xerox
4 years ago
parent
1610415b07
commit
f0f34030ca
@ -0,0 +1,161 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup Label="ProjectConfigurations">
|
||||
<ProjectConfiguration Include="Debug|Win32">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|Win32">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Debug|x64">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|x64">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
</ItemGroup>
|
||||
<PropertyGroup Label="Globals">
|
||||
<VCProjectVersion>16.0</VCProjectVersion>
|
||||
<Keyword>Win32Proj</Keyword>
|
||||
<ProjectGuid>{ee860038-e3dd-4329-8d44-df8b9ecbe420}</ProjectGuid>
|
||||
<RootNamespace>EfiBundler</RootNamespace>
|
||||
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||
<ImportGroup Label="ExtensionSettings">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="Shared">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<PropertyGroup Label="UserMacros" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<LanguageStandard>stdcpp17</LanguageStandard>
|
||||
<BufferSecurityCheck>false</BufferSecurityCheck>
|
||||
<ControlFlowGuard>false</ControlFlowGuard>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<LanguageStandard>stdcpp17</LanguageStandard>
|
||||
<BufferSecurityCheck>false</BufferSecurityCheck>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<ControlFlowGuard>false</ControlFlowGuard>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="bundler.cpp" />
|
||||
<ClCompile Include="main.cpp" />
|
||||
<ClCompile Include="shellcode.cpp" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="bundler.h" />
|
||||
<ClInclude Include="shellcode.h" />
|
||||
<ClInclude Include="utils.h" />
|
||||
</ItemGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||
<ImportGroup Label="ExtensionTargets">
|
||||
</ImportGroup>
|
||||
</Project>
|
||||
@ -0,0 +1,35 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup>
|
||||
<Filter Include="Source Files">
|
||||
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
||||
<Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Header Files">
|
||||
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
||||
<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
|
||||
</Filter>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="utils.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="shellcode.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="bundler.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="main.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="shellcode.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="bundler.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
@ -0,0 +1,11 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<LocalDebuggerCommandArguments>C:\Users\xerox\Desktop\bootmgfw.efi C:\Users\xerox\Desktop\voyager.efi</LocalDebuggerCommandArguments>
|
||||
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<LocalDebuggerCommandArguments>C:\Users\xerox\Desktop\bootmgfw.efi C:\Users\xerox\Desktop\voyager.efi</LocalDebuggerCommandArguments>
|
||||
<DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
|
||||
</PropertyGroup>
|
||||
</Project>
|
||||
@ -0,0 +1,92 @@
|
||||
#include "bundler.h"
|
||||
|
||||
namespace bundler
|
||||
{
|
||||
std::pair<std::uint32_t, std::uint32_t> add_section(std::vector<std::uint8_t>& image, const char* name, std::size_t size, std::uint32_t protect)
|
||||
{
|
||||
auto align = [](std::uint32_t size, std::uint32_t align, std::uint32_t addr) -> std::uint32_t
|
||||
{
|
||||
if (!(size % align))
|
||||
return addr + size;
|
||||
return addr + (size / align + 1) * align;
|
||||
};
|
||||
|
||||
auto section_header = reinterpret_cast<PIMAGE_SECTION_HEADER>(
|
||||
((UINT64)&NT_HEADER(image.data())->OptionalHeader) +
|
||||
NT_HEADER(image.data())->FileHeader.SizeOfOptionalHeader);
|
||||
|
||||
auto new_section = §ion_header[NT_HEADER(image.data())->FileHeader.NumberOfSections];
|
||||
memset(new_section, NULL, sizeof(IMAGE_SECTION_HEADER));
|
||||
memcpy(new_section->Name, name, 8);
|
||||
|
||||
new_section->Characteristics = protect;
|
||||
section_header[NT_HEADER(image.data())->FileHeader.NumberOfSections].Misc.VirtualSize =
|
||||
align(size, NT_HEADER(image.data())->OptionalHeader.SectionAlignment, NULL);
|
||||
|
||||
new_section->VirtualAddress = align(section_header[
|
||||
NT_HEADER(image.data())->FileHeader.NumberOfSections - 1].Misc.VirtualSize,
|
||||
NT_HEADER(image.data())->OptionalHeader.SectionAlignment, section_header[
|
||||
NT_HEADER(image.data())->FileHeader.NumberOfSections - 1].VirtualAddress);
|
||||
|
||||
new_section->SizeOfRawData =
|
||||
align(size, NT_HEADER(image.data())->OptionalHeader.FileAlignment, 0);
|
||||
|
||||
new_section->PointerToRawData =
|
||||
align(section_header[NT_HEADER(image.data())->FileHeader.NumberOfSections - 1].SizeOfRawData,
|
||||
NT_HEADER(image.data())->OptionalHeader.FileAlignment, section_header[NT_HEADER(image.data())->
|
||||
FileHeader.NumberOfSections - 1].PointerToRawData);
|
||||
|
||||
NT_HEADER(image.data())->OptionalHeader.SizeOfImage = section_header[
|
||||
NT_HEADER(image.data())->FileHeader.NumberOfSections].VirtualAddress +
|
||||
section_header[NT_HEADER(image.data())->FileHeader.NumberOfSections].Misc.VirtualSize;
|
||||
|
||||
++NT_HEADER(image.data())->FileHeader.NumberOfSections;
|
||||
auto raw_data_rva = new_section->PointerToRawData;
|
||||
auto virt_data_rva = new_section->VirtualAddress;
|
||||
auto raw_data_size = new_section->SizeOfRawData;
|
||||
|
||||
image.resize(raw_data_rva + raw_data_size);
|
||||
memset(image.data() + raw_data_rva, NULL, raw_data_size);
|
||||
return { raw_data_rva, virt_data_rva };
|
||||
}
|
||||
|
||||
// module_base is .efi section base in this case...
|
||||
std::uint32_t map_module(std::uint8_t* module_base, std::vector<std::uint8_t>& map_from)
|
||||
{
|
||||
// copy nt headers...
|
||||
memcpy(module_base, map_from.data(), NT_HEADER(map_from.data())->OptionalHeader.SizeOfHeaders);
|
||||
auto sections = reinterpret_cast<PIMAGE_SECTION_HEADER>(
|
||||
(UINT8*)&NT_HEADER(map_from.data())->OptionalHeader +
|
||||
NT_HEADER(map_from.data())->FileHeader.SizeOfOptionalHeader);
|
||||
|
||||
// copy sections...
|
||||
for (auto i = 0u; i < NT_HEADER(map_from.data())->FileHeader.NumberOfSections; ++i)
|
||||
{
|
||||
auto section = §ions[i];
|
||||
memcpy(module_base + section->VirtualAddress, map_from.data() + section->PointerToRawData, section->SizeOfRawData);
|
||||
}
|
||||
|
||||
return NT_HEADER(map_from.data())->OptionalHeader.AddressOfEntryPoint;
|
||||
}
|
||||
|
||||
void bundle(std::vector<std::uint8_t>& bundle_into, std::vector<std::uint8_t>& bundle_module)
|
||||
{
|
||||
auto [trp_section_disk, trp_section_virt] = add_section(bundle_into, ".trp", sizeof shellcode::stub, SECTION_RWX);
|
||||
auto [mod_section_disk, mod_section_virt] = add_section(bundle_into, ".efi", bundle_module.size(), SECTION_RWX);
|
||||
bundler::map_module(bundle_into.data() + mod_section_disk, bundle_module);
|
||||
|
||||
std::printf("[+] added .trp section at rva -> 0x%x, size -> 0x%x\n", trp_section_virt, sizeof shellcode::stub);
|
||||
std::printf("[+] added .efi section at rva -> 0x%x, size -> 0x%x\n", mod_section_virt, bundle_module.size());
|
||||
|
||||
// setup stub shellcode...
|
||||
*reinterpret_cast<std::int32_t*>(&shellcode::stub[25]) = mod_section_virt - trp_section_virt;
|
||||
*reinterpret_cast<std::int32_t*>(&shellcode::stub[45]) = trp_section_virt;
|
||||
*reinterpret_cast<std::int32_t*>(&shellcode::stub[75]) = NT_HEADER(bundle_into.data())->OptionalHeader.AddressOfEntryPoint;
|
||||
memcpy(bundle_into.data() + trp_section_disk, shellcode::stub, sizeof shellcode::stub);
|
||||
std::printf("[+] added stub code to .trp section...\n");
|
||||
|
||||
// set entry point to .trp section...
|
||||
NT_HEADER(bundle_into.data())->OptionalHeader.AddressOfEntryPoint = trp_section_virt;
|
||||
std::printf("[+] changed base modules entry point to -> (.trp section base) 0x%x\n", trp_section_virt);
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,15 @@
|
||||
#pragma once
|
||||
#include "shellcode.h"
|
||||
#define SECTION_RWX ((IMAGE_SCN_MEM_WRITE | \
|
||||
IMAGE_SCN_CNT_CODE | \
|
||||
IMAGE_SCN_CNT_UNINITIALIZED_DATA | \
|
||||
IMAGE_SCN_MEM_EXECUTE | \
|
||||
IMAGE_SCN_CNT_INITIALIZED_DATA | \
|
||||
IMAGE_SCN_MEM_READ))
|
||||
|
||||
namespace bundler
|
||||
{
|
||||
std::pair<std::uint32_t, std::uint32_t> add_section(std::vector<std::uint8_t>& image, const char* name, std::size_t size, std::uint32_t protect);
|
||||
std::uint32_t map_module(std::uint8_t* module_base, std::vector<std::uint8_t>& map_from);
|
||||
void bundle(std::vector<std::uint8_t>& bundle_into, std::vector<std::uint8_t>& bundle_module);
|
||||
}
|
||||
@ -0,0 +1,38 @@
|
||||
#include "bundler.h"
|
||||
|
||||
int __cdecl main(int argc, char** argv)
|
||||
{
|
||||
if (argc < 2)
|
||||
{
|
||||
std::printf("[!] invalid amount of parameters\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
std::vector<std::uint8_t> efi_module;
|
||||
std::vector<std::uint8_t> bootmgfw;
|
||||
|
||||
impl::open_binary_file(argv[1], bootmgfw);
|
||||
impl::open_binary_file(argv[2], efi_module);
|
||||
|
||||
if (efi_module.empty() || bootmgfw.empty())
|
||||
{
|
||||
std::printf("[!] unable to load efi module(s)...\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
efi_module.resize(NT_HEADER(efi_module.data())->OptionalHeader.SizeOfImage);
|
||||
std::printf("bundling efi module, size -> 0x%x\n",
|
||||
NT_HEADER(efi_module.data())->OptionalHeader.SizeOfImage);
|
||||
|
||||
bootmgfw.resize(NT_HEADER(bootmgfw.data())->OptionalHeader.SizeOfImage);
|
||||
std::printf("bundling module into bootmgfw, size before patch -> 0x%x\n",
|
||||
NT_HEADER(bootmgfw.data())->OptionalHeader.SizeOfImage);
|
||||
|
||||
bundler::bundle(bootmgfw, efi_module);
|
||||
std::ofstream new_file("result.efi", std::ios::binary);
|
||||
new_file.write((char*)bootmgfw.data(), bootmgfw.size());
|
||||
new_file.close();
|
||||
|
||||
std::printf("bundled modules together....\n");
|
||||
std::getchar();
|
||||
}
|
||||
@ -0,0 +1,55 @@
|
||||
#include "shellcode.h"
|
||||
|
||||
namespace shellcode
|
||||
{
|
||||
void* entry_stub(void* a, void* b)
|
||||
{
|
||||
// 0xDEADBEEF is replaced at runtime...
|
||||
auto module_base = reinterpret_cast<std::uintptr_t>(&entry_stub) + 0xDEADBEEF;
|
||||
auto bootmgfw_base = reinterpret_cast<std::uintptr_t>(&entry_stub) - 0xDEADBEEF;
|
||||
NT_HEADER(bootmgfw_base)->OptionalHeader.AddressOfEntryPoint = 0xDEADBEEF;
|
||||
|
||||
// fix relocs of the module in .efi section...
|
||||
auto base_reloc_dir = &NT_HEADER(module_base)->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC];
|
||||
if (base_reloc_dir->VirtualAddress)
|
||||
{
|
||||
auto reloc = reinterpret_cast<PIMAGE_BASE_RELOCATION>(module_base + base_reloc_dir->VirtualAddress);
|
||||
for (auto current_size = 0u; current_size < base_reloc_dir->Size; )
|
||||
{
|
||||
auto reloc_count = (reloc->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(UINT16);
|
||||
auto reloc_data = reinterpret_cast<std::uint16_t*>((UINT8*)reloc + sizeof(IMAGE_BASE_RELOCATION));
|
||||
auto reloc_base = reinterpret_cast<std::uint8_t*>(module_base) + reloc->VirtualAddress;
|
||||
|
||||
for (auto i = 0u; i < reloc_count; ++i, ++reloc_data)
|
||||
{
|
||||
std::uint16_t data = *reloc_data;
|
||||
std::uint16_t type = data >> 12;
|
||||
std::uint16_t offset = data & 0xFFF;
|
||||
|
||||
switch (type)
|
||||
{
|
||||
case IMAGE_REL_BASED_DIR64:
|
||||
{
|
||||
auto rva = reinterpret_cast<std::uintptr_t*>(reloc_base + offset);
|
||||
*rva = module_base + (*rva - NT_HEADER(module_base)->OptionalHeader.ImageBase);
|
||||
break;
|
||||
}
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
current_size += reloc->SizeOfBlock;
|
||||
reloc = reinterpret_cast<PIMAGE_BASE_RELOCATION>(reloc_data);
|
||||
}
|
||||
}
|
||||
|
||||
// call our entry...
|
||||
reinterpret_cast<void(__fastcall*)(void*, void*)>(
|
||||
module_base + NT_HEADER(module_base)->OptionalHeader.AddressOfEntryPoint)(a, b);
|
||||
|
||||
// call the original entry...
|
||||
return reinterpret_cast<void* (__fastcall*)(void*, void*)>(
|
||||
bootmgfw_base + NT_HEADER(bootmgfw_base)->OptionalHeader.AddressOfEntryPoint)(a, b);
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,84 @@
|
||||
#pragma once
|
||||
#include <windows.h>
|
||||
#include <psapi.h>
|
||||
#include <tlhelp32.h>
|
||||
#include <filesystem>
|
||||
#include <string_view>
|
||||
#include <iterator>
|
||||
#include <fstream>
|
||||
#include <string>
|
||||
#include <map>
|
||||
#include <vector>
|
||||
#include <ntstatus.h>
|
||||
#include <winternl.h>
|
||||
#include <array>
|
||||
#include <algorithm>
|
||||
#include <string_view>
|
||||
|
||||
#define NT_HEADER(x) reinterpret_cast<PIMAGE_NT_HEADERS>( uint64_t(x) + reinterpret_cast<PIMAGE_DOS_HEADER>(x)->e_lfanew )
|
||||
namespace impl
|
||||
{
|
||||
using uq_handle = std::unique_ptr<void, decltype(&CloseHandle)>;
|
||||
|
||||
__forceinline uint32_t get_process_id(const std::wstring_view process_name)
|
||||
{
|
||||
// open a system snapshot of all loaded processes
|
||||
uq_handle snap_shot{ CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0), &CloseHandle };
|
||||
|
||||
if (snap_shot.get() == INVALID_HANDLE_VALUE)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
PROCESSENTRY32W process_entry{ sizeof(PROCESSENTRY32W) };
|
||||
|
||||
// enumerate through processes
|
||||
for (Process32FirstW(snap_shot.get(), &process_entry); Process32NextW(snap_shot.get(), &process_entry); )
|
||||
if (std::wcscmp(process_name.data(), process_entry.szExeFile) == 0)
|
||||
return process_entry.th32ProcessID;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
__forceinline void open_binary_file(const std::string& file, std::vector<uint8_t>& data)
|
||||
{
|
||||
std::ifstream fstr(file, std::ios::binary);
|
||||
fstr.unsetf(std::ios::skipws);
|
||||
fstr.seekg(0, std::ios::end);
|
||||
|
||||
const auto file_size = fstr.tellg();
|
||||
|
||||
fstr.seekg(NULL, std::ios::beg);
|
||||
data.reserve(static_cast<uint32_t>(file_size));
|
||||
data.insert(data.begin(), std::istream_iterator<uint8_t>(fstr), std::istream_iterator<uint8_t>());
|
||||
}
|
||||
|
||||
__forceinline bool enable_privilege(const std::wstring_view privilege_name)
|
||||
{
|
||||
HANDLE token_handle = nullptr;
|
||||
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &token_handle))
|
||||
{;
|
||||
return false;
|
||||
}
|
||||
|
||||
LUID luid{};
|
||||
if (!LookupPrivilegeValueW(nullptr, privilege_name.data(), &luid))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
TOKEN_PRIVILEGES token_state{};
|
||||
token_state.PrivilegeCount = 1;
|
||||
token_state.Privileges[0].Luid = luid;
|
||||
token_state.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
|
||||
if (!AdjustTokenPrivileges(token_handle, FALSE, &token_state, sizeof(TOKEN_PRIVILEGES), nullptr, nullptr))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
CloseHandle(token_handle);
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,32 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup>
|
||||
<Filter Include="Source Files">
|
||||
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
||||
<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Header Files">
|
||||
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
||||
<Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Driver Files">
|
||||
<UniqueIdentifier>{8E41214B-6785-4CFE-B992-037D68949A14}</UniqueIdentifier>
|
||||
<Extensions>inf;inv;inx;mof;mc;</Extensions>
|
||||
</Filter>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<Inf Include="PayLoad(AMD).inf">
|
||||
<Filter>Driver Files</Filter>
|
||||
</Inf>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="types.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="main.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
@ -0,0 +1,87 @@
|
||||
;
|
||||
; PayLoad(AMD).inf
|
||||
;
|
||||
|
||||
[Version]
|
||||
Signature="$WINDOWS NT$"
|
||||
Class=Sample ; TODO: edit Class
|
||||
ClassGuid={78A1C341-4539-11d3-B88D-00C04FAD5171} ; TODO: edit ClassGuid
|
||||
Provider=%ManufacturerName%
|
||||
CatalogFile=PayLoad(AMD).cat
|
||||
DriverVer= ; TODO: set DriverVer in stampinf property pages
|
||||
PnpLockDown=1
|
||||
|
||||
[DestinationDirs]
|
||||
DefaultDestDir = 12
|
||||
PayLoad(AMD)_Device_CoInstaller_CopyFiles = 11
|
||||
|
||||
; ================= Class section =====================
|
||||
|
||||
[ClassInstall32]
|
||||
Addreg=SampleClassReg
|
||||
|
||||
[SampleClassReg]
|
||||
HKR,,,0,%ClassName%
|
||||
HKR,,Icon,,-5
|
||||
|
||||
[SourceDisksNames]
|
||||
1 = %DiskName%,,,""
|
||||
|
||||
[SourceDisksFiles]
|
||||
PayLoad(AMD).sys = 1,,
|
||||
WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
|
||||
|
||||
;*****************************************
|
||||
; Install Section
|
||||
;*****************************************
|
||||
|
||||
[Manufacturer]
|
||||
%ManufacturerName%=Standard,NT$ARCH$
|
||||
|
||||
[Standard.NT$ARCH$]
|
||||
%PayLoad(AMD).DeviceDesc%=PayLoad(AMD)_Device, Root\PayLoad(AMD) ; TODO: edit hw-id
|
||||
|
||||
[PayLoad(AMD)_Device.NT]
|
||||
CopyFiles=Drivers_Dir
|
||||
|
||||
[Drivers_Dir]
|
||||
PayLoad(AMD).sys
|
||||
|
||||
;-------------- Service installation
|
||||
[PayLoad(AMD)_Device.NT.Services]
|
||||
AddService = PayLoad(AMD),%SPSVCINST_ASSOCSERVICE%, PayLoad(AMD)_Service_Inst
|
||||
|
||||
; -------------- PayLoad(AMD) driver install sections
|
||||
[PayLoad(AMD)_Service_Inst]
|
||||
DisplayName = %PayLoad(AMD).SVCDESC%
|
||||
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
|
||||
StartType = 3 ; SERVICE_DEMAND_START
|
||||
ErrorControl = 1 ; SERVICE_ERROR_NORMAL
|
||||
ServiceBinary = %12%\PayLoad(AMD).sys
|
||||
|
||||
;
|
||||
;--- PayLoad(AMD)_Device Coinstaller installation ------
|
||||
;
|
||||
|
||||
[PayLoad(AMD)_Device.NT.CoInstallers]
|
||||
AddReg=PayLoad(AMD)_Device_CoInstaller_AddReg
|
||||
CopyFiles=PayLoad(AMD)_Device_CoInstaller_CopyFiles
|
||||
|
||||
[PayLoad(AMD)_Device_CoInstaller_AddReg]
|
||||
HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
|
||||
|
||||
[PayLoad(AMD)_Device_CoInstaller_CopyFiles]
|
||||
WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
|
||||
|
||||
[PayLoad(AMD)_Device.NT.Wdf]
|
||||
KmdfService = PayLoad(AMD), PayLoad(AMD)_wdfsect
|
||||
[PayLoad(AMD)_wdfsect]
|
||||
KmdfLibraryVersion = $KMDFVERSION$
|
||||
|
||||
[Strings]
|
||||
SPSVCINST_ASSOCSERVICE= 0x00000002
|
||||
ManufacturerName="<Your manufacturer name>" ;TODO: Replace with your manufacturer name
|
||||
ClassName="Samples" ; TODO: edit ClassName
|
||||
DiskName = "PayLoad(AMD) Installation Disk"
|
||||
PayLoad(AMD).DeviceDesc = "PayLoad(AMD) Device"
|
||||
PayLoad(AMD).SVCDESC = "PayLoad(AMD) Service"
|
||||
@ -0,0 +1 @@
|
||||
#pragma once
|
||||
Loading…
Reference in new issue