fixed signatures

4 years ago · bf3ce4d9b0
parent 028ca3eeb6
commit bf3ce4d9b0
6 changed files with 18 additions and 12 deletions
--- a/Voyager/PayLoad
+++ b/Voyager/PayLoad
@ -5,7 +5,7 @@
 #include <ntstatus.h>
 #include <basetsd.h>

-#define WINVER 2004
+#define WINVER 1511
 #define VMEXIT_KEY 0xDEADBEEFDEADBEEF

 #define PORT_NUM 0x2F8
--- a/Voyager/Voyager/HvLoader.c
+++ b/Voyager/Voyager/HvLoader.c
@ -168,7 +168,7 @@ EFI_STATUS EFIAPI HvBlImgLoadPEImageEx
 					PayLoadSize()
 				);

-				VOID* VmExitFunction = HookVmExit
+				HookVmExit
 				(
 					VoyagerData.HypervModuleBase,
 					VoyagerData.HypervModuleSize,
@ -199,8 +199,9 @@ UINT64 EFIAPI HvBlImgAllocateImageBuffer
 	UINT32 flags
 )
 {
-	if (imageSize == HV_ALLOC_SIZE && !HvExtendedAllocation)
+	if (imageSize >= HV_ALLOC_SIZE && !HvExtendedAllocation)
 	{
+		DBG_PRINT("extending hyper-v allocation...\n");
 		HvExtendedAllocation = TRUE;
 		imageSize += PayLoadSize();

--- a/Voyager/Voyager/HvLoader.h
+++ b/Voyager/Voyager/HvLoader.h
@ -2,8 +2,8 @@
 #include "PayLoad.h"
 #include "Hv.h"

-#define HV_ALLOCATE_IMAGE_BUFFER_SIG "\xE8\x00\x00\x00\x00\x8B\xD8\x85\xC0\x78\x7C\x21\x7C\x24\x00\x45\x33\xC0"
-#define HV_ALLOCATE_IMAGE_BUFFER_MASK "x????xxxxxxxxx?xxx"
+#define HV_ALLOCATE_IMAGE_BUFFER_SIG "\xE8\x00\x00\x00\x00\x8B\xF8\x85\xC0\x79\x0A"
+#define HV_ALLOCATE_IMAGE_BUFFER_MASK "x????xxxxxx"

 #define HV_LOAD_PE_IMG_SIG "\x48\x89\x44\x24\x00\xE8\x00\x00\x00\x00\x44\x8B\xF0\x85\xC0\x0F\x88"
 #define HV_LOAD_PE_IMG_MASK "xxxx?x????xxxxxxx"
--- a/Voyager/Voyager/ShitHook.c
+++ b/Voyager/Voyager/ShitHook.c
@ -2,9 +2,6 @@

 VOID MakeShitHook(PSHITHOOK Hook, VOID* HookFrom, VOID* HookTo, BOOLEAN Install)
 {
-	if (!Hook || !HookFrom || !HookTo)
-		return;
-
 	unsigned char JmpCode[14] =
 	{
 		0xff, 0x25, 0x0, 0x0, 0x0, 0x0,		// jmp    QWORD PTR[rip + 0x0]
--- a/Voyager/Voyager/Utils.h
+++ b/Voyager/Voyager/Utils.h
@ -1,7 +1,7 @@
 #pragma once
 #include "ShitHook.h"

-#define WINVER 2004
+#define WINVER 1511
 #define PORT_NUM 0x2F8
 #define BL_MEMORY_ATTRIBUTE_RWX 0x424000
 #define SEC_TO_MS(seconds) seconds * 1000000
--- a/Voyager/Voyager/WinLoad.c
+++ b/Voyager/Voyager/WinLoad.c
@ -151,8 +151,13 @@ EFI_STATUS EFIAPI BlImgLoadPEImageEx
 	if (!InstalledHvLoaderHook)
 		EnableShitHook(&WinLoadImageShitHook);

+	CHAR8 ModuleName[0x100];
+	UnicodeStrToAsciiStr(ImagePath, ModuleName);
+	DBG_PRINT("module loading -> %s\n", ModuleName);
+
 	if (StrStr(ImagePath, L"hvloader.efi"))
 	{
+		DBG_PRINT("hvloader loaded into memory...\n");
 		VOID* LoadImage =
 			FindPattern(
 				*ImageBasePtr,
@ -169,10 +174,13 @@ EFI_STATUS EFIAPI BlImgLoadPEImageEx
 				HV_ALLOCATE_IMAGE_BUFFER_MASK
 			);

+		DBG_PRINT("LoadImage -> 0x%p\n", LoadImage);
+		DBG_PRINT("AllocImage -> 0x%p\n", AllocImage);
+
 #if WINVER == 1703
-		MakeShitHook(&HvLoadImageBufferHook, RESOLVE_RVA(LoadImage, 5, 1), &HvBlImgLoadPEImageFromSourceBuffer, TRUE);
-#elif WINVER <= 1607 // 1511 is the same...
-		MakeShitHook(&HvLoadImageHook, RESOLVE_RVA(LoadImage, 5, 1), &HvBlImgLoadPEImageEx, TRUE);
+		MakeShitHook(&HvLoadImageBufferHook, RESOLVE_RVA(LoadImage, 10, 6), &HvBlImgLoadPEImageFromSourceBuffer, TRUE);
+#elif WINVER <= 1607 
+		MakeShitHook(&HvLoadImageHook, RESOLVE_RVA(LoadImage, 10, 6), &HvBlImgLoadPEImageEx, TRUE);
 #endif

 		MakeShitHook(&HvLoadAllocImageHook, RESOLVE_RVA(AllocImage, 5, 1), &HvBlImgAllocateImageBuffer, TRUE);