From 1d7b85ce19d9061ede3cff35bf1bd92039391677 Mon Sep 17 00:00:00 2001 From: TomSie Date: Mon, 14 Jun 2021 14:39:03 +0200 Subject: [PATCH] fixing bug in relocation that prevented e.g. the use of AuxKlibInitialize --- .gitignore | 5 +++++ HMDM-MSREXEC/hmdm_ctx.cpp | 6 +++--- HMDM-MSREXEC/hmdm_ctx.h | 2 +- HMDM-VDM/hmdm_ctx.cpp | 6 +++--- HMDM-VDM/hmdm_ctx.h | 2 +- 5 files changed, 13 insertions(+), 8 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1826d00 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +.vs/ +drv_example/x64/ +HMDM-MSREXEC/x64/ +HMDM-VDM/x64/ +x64/ diff --git a/HMDM-MSREXEC/hmdm_ctx.cpp b/HMDM-MSREXEC/hmdm_ctx.cpp index aec59cc..201f172 100644 --- a/HMDM-MSREXEC/hmdm_ctx.cpp +++ b/HMDM-MSREXEC/hmdm_ctx.cpp @@ -54,7 +54,7 @@ namespace drv return { {}, {} }; resolve_imports(image_mapped); - fix_relocs(image_mapped); + fix_relocs(image_mapped, alloc_base); if (zero_headers) { @@ -83,7 +83,7 @@ namespace drv }; } - auto hmdm_ctx::fix_relocs(drv_buffer_t& drv_buffer) const -> void + auto hmdm_ctx::fix_relocs(drv_buffer_t& drv_buffer, uint8_t* alloc_base) const -> void { const auto dos_header = reinterpret_cast(drv_buffer.data()); @@ -128,7 +128,7 @@ namespace drv const auto rva = reinterpret_cast(reloc_base + offset); *rva = reinterpret_cast( - drv_buffer.data() + (*rva - nt_header->OptionalHeader.ImageBase)); + alloc_base + (*rva - nt_header->OptionalHeader.ImageBase)); break; } default: diff --git a/HMDM-MSREXEC/hmdm_ctx.h b/HMDM-MSREXEC/hmdm_ctx.h index db0e703..c2ea269 100644 --- a/HMDM-MSREXEC/hmdm_ctx.h +++ b/HMDM-MSREXEC/hmdm_ctx.h @@ -25,6 +25,6 @@ namespace drv const kmemcpy_t kmemcpy; private: auto resolve_imports(drv_buffer_t& drv_buffer) const -> void; - auto fix_relocs(drv_buffer_t& drv_buffer) const -> void; + auto fix_relocs(drv_buffer_t& drv_buffer, uint8_t* alloc_base) const -> void; }; } \ No newline at end of file diff --git a/HMDM-VDM/hmdm_ctx.cpp b/HMDM-VDM/hmdm_ctx.cpp index aec59cc..201f172 100644 --- a/HMDM-VDM/hmdm_ctx.cpp +++ b/HMDM-VDM/hmdm_ctx.cpp @@ -54,7 +54,7 @@ namespace drv return { {}, {} }; resolve_imports(image_mapped); - fix_relocs(image_mapped); + fix_relocs(image_mapped, alloc_base); if (zero_headers) { @@ -83,7 +83,7 @@ namespace drv }; } - auto hmdm_ctx::fix_relocs(drv_buffer_t& drv_buffer) const -> void + auto hmdm_ctx::fix_relocs(drv_buffer_t& drv_buffer, uint8_t* alloc_base) const -> void { const auto dos_header = reinterpret_cast(drv_buffer.data()); @@ -128,7 +128,7 @@ namespace drv const auto rva = reinterpret_cast(reloc_base + offset); *rva = reinterpret_cast( - drv_buffer.data() + (*rva - nt_header->OptionalHeader.ImageBase)); + alloc_base + (*rva - nt_header->OptionalHeader.ImageBase)); break; } default: diff --git a/HMDM-VDM/hmdm_ctx.h b/HMDM-VDM/hmdm_ctx.h index 8e4760c..0540120 100644 --- a/HMDM-VDM/hmdm_ctx.h +++ b/HMDM-VDM/hmdm_ctx.h @@ -25,6 +25,6 @@ namespace drv const kmemcpy_t kmemcpy; private: auto resolve_imports(drv_buffer_t& drv_buffer) const -> void; - auto fix_relocs(drv_buffer_t& drv_buffer) const -> void; + auto fix_relocs(drv_buffer_t& drv_buffer, uint8_t* alloc_base) const -> void; }; } \ No newline at end of file