diff --git a/Voyager/PayLoad (AMD)/types.h b/Voyager/PayLoad (AMD)/types.h index a63eb28..4ce790a 100644 --- a/Voyager/PayLoad (AMD)/types.h +++ b/Voyager/PayLoad (AMD)/types.h @@ -5,7 +5,7 @@ #include #include -#define WINVER 2004 +#define WINVER 1511 #define VMEXIT_KEY 0xDEADBEEFDEADBEEF #define PORT_NUM 0x2F8 diff --git a/Voyager/Voyager/HvLoader.c b/Voyager/Voyager/HvLoader.c index ba647ab..3686fb8 100644 --- a/Voyager/Voyager/HvLoader.c +++ b/Voyager/Voyager/HvLoader.c @@ -168,7 +168,7 @@ EFI_STATUS EFIAPI HvBlImgLoadPEImageEx PayLoadSize() ); - VOID* VmExitFunction = HookVmExit + HookVmExit ( VoyagerData.HypervModuleBase, VoyagerData.HypervModuleSize, @@ -199,8 +199,9 @@ UINT64 EFIAPI HvBlImgAllocateImageBuffer UINT32 flags ) { - if (imageSize == HV_ALLOC_SIZE && !HvExtendedAllocation) + if (imageSize >= HV_ALLOC_SIZE && !HvExtendedAllocation) { + DBG_PRINT("extending hyper-v allocation...\n"); HvExtendedAllocation = TRUE; imageSize += PayLoadSize(); diff --git a/Voyager/Voyager/HvLoader.h b/Voyager/Voyager/HvLoader.h index eef9628..441475e 100644 --- a/Voyager/Voyager/HvLoader.h +++ b/Voyager/Voyager/HvLoader.h @@ -2,8 +2,8 @@ #include "PayLoad.h" #include "Hv.h" -#define HV_ALLOCATE_IMAGE_BUFFER_SIG "\xE8\x00\x00\x00\x00\x8B\xD8\x85\xC0\x78\x7C\x21\x7C\x24\x00\x45\x33\xC0" -#define HV_ALLOCATE_IMAGE_BUFFER_MASK "x????xxxxxxxxx?xxx" +#define HV_ALLOCATE_IMAGE_BUFFER_SIG "\xE8\x00\x00\x00\x00\x8B\xF8\x85\xC0\x79\x0A" +#define HV_ALLOCATE_IMAGE_BUFFER_MASK "x????xxxxxx" #define HV_LOAD_PE_IMG_SIG "\x48\x89\x44\x24\x00\xE8\x00\x00\x00\x00\x44\x8B\xF0\x85\xC0\x0F\x88" #define HV_LOAD_PE_IMG_MASK "xxxx?x????xxxxxxx" diff --git a/Voyager/Voyager/ShitHook.c b/Voyager/Voyager/ShitHook.c index e76bd2e..5b3546b 100644 --- a/Voyager/Voyager/ShitHook.c +++ b/Voyager/Voyager/ShitHook.c @@ -2,9 +2,6 @@ VOID MakeShitHook(PSHITHOOK Hook, VOID* HookFrom, VOID* HookTo, BOOLEAN Install) { - if (!Hook || !HookFrom || !HookTo) - return; - unsigned char JmpCode[14] = { 0xff, 0x25, 0x0, 0x0, 0x0, 0x0, // jmp QWORD PTR[rip + 0x0] diff --git a/Voyager/Voyager/Utils.h b/Voyager/Voyager/Utils.h index f916bca..ef51a28 100644 --- a/Voyager/Voyager/Utils.h +++ b/Voyager/Voyager/Utils.h @@ -1,7 +1,7 @@ #pragma once #include "ShitHook.h" -#define WINVER 2004 +#define WINVER 1511 #define PORT_NUM 0x2F8 #define BL_MEMORY_ATTRIBUTE_RWX 0x424000 #define SEC_TO_MS(seconds) seconds * 1000000 diff --git a/Voyager/Voyager/WinLoad.c b/Voyager/Voyager/WinLoad.c index 3a75871..28da476 100644 --- a/Voyager/Voyager/WinLoad.c +++ b/Voyager/Voyager/WinLoad.c @@ -151,8 +151,13 @@ EFI_STATUS EFIAPI BlImgLoadPEImageEx if (!InstalledHvLoaderHook) EnableShitHook(&WinLoadImageShitHook); + CHAR8 ModuleName[0x100]; + UnicodeStrToAsciiStr(ImagePath, ModuleName); + DBG_PRINT("module loading -> %s\n", ModuleName); + if (StrStr(ImagePath, L"hvloader.efi")) { + DBG_PRINT("hvloader loaded into memory...\n"); VOID* LoadImage = FindPattern( *ImageBasePtr, @@ -169,10 +174,13 @@ EFI_STATUS EFIAPI BlImgLoadPEImageEx HV_ALLOCATE_IMAGE_BUFFER_MASK ); + DBG_PRINT("LoadImage -> 0x%p\n", LoadImage); + DBG_PRINT("AllocImage -> 0x%p\n", AllocImage); + #if WINVER == 1703 - MakeShitHook(&HvLoadImageBufferHook, RESOLVE_RVA(LoadImage, 5, 1), &HvBlImgLoadPEImageFromSourceBuffer, TRUE); -#elif WINVER <= 1607 // 1511 is the same... - MakeShitHook(&HvLoadImageHook, RESOLVE_RVA(LoadImage, 5, 1), &HvBlImgLoadPEImageEx, TRUE); + MakeShitHook(&HvLoadImageBufferHook, RESOLVE_RVA(LoadImage, 10, 6), &HvBlImgLoadPEImageFromSourceBuffer, TRUE); +#elif WINVER <= 1607 + MakeShitHook(&HvLoadImageHook, RESOLVE_RVA(LoadImage, 10, 6), &HvBlImgLoadPEImageEx, TRUE); #endif MakeShitHook(&HvLoadAllocImageHook, RESOLVE_RVA(AllocImage, 5, 1), &HvBlImgAllocateImageBuffer, TRUE);