diff --git a/Voyager/PayLoad (Intel)/types.h b/Voyager/PayLoad (Intel)/types.h index c58b467..e08e4f9 100644 --- a/Voyager/PayLoad (Intel)/types.h +++ b/Voyager/PayLoad (Intel)/types.h @@ -4,7 +4,7 @@ #include #define PORT_NUM 0x2F8 -#define WINVER 1703 +#define WINVER 1511 #define DBG_PRINT(arg) \ __outbytestring(PORT_NUM, (unsigned char*)arg, sizeof arg); diff --git a/Voyager/Voyager/HvLoader.c b/Voyager/Voyager/HvLoader.c index 3686fb8..f0fcd06 100644 --- a/Voyager/Voyager/HvLoader.c +++ b/Voyager/Voyager/HvLoader.c @@ -201,7 +201,6 @@ UINT64 EFIAPI HvBlImgAllocateImageBuffer { if (imageSize >= HV_ALLOC_SIZE && !HvExtendedAllocation) { - DBG_PRINT("extending hyper-v allocation...\n"); HvExtendedAllocation = TRUE; imageSize += PayLoadSize(); diff --git a/Voyager/Voyager/HvLoader.h b/Voyager/Voyager/HvLoader.h index 441475e..8534444 100644 --- a/Voyager/Voyager/HvLoader.h +++ b/Voyager/Voyager/HvLoader.h @@ -4,12 +4,16 @@ #define HV_ALLOCATE_IMAGE_BUFFER_SIG "\xE8\x00\x00\x00\x00\x8B\xF8\x85\xC0\x79\x0A" #define HV_ALLOCATE_IMAGE_BUFFER_MASK "x????xxxxxx" +static_assert(sizeof(HV_ALLOCATE_IMAGE_BUFFER_SIG) == sizeof(HV_ALLOCATE_IMAGE_BUFFER_MASK), "signature and mask do not match size!"); -#define HV_LOAD_PE_IMG_SIG "\x48\x89\x44\x24\x00\xE8\x00\x00\x00\x00\x44\x8B\xF0\x85\xC0\x0F\x88" -#define HV_LOAD_PE_IMG_MASK "xxxx?x????xxxxxxx" +#define HV_LOAD_PE_IMG_FROM_BUFFER_SIG "\xE8\x00\x00\x00\x00\x44\x8B\xAD" +#define HV_LOAD_PE_IMG_FROM_BUFFER_MASK "x????xxx" +static_assert(sizeof(HV_LOAD_PE_IMG_FROM_BUFFER_SIG) == sizeof(HV_LOAD_PE_IMG_FROM_BUFFER_MASK), "signature and mask do not match size!"); +#define HV_LOAD_PE_IMG_SIG "\x48\x89\x44\x24\x00\xE8\x00\x00\x00\x00\x44\x8B\xF0\x85\xC0\x0F\x88\x00\x00\x00\x00\x4C\x8D\x45" +#define HV_LOAD_PE_IMG_MASK "xxxx?x????xxxxxxx????xxx" static_assert(sizeof(HV_LOAD_PE_IMG_SIG) == sizeof(HV_LOAD_PE_IMG_MASK), "signature and mask do not match size..."); -static_assert(sizeof(HV_ALLOCATE_IMAGE_BUFFER_SIG) == sizeof(HV_ALLOCATE_IMAGE_BUFFER_MASK), "signature and mask do not match size!"); + typedef EFI_STATUS(EFIAPI* ALLOCATE_IMAGE_BUFFER)(VOID** imageBuffer, UINTN imageSize, UINT32 memoryType, UINT32 attributes, VOID* unused, UINT32 flags); diff --git a/Voyager/Voyager/WinLoad.c b/Voyager/Voyager/WinLoad.c index 28da476..2cfc743 100644 --- a/Voyager/Voyager/WinLoad.c +++ b/Voyager/Voyager/WinLoad.c @@ -151,13 +151,18 @@ EFI_STATUS EFIAPI BlImgLoadPEImageEx if (!InstalledHvLoaderHook) EnableShitHook(&WinLoadImageShitHook); - CHAR8 ModuleName[0x100]; - UnicodeStrToAsciiStr(ImagePath, ModuleName); - DBG_PRINT("module loading -> %s\n", ModuleName); - if (StrStr(ImagePath, L"hvloader.efi")) { - DBG_PRINT("hvloader loaded into memory...\n"); +#if WINVER == 1703 + VOID* LoadImage = + FindPattern( + *ImageBasePtr, + *ImageSize, + HV_LOAD_PE_IMG_FROM_BUFFER_SIG, + HV_LOAD_PE_IMG_FROM_BUFFER_MASK + ); + +#elif WINVER <= 1607 VOID* LoadImage = FindPattern( *ImageBasePtr, @@ -165,6 +170,7 @@ EFI_STATUS EFIAPI BlImgLoadPEImageEx HV_LOAD_PE_IMG_SIG, HV_LOAD_PE_IMG_MASK ); +#endif VOID* AllocImage = FindPattern( @@ -174,11 +180,8 @@ EFI_STATUS EFIAPI BlImgLoadPEImageEx HV_ALLOCATE_IMAGE_BUFFER_MASK ); - DBG_PRINT("LoadImage -> 0x%p\n", LoadImage); - DBG_PRINT("AllocImage -> 0x%p\n", AllocImage); - #if WINVER == 1703 - MakeShitHook(&HvLoadImageBufferHook, RESOLVE_RVA(LoadImage, 10, 6), &HvBlImgLoadPEImageFromSourceBuffer, TRUE); + MakeShitHook(&HvLoadImageBufferHook, RESOLVE_RVA(LoadImage, 5, 1), &HvBlImgLoadPEImageFromSourceBuffer, TRUE); #elif WINVER <= 1607 MakeShitHook(&HvLoadImageHook, RESOLVE_RVA(LoadImage, 10, 6), &HvBlImgLoadPEImageEx, TRUE); #endif diff --git a/Voyager/Voyager/WinLoad.h b/Voyager/Voyager/WinLoad.h index d11ea30..2bdb695 100644 --- a/Voyager/Voyager/WinLoad.h +++ b/Voyager/Voyager/WinLoad.h @@ -13,7 +13,7 @@ extern SHITHOOK WinLoadAllocateImageHook; // for 1703-1511, we are going to want to hook BlImgAllocateImageBuffer inside of hvloader.efi // not winload. We will have to scan for BlImgLoadPEImageEx in winload and then wait for hvloader // to be loaded to install hooks in hvloader... -#define LOAD_PE_IMG_SIG "\x48\x89\x44\x24\x00\xE8\x00\x00\x00\x00\x44\x8B\xF0\x85\xC0\x0F\x88" +#define LOAD_PE_IMG_SIG "\x48\x89\x44\x24\x00\xE8\x00\x00\x00\x00\x44\x8B\xF0\x85\xC0\x79\x11" #define LOAD_PE_IMG_MASK "xxxx?x????xxxxxxx" static_assert(sizeof(ALLOCATE_IMAGE_BUFFER_SIG) == sizeof(ALLOCATE_IMAGE_BUFFER_MASK), "signature and mask do not match size!");