||||||
|
// game cheat offset flash backs...
|
||||||
|
//
|
||||||
|
|
||||||
|
#define EAC_VM_HANDLE_OFFSET 0xE93D
|
||||||
|
#define EAC_IMAGE_BASE 0x140000000
|
||||||
|
|
||||||
|
//
|
||||||
|
// vm handler indexes for READQ...
|
||||||
|
//
|
||||||
|
|
||||||
|
u8 readq_idxs[] = { 247, 215, 169, 159, 71, 60, 55, 43, 23 };
|
||||||
|
|
||||||
|
//
|
||||||
|
// vm handler indexes for READDW
|
||||||
|
//
|
||||||
|
|
||||||
|
u8 readdw_idxs[] = { 218, 180, 179, 178, 163, 137, 92, 22, 12 };
|
||||||
|
|
||||||
|
vm::hook_t* g_vmhook = nullptr;
|
||||||
|
vm::handler::table_t* g_vm_table = nullptr;
|
||||||
|
|
||||||
|
void*
|
||||||
|
operator new(
|
||||||
|
u64 size
|
||||||
|
)
|
||||||
|
{
|
||||||
|
//
|
||||||
|
// Could have also used ExAllocatePoolZero...
|
||||||
|
//
|
||||||
|
|
||||||
|
return RtlZeroMemory(ExAllocatePool(NonPagedPool, size), size);
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
operator delete
|
||||||
|
(
|
||||||
|
void* ptr,
|
||||||
|
u64 size
|
||||||
|
)
|
||||||
|
{
|
||||||
|
UNREFERENCED_PARAMETER(size);
|
||||||
|
ExFreePool(ptr);
|
||||||
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
image_loaded(
|
||||||
|
PUNICODE_STRING image_name,
|
||||||
|
HANDLE pid,
|
||||||
|
PIMAGE_INFO image_info
|
||||||
|
)
|
||||||
|
{
|
||||||
|
//
|
||||||
|
// PID is zero when the module being loaded is going into the kernel...
|
||||||
|
//
|
||||||
|
|
||||||
|
if (!pid && wcsstr(image_name->Buffer, L"EasyAntiCheat.sys"))
|
||||||
|
{
|
||||||
|
if (g_vmhook && g_vm_table)
|
||||||
|
delete g_vmhook, delete g_vm_table;
|
||||||
|
|
||||||
|
//
|
||||||
|
// allocate memory for a g_vmhook, g_vm_table and then zero it...
|
||||||
|
//
|
||||||
|
|
||||||
|
// > 0x00007FF77A233736 mov rcx, [r12+rax*8]
|
||||||
|
// > 0x00007FF77A23373D ror rcx, 0x30 <--- decrypt vm handler entry...
|
||||||
|
// > 0x00007FF77A233747 add rcx, r13
|
||||||
|
// > 0x00007FF77A23374A jmp rcx
|
||||||
|
vm::decrypt_handler_t _decrypt_handler =
|
||||||
|
[](u64 val) -> u64
|
||||||
|
{
|
||||||
|
return _rotl64(val, 0x30);
|
||||||
|
};
|
||||||
|
|
||||||
|
// > 0x00007FF77A233736 mov rcx, [r12+rax*8]
|
||||||
|
// > 0x00007FF77A23373D ror rcx, 0x30 <--- inverse to encrypt vm handler entry...
|
||||||
|
// > 0x00007FF77A233747 add rcx, r13
|
||||||
|
// > 0x00007FF77A23374A jmp rcx
|
||||||
|
vm::encrypt_handler_t _encrypt_handler =
|
||||||
|
[](u64 val) -> u64
|
||||||
|
{
|
||||||
|
return _rotr64(val, 0x30);
|
||||||
|
};
|
||||||
|
|
||||||
|
vm::handler::edit_entry_t _edit_entry =
|
||||||
|
[](u64* entry_ptr, u64 val) -> void
|
||||||
|
{
|
||||||
|
//
|
||||||
|
// disable write protect bit in cr0...
|
||||||
|
//
|
||||||
|
|
||||||
|
{
|
||||||
|
auto cr0 = __readcr0();
|
||||||
|
cr0 &= 0xfffffffffffeffff;
|
||||||
|
__writecr0(cr0);
|
||||||
|
_disable();
|
||||||
|
}
|
||||||
|
|
||||||
|
*entry_ptr = val;
|
||||||
|
|
||||||
|
//
|
||||||
|
// enable write protect bit in cr0...
|
||||||
|
//
|
||||||
|
|
||||||
|
{
|
||||||
|
auto cr0 = __readcr0();
|
||||||
|
cr0 |= 0x10000;
|
||||||
|
_enable();
|
||||||
|
__writecr0(cr0);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
auto image_base = reinterpret_cast<u64>(image_info->ImageBase);
|
||||||
|
auto handler_table_ptr = reinterpret_cast<u64*>(image_base + EAC_VM_HANDLE_OFFSET);
|
||||||
|
|
||||||
|
g_vm_table = new vm::handler::table_t(handler_table_ptr, _edit_entry);
|
||||||
|
g_vmhook = new vm::hook_t(image_base, EAC_IMAGE_BASE, _decrypt_handler, _encrypt_handler, g_vm_table);
|
||||||
|
|
||||||
|
// install hooks on READQ virtual machine handlers...
|
||||||
|
for (auto idx = 0u; idx < sizeof readq_idxs; ++idx)
|
||||||
|
{
|
||||||
|
g_vm_table->set_callback(readq_idxs[idx],
|
||||||
|
[](vm::registers* regs, u8 handler_idx)
|
||||||
|
{
|
||||||
|
DbgPrint("> READQ, reading address = 0x%p\n", reinterpret_cast<u64*>(regs->rbp)[0]);
|
||||||
|
}
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
for (auto idx = 0u; idx < sizeof readdw_idxs; ++idx)
|
||||||
|
{
|
||||||
|
g_vm_table->set_callback(readdw_idxs[idx],
|
||||||
|
[](vm::registers* regs, u8 handler_idx)
|
||||||
|
{
|
||||||
|
DbgPrint("> READDW, reading address = 0x%p\n", reinterpret_cast<u64*>(regs->rbp)[0]);
|
||||||
|
}
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
//
|
||||||
|
// hooks all vm handlers and starts callbacks...
|
||||||
|
//
|
||||||
|
g_vmhook->start();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*++
|
||||||
|
|
||||||
|
Routine Description:
|
||||||
|
This is the entry routine for the vmhook-eac driver.
|
||||||
|
|
||||||
|
Arguments:
|
||||||
|
drv_object - Pointer to driver object created by the system.
|
||||||
|
reg_path - Receives the full registry path to the SERVICES
|
||||||
|
node of the current control set.
|
||||||
|
|
||||||
|
Return Value:
|
||||||
|
An NTSTATUS code.
|
||||||
|
|
||||||
|
--*/
|
||||||
|
|
||||||
|
extern "C"
|
||||||
|
NTSTATUS
|
||||||
|
DriverEntry( // entry called from ZwSwapCert...
|
||||||
|
PDRIVER_OBJECT drv_object,
|
||||||
|
PUNICODE_STRING reg_path
|
||||||
|
)
|
||||||
|
{
|
||||||
|
UNREFERENCED_PARAMETER(drv_object);
|
||||||
|
UNREFERENCED_PARAMETER(reg_path);
|
||||||
|
|
||||||
|
//
|
||||||
|
// This kernel driver cannot be unloaded so there is no unload routine...
|
||||||
|
// This is because ZwSwapCert will cause the system to crash...
|
||||||
|
//
|
||||||
|
|
||||||
|
DbgPrint("> Registering ImageLoad Callbacks...\n");
|
||||||
|
return PsSetLoadImageNotifyRoutine(&image_loaded);
|
||||||
|
}
|
@ -0,0 +1,31 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||||
|
<ItemGroup>
|
||||||
|
<Filter Include="Source Files">
|
||||||
|
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
||||||
|
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
||||||
|
</Filter>
|
||||||
|
<Filter Include="Header Files">
|
||||||
|
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
||||||
|
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
|
||||||
|
</Filter>
|
||||||
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<ClCompile Include="drv_entry.cpp">
|
||||||
|
<Filter>Source Files</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
<ClCompile Include="dependencies\vmhook\src\vmhook.cpp">
|
||||||
|
<Filter>Source Files</Filter>
|
||||||
|
</ClCompile>
|
||||||
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<ClInclude Include="dependencies\vmhook\include\vmhook.hpp">
|
||||||
|
<Filter>Header Files</Filter>
|
||||||
|
</ClInclude>
|
||||||
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<MASM Include="dependencies\vmhook\src\vtrap.asm">
|
||||||
|
<Filter>Source Files</Filter>
|
||||||
|
</MASM>
|
||||||
|
</ItemGroup>
|
||||||
|
</Project>
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -0,0 +1,16 @@
|
|||||||
|
D:\vmhook-eac\vmhook-eac.vcxproj(43,5): warning MSB4011: "G:\vs\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.props" cannot be imported again. It was already imported at "C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.Shared.props (352,3)". This is most likely a build authoring error. This subsequent import will be ignored.
|
||||||
|
D:\vmhook-eac\vmhook-eac.vcxproj(88,5): warning MSB4011: "G:\vs\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.targets" cannot be imported again. It was already imported at "C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.common.targets (1878,3)". This is most likely a build authoring error. This subsequent import will be ignored.
|
||||||
|
Building 'vmhook-eac' with toolset 'WindowsKernelModeDriver10.0' and the 'Universal' target platform.
|
||||||
|
Building 'ZwSwapCert' with toolset 'WindowsKernelModeDriver10.0' and the 'Universal' target platform.
|
||||||
|
drv_entry.cpp
|
||||||
|
D:\vmhook-eac\drv_entry.cpp(136,5): warning C4100: 'handler_idx': unreferenced formal parameter
|
||||||
|
D:\vmhook-eac\drv_entry.cpp(146,5): warning C4100: 'handler_idx': unreferenced formal parameter
|
||||||
|
vmhook-eac.vcxproj -> D:\vmhook-eac\x64\Release\vmhook-eac.sys
|
||||||
|
D:\vmhook-eac\vmhook-eac.vcxproj(43,5): warning MSB4011: "G:\vs\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.props" cannot be imported again. It was already imported at "C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.Shared.props (352,3)". This is most likely a build authoring error. This subsequent import will be ignored.
|
||||||
|
D:\vmhook-eac\vmhook-eac.vcxproj(88,5): warning MSB4011: "G:\vs\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.targets" cannot be imported again. It was already imported at "C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.common.targets (1878,3)". This is most likely a build authoring error. This subsequent import will be ignored.
|
||||||
|
Done Adding Additional Store
|
||||||
|
Successfully signed: D:\vmhook-eac\x64\Release\vmhook-eac.sys
|
||||||
|
|
||||||
|
Driver is 'Universal'.
|
||||||
|
D:\vmhook-eac\vmhook-eac.vcxproj(43,5): warning MSB4011: "G:\vs\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.props" cannot be imported again. It was already imported at "C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.Shared.props (352,3)". This is most likely a build authoring error. This subsequent import will be ignored.
|
||||||
|
D:\vmhook-eac\vmhook-eac.vcxproj(88,5): warning MSB4011: "G:\vs\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.targets" cannot be imported again. It was already imported at "C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.common.targets (1878,3)". This is most likely a build authoring error. This subsequent import will be ignored.
|
Binary file not shown.
@ -0,0 +1,11 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<Project>
|
||||||
|
<ProjectOutputs>
|
||||||
|
<ProjectOutput>
|
||||||
|
<FullPath>D:\vmhook-eac\x64\Release\vmhook-eac.sys</FullPath>
|
||||||
|
</ProjectOutput>
|
||||||
|
</ProjectOutputs>
|
||||||
|
<ContentFiles />
|
||||||
|
<SatelliteDlls />
|
||||||
|
<NonRecipeFileRefs />
|
||||||
|
</Project>
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -0,0 +1,2 @@
|
|||||||
|
D:\EACLOG\X64\RELEASE\VMHOOK-EAC.SYS|637605507578183380
|
||||||
|
D:\VMHOOK-EAC\X64\RELEASE\VMHOOK-EAC.SYS|637605525713265269
|
Binary file not shown.
@ -0,0 +1,2 @@
|
|||||||
|
PlatformToolSet=WindowsKernelModeDriver10.0:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30037:TargetPlatformVersion=10.0.19041.0:
|
||||||
|
Release|x64|D:\vmhook-eac\|
|
@ -0,0 +1 @@
|
|||||||
|
D:\vmhook-eac\x64\Release\vmhook-eac.sys
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Loading…
Reference in new issue