commit eb59cbfb7c0eb98b6c451bd145eb04dad5b2b286 Author: _xeroxz Date: Tue Jun 29 01:40:27 2021 -0700 init commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..72de34f --- /dev/null +++ b/.gitignore @@ -0,0 +1,388 @@ +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. +## +## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore + +# User-specific files +*.rsuser +*.suo +*.user +*.userosscache +*.sln.docstates + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +# Mono auto generated files +mono_crash.* + +# Build results +[Dd]ebug/ +[Dd]ebugPublic/ +[Rr]elease/ +[Rr]eleases/ +x64/ +x86/ +[Ww][Ii][Nn]32/ +[Aa][Rr][Mm]/ +[Aa][Rr][Mm]64/ +bld/ +[Bb]in/ +[Oo]bj/ +[Ll]og/ +[Ll]ogs/ + +# Visual Studio 2015/2017 cache/options directory +.vs/ +# Uncomment if you have tasks that create the project's static files in wwwroot +#wwwroot/ + +# Visual Studio 2017 auto generated files +Generated\ Files/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +# NUnit +*.VisualState.xml +TestResult.xml +nunit-*.xml + +# Build Results of an ATL Project +[Dd]ebugPS/ +[Rr]eleasePS/ +dlldata.c + +# Benchmark Results +BenchmarkDotNet.Artifacts/ + +# .NET Core +project.lock.json +project.fragment.lock.json +artifacts/ + +# ASP.NET Scaffolding +ScaffoldingReadMe.txt + +# StyleCop +StyleCopReport.xml + +# Files built by Visual Studio +*_i.c +*_p.c +*_h.h +*.ilk +*.meta +*.obj +*.iobj +*.pch +*.pdb +*.ipdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*_wpftmp.csproj +*.log +*.tlog +*.vspscc +*.vssscc +.builds +*.pidb +*.svclog +*.scc + +# Chutzpah Test files +_Chutzpah* + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opendb +*.opensdf +*.sdf +*.cachefile +*.VC.db +*.VC.VC.opendb + +# Visual Studio profiler +*.psess +*.vsp +*.vspx +*.sap + +# Visual Studio Trace Files +*.e2e + +# TFS 2012 Local Workspace +$tf/ + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper +*.DotSettings.user + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# AxoCover is a Code Coverage Tool +.axoCover/* +!.axoCover/settings.json + +# Coverlet is a free, cross platform Code Coverage Tool +coverage*.json +coverage*.xml +coverage*.info + +# Visual Studio code coverage results +*.coverage +*.coveragexml + +# NCrunch +_NCrunch_* +.*crunch*.local.xml +nCrunchTemp_* + +# MightyMoose +*.mm.* +AutoTest.Net/ + +# Web workbench (sass) +.sass-cache/ + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.[Pp]ublish.xml +*.azurePubxml +# Note: Comment the next line if you want to checkin your web deploy settings, +# but database connection strings (with potential passwords) will be unencrypted +*.pubxml +*.publishproj + +# Microsoft Azure Web App publish settings. Comment the next line if you want to +# checkin your Azure Web App publish settings, but sensitive information contained +# in these scripts will be unencrypted +PublishScripts/ + +# NuGet Packages +*.nupkg +# NuGet Symbol Packages +*.snupkg +# The packages folder can be ignored because of Package Restore +**/[Pp]ackages/* +# except build/, which is used as an MSBuild target. +!**/[Pp]ackages/build/ +# Uncomment if necessary however generally it will be regenerated when needed +#!**/[Pp]ackages/repositories.config +# NuGet v3's project.json files produces more ignorable files +*.nuget.props +*.nuget.targets + +# Nuget personal access tokens and Credentials +nuget.config + +# Microsoft Azure Build Output +csx/ +*.build.csdef + +# Microsoft Azure Emulator +ecf/ +rcf/ + +# Windows Store app package directories and files +AppPackages/ +BundleArtifacts/ +Package.StoreAssociation.xml +_pkginfo.txt +*.appx +*.appxbundle +*.appxupload + +# Visual Studio cache files +# files ending in .cache can be ignored +*.[Cc]ache +# but keep track of directories ending in .cache +!?*.[Cc]ache/ + +# Others +ClientBin/ +~$* +*~ +*.dbmdl +*.dbproj.schemaview +*.jfm +*.pfx +*.publishsettings +orleans.codegen.cs + +# Including strong name files can present a security risk +# (https://github.com/github/gitignore/pull/2483#issue-259490424) +#*.snk + +# Since there are multiple workflows, uncomment next line to ignore bower_components +# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) +#bower_components/ + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm +ServiceFabricBackup/ +*.rptproj.bak + +# SQL Server files +*.mdf +*.ldf +*.ndf + +# Business Intelligence projects +*.rdl.data +*.bim.layout +*.bim_*.settings +*.rptproj.rsuser +*- [Bb]ackup.rdl +*- [Bb]ackup ([0-9]).rdl +*- [Bb]ackup ([0-9][0-9]).rdl + +# Microsoft Fakes +FakesAssemblies/ + +# GhostDoc plugin setting file +*.GhostDoc.xml + +# Node.js Tools for Visual Studio +.ntvs_analysis.dat +node_modules/ + +# Visual Studio 6 build log +*.plg + +# Visual Studio 6 workspace options file +*.opt + +# Visual Studio 6 auto-generated workspace file (contains which files were open etc.) +*.vbw + +# Visual Studio LightSwitch build output +**/*.HTMLClient/GeneratedArtifacts +**/*.DesktopClient/GeneratedArtifacts +**/*.DesktopClient/ModelManifest.xml +**/*.Server/GeneratedArtifacts +**/*.Server/ModelManifest.xml +_Pvt_Extensions + +# Paket dependency manager +.paket/paket.exe +paket-files/ + +# FAKE - F# Make +.fake/ + +# CodeRush personal settings +.cr/personal + +# Python Tools for Visual Studio (PTVS) +__pycache__/ +*.pyc + +# Cake - Uncomment if you are using it +# tools/** +# !tools/packages.config + +# Tabs Studio +*.tss + +# Telerik's JustMock configuration file +*.jmconfig + +# BizTalk build output +*.btp.cs +*.btm.cs +*.odx.cs +*.xsd.cs + +# OpenCover UI analysis results +OpenCover/ + +# Azure Stream Analytics local run output +ASALocalRun/ + +# MSBuild Binary and Structured Log +*.binlog + +# NVidia Nsight GPU debugger configuration file +*.nvuser + +# MFractors (Xamarin productivity tool) working folder +.mfractor/ + +# Local History for Visual Studio +.localhistory/ + +# BeatPulse healthcheck temp database +healthchecksdb + +# Backup folder for Package Reference Convert tool in Visual Studio 2017 +MigrationBackup/ + +# Ionide (cross platform F# VS Code tools) working folder +.ionide/ + +# Fody - auto-generated XML schema +FodyWeavers.xsd + +# VS Code files for those working on multiple tools +.vscode/* +!.vscode/settings.json +!.vscode/tasks.json +!.vscode/launch.json +!.vscode/extensions.json +*.code-workspace + +# Local History for Visual Studio Code +.history/ + +# Windows Installer files from build outputs +*.cab +*.msi +*.msix +*.msm +*.msp + +# JetBrains Rider +.idea/ +*.sln.iml \ No newline at end of file diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..2319a24 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,6 @@ +[submodule "dependencies/vmhook"] + path = dependencies/vmhook + url = https://githacks.org/vmp2/vmhook.git +[submodule "dependencies/ZwSwapCert"] + path = dependencies/ZwSwapCert + url = https://githacks.org/_xeroxz/zwswapcert.git diff --git a/.vs/vmhook-eac/v16/.suo b/.vs/vmhook-eac/v16/.suo new file mode 100644 index 0000000..89727cf Binary files /dev/null and b/.vs/vmhook-eac/v16/.suo differ diff --git a/.vs/vmhook-eac/v16/Browse.VC.db b/.vs/vmhook-eac/v16/Browse.VC.db new file mode 100644 index 0000000..393f5a8 Binary files /dev/null and b/.vs/vmhook-eac/v16/Browse.VC.db differ diff --git a/.vs/vmhook-eac/v16/ipch/AutoPCH/9b8941ad9a74ce11/ZWSWAPCERT.ipch b/.vs/vmhook-eac/v16/ipch/AutoPCH/9b8941ad9a74ce11/ZWSWAPCERT.ipch new file mode 100644 index 0000000..cbd2df2 Binary files /dev/null and b/.vs/vmhook-eac/v16/ipch/AutoPCH/9b8941ad9a74ce11/ZWSWAPCERT.ipch differ diff --git a/.vs/vmhook-eac/v16/ipch/AutoPCH/9b8a191bbf331d4c/VMHOOK.ipch b/.vs/vmhook-eac/v16/ipch/AutoPCH/9b8a191bbf331d4c/VMHOOK.ipch new file mode 100644 index 0000000..f8cbe87 Binary files /dev/null and b/.vs/vmhook-eac/v16/ipch/AutoPCH/9b8a191bbf331d4c/VMHOOK.ipch differ diff --git a/.vs/vmhook-eac/v16/ipch/AutoPCH/b05e80f8133bf988/DRV_ENTRY.ipch b/.vs/vmhook-eac/v16/ipch/AutoPCH/b05e80f8133bf988/DRV_ENTRY.ipch new file mode 100644 index 0000000..d23edc8 Binary files /dev/null and b/.vs/vmhook-eac/v16/ipch/AutoPCH/b05e80f8133bf988/DRV_ENTRY.ipch differ diff --git a/dependencies/ZwSwapCert b/dependencies/ZwSwapCert new file mode 160000 index 0000000..bf5f30c --- /dev/null +++ b/dependencies/ZwSwapCert @@ -0,0 +1 @@ +Subproject commit bf5f30c360f7e9d87a0cdba82d70008fd64c5c1c diff --git a/dependencies/vmhook b/dependencies/vmhook new file mode 160000 index 0000000..aec227a --- /dev/null +++ b/dependencies/vmhook @@ -0,0 +1 @@ +Subproject commit aec227a091e0a2a5a591d0e77df5243270d99672 diff --git a/drv_entry.cpp b/drv_entry.cpp new file mode 100644 index 0000000..bcaa156 --- /dev/null +++ b/drv_entry.cpp @@ -0,0 +1,189 @@ +// +// Registers on image load callback then applies vmhook to EAC +// +// + +#include +#include +#include + +// +// game cheat offset flash backs... +// + +#define EAC_VM_HANDLE_OFFSET 0xE93D +#define EAC_IMAGE_BASE 0x140000000 + +// +// vm handler indexes for READQ... +// + +u8 readq_idxs[] = { 247, 215, 169, 159, 71, 60, 55, 43, 23 }; + +// +// vm handler indexes for READDW +// + +u8 readdw_idxs[] = { 218, 180, 179, 178, 163, 137, 92, 22, 12 }; + +vm::hook_t* g_vmhook = nullptr; +vm::handler::table_t* g_vm_table = nullptr; + +void* +operator new( + u64 size +) +{ + // + // Could have also used ExAllocatePoolZero... + // + + return RtlZeroMemory(ExAllocatePool(NonPagedPool, size), size); +} + +void +operator delete +( + void* ptr, + u64 size +) +{ + UNREFERENCED_PARAMETER(size); + ExFreePool(ptr); +} + +void +image_loaded( + PUNICODE_STRING image_name, + HANDLE pid, + PIMAGE_INFO image_info +) +{ + // + // PID is zero when the module being loaded is going into the kernel... + // + + if (!pid && wcsstr(image_name->Buffer, L"EasyAntiCheat.sys")) + { + if (g_vmhook && g_vm_table) + delete g_vmhook, delete g_vm_table; + + // + // allocate memory for a g_vmhook, g_vm_table and then zero it... + // + + // > 0x00007FF77A233736 mov rcx, [r12+rax*8] + // > 0x00007FF77A23373D ror rcx, 0x30 <--- decrypt vm handler entry... + // > 0x00007FF77A233747 add rcx, r13 + // > 0x00007FF77A23374A jmp rcx + vm::decrypt_handler_t _decrypt_handler = + [](u64 val) -> u64 + { + return _rotl64(val, 0x30); + }; + + // > 0x00007FF77A233736 mov rcx, [r12+rax*8] + // > 0x00007FF77A23373D ror rcx, 0x30 <--- inverse to encrypt vm handler entry... + // > 0x00007FF77A233747 add rcx, r13 + // > 0x00007FF77A23374A jmp rcx + vm::encrypt_handler_t _encrypt_handler = + [](u64 val) -> u64 + { + return _rotr64(val, 0x30); + }; + + vm::handler::edit_entry_t _edit_entry = + [](u64* entry_ptr, u64 val) -> void + { + // + // disable write protect bit in cr0... + // + + { + auto cr0 = __readcr0(); + cr0 &= 0xfffffffffffeffff; + __writecr0(cr0); + _disable(); + } + + *entry_ptr = val; + + // + // enable write protect bit in cr0... + // + + { + auto cr0 = __readcr0(); + cr0 |= 0x10000; + _enable(); + __writecr0(cr0); + } + }; + + auto image_base = reinterpret_cast(image_info->ImageBase); + auto handler_table_ptr = reinterpret_cast(image_base + EAC_VM_HANDLE_OFFSET); + + g_vm_table = new vm::handler::table_t(handler_table_ptr, _edit_entry); + g_vmhook = new vm::hook_t(image_base, EAC_IMAGE_BASE, _decrypt_handler, _encrypt_handler, g_vm_table); + + // install hooks on READQ virtual machine handlers... + for (auto idx = 0u; idx < sizeof readq_idxs; ++idx) + { + g_vm_table->set_callback(readq_idxs[idx], + [](vm::registers* regs, u8 handler_idx) + { + DbgPrint("> READQ, reading address = 0x%p\n", reinterpret_cast(regs->rbp)[0]); + } + ); + } + + for (auto idx = 0u; idx < sizeof readdw_idxs; ++idx) + { + g_vm_table->set_callback(readdw_idxs[idx], + [](vm::registers* regs, u8 handler_idx) + { + DbgPrint("> READDW, reading address = 0x%p\n", reinterpret_cast(regs->rbp)[0]); + } + ); + } + + // + // hooks all vm handlers and starts callbacks... + // + g_vmhook->start(); + } +} + +/*++ + +Routine Description: + This is the entry routine for the vmhook-eac driver. + +Arguments: + drv_object - Pointer to driver object created by the system. + reg_path - Receives the full registry path to the SERVICES + node of the current control set. + +Return Value: + An NTSTATUS code. + +--*/ + +extern "C" +NTSTATUS +DriverEntry( // entry called from ZwSwapCert... + PDRIVER_OBJECT drv_object, + PUNICODE_STRING reg_path +) +{ + UNREFERENCED_PARAMETER(drv_object); + UNREFERENCED_PARAMETER(reg_path); + + // + // This kernel driver cannot be unloaded so there is no unload routine... + // This is because ZwSwapCert will cause the system to crash... + // + + DbgPrint("> Registering ImageLoad Callbacks...\n"); + return PsSetLoadImageNotifyRoutine(&image_loaded); +} \ No newline at end of file diff --git a/vmhook-eac.sln b/vmhook-eac.sln new file mode 100644 index 0000000..13325f0 --- /dev/null +++ b/vmhook-eac.sln @@ -0,0 +1,35 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 16 +VisualStudioVersion = 16.0.31321.278 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "vmhook-eac", "vmhook-eac.vcxproj", "{42442E7D-1DEC-455C-BD69-931D908F83A8}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ZwSwapCert", "dependencies\ZwSwapCert\ZwSwapCert\ZwSwapCert.vcxproj", "{475EA8A7-C1BA-4847-B9C3-198C9738E0C0}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|x64 = Debug|x64 + Release|x64 = Release|x64 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {42442E7D-1DEC-455C-BD69-931D908F83A8}.Debug|x64.ActiveCfg = Debug|x64 + {42442E7D-1DEC-455C-BD69-931D908F83A8}.Debug|x64.Build.0 = Debug|x64 + {42442E7D-1DEC-455C-BD69-931D908F83A8}.Debug|x64.Deploy.0 = Debug|x64 + {42442E7D-1DEC-455C-BD69-931D908F83A8}.Release|x64.ActiveCfg = Release|x64 + {42442E7D-1DEC-455C-BD69-931D908F83A8}.Release|x64.Build.0 = Release|x64 + {42442E7D-1DEC-455C-BD69-931D908F83A8}.Release|x64.Deploy.0 = Release|x64 + {475EA8A7-C1BA-4847-B9C3-198C9738E0C0}.Debug|x64.ActiveCfg = Release|x64 + {475EA8A7-C1BA-4847-B9C3-198C9738E0C0}.Debug|x64.Build.0 = Release|x64 + {475EA8A7-C1BA-4847-B9C3-198C9738E0C0}.Debug|x64.Deploy.0 = Release|x64 + {475EA8A7-C1BA-4847-B9C3-198C9738E0C0}.Release|x64.ActiveCfg = Release|x64 + {475EA8A7-C1BA-4847-B9C3-198C9738E0C0}.Release|x64.Build.0 = Release|x64 + {475EA8A7-C1BA-4847-B9C3-198C9738E0C0}.Release|x64.Deploy.0 = Release|x64 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {E153699F-009A-44FB-B4D0-C2D97CC204E7} + EndGlobalSection +EndGlobal diff --git a/vmhook-eac.vcxproj b/vmhook-eac.vcxproj new file mode 100644 index 0000000..0af24c9 --- /dev/null +++ b/vmhook-eac.vcxproj @@ -0,0 +1,90 @@ + + + + + Debug + x64 + + + Release + x64 + + + + {42442E7D-1DEC-455C-BD69-931D908F83A8} + {1bc93793-694f-48fe-9372-81e2b05556fd} + v4.5 + 12.0 + Debug + Win32 + vmhook_eac + $(LatestTargetPlatformVersion) + + + + Windows10 + true + WindowsKernelModeDriver10.0 + Driver + KMDF + Universal + + + Windows10 + false + WindowsKernelModeDriver10.0 + Driver + KMDF + Universal + false + + + + + + + + + + + + DbgengKernelDebugger + + + DbgengKernelDebugger + false + $(ProjectDir)dependencies\vmhook\include\;$(IncludePath) + + + + stdcpp17 + false + + + ScDriverEntry + /SECTION:.text,RWE %(AdditionalOptions) + + + + + + + + + + + + + + + + + + {475ea8a7-c1ba-4847-b9c3-198c9738e0c0} + + + + + + + \ No newline at end of file diff --git a/vmhook-eac.vcxproj.filters b/vmhook-eac.vcxproj.filters new file mode 100644 index 0000000..2b23e1d --- /dev/null +++ b/vmhook-eac.vcxproj.filters @@ -0,0 +1,31 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hpp;hxx;hm;inl;inc;xsd + + + + + Source Files + + + Source Files + + + + + Header Files + + + + + Source Files + + + \ No newline at end of file diff --git a/x64/Release/DriverEntry.obj b/x64/Release/DriverEntry.obj new file mode 100644 index 0000000..f0ae99d Binary files /dev/null and b/x64/Release/DriverEntry.obj differ diff --git a/x64/Release/ZwSwapCert.lib b/x64/Release/ZwSwapCert.lib new file mode 100644 index 0000000..25daeb3 Binary files /dev/null and b/x64/Release/ZwSwapCert.lib differ diff --git a/x64/Release/ZwSwapCert.pdb b/x64/Release/ZwSwapCert.pdb new file mode 100644 index 0000000..f8775bf Binary files /dev/null and b/x64/Release/ZwSwapCert.pdb differ diff --git a/x64/Release/drv_entry.obj b/x64/Release/drv_entry.obj new file mode 100644 index 0000000..eddb40f Binary files /dev/null and b/x64/Release/drv_entry.obj differ diff --git a/x64/Release/vc142.pdb b/x64/Release/vc142.pdb new file mode 100644 index 0000000..81ac7a0 Binary files /dev/null and b/x64/Release/vc142.pdb differ diff --git a/x64/Release/vmhook-eac.cer b/x64/Release/vmhook-eac.cer new file mode 100644 index 0000000..c6f5bf7 Binary files /dev/null and b/x64/Release/vmhook-eac.cer differ diff --git a/x64/Release/vmhook-eac.log b/x64/Release/vmhook-eac.log new file mode 100644 index 0000000..931a740 --- /dev/null +++ b/x64/Release/vmhook-eac.log @@ -0,0 +1,16 @@ +D:\vmhook-eac\vmhook-eac.vcxproj(43,5): warning MSB4011: "G:\vs\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.props" cannot be imported again. It was already imported at "C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.Shared.props (352,3)". This is most likely a build authoring error. This subsequent import will be ignored. +D:\vmhook-eac\vmhook-eac.vcxproj(88,5): warning MSB4011: "G:\vs\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.targets" cannot be imported again. It was already imported at "C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.common.targets (1878,3)". This is most likely a build authoring error. This subsequent import will be ignored. + Building 'vmhook-eac' with toolset 'WindowsKernelModeDriver10.0' and the 'Universal' target platform. + Building 'ZwSwapCert' with toolset 'WindowsKernelModeDriver10.0' and the 'Universal' target platform. + drv_entry.cpp +D:\vmhook-eac\drv_entry.cpp(136,5): warning C4100: 'handler_idx': unreferenced formal parameter +D:\vmhook-eac\drv_entry.cpp(146,5): warning C4100: 'handler_idx': unreferenced formal parameter + vmhook-eac.vcxproj -> D:\vmhook-eac\x64\Release\vmhook-eac.sys +D:\vmhook-eac\vmhook-eac.vcxproj(43,5): warning MSB4011: "G:\vs\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.props" cannot be imported again. It was already imported at "C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.Shared.props (352,3)". This is most likely a build authoring error. This subsequent import will be ignored. +D:\vmhook-eac\vmhook-eac.vcxproj(88,5): warning MSB4011: "G:\vs\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.targets" cannot be imported again. It was already imported at "C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.common.targets (1878,3)". This is most likely a build authoring error. This subsequent import will be ignored. + Done Adding Additional Store + Successfully signed: D:\vmhook-eac\x64\Release\vmhook-eac.sys + + Driver is 'Universal'. +D:\vmhook-eac\vmhook-eac.vcxproj(43,5): warning MSB4011: "G:\vs\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.props" cannot be imported again. It was already imported at "C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.Shared.props (352,3)". This is most likely a build authoring error. This subsequent import will be ignored. +D:\vmhook-eac\vmhook-eac.vcxproj(88,5): warning MSB4011: "G:\vs\MSBuild\Microsoft\VC\v160\BuildCustomizations\masm.targets" cannot be imported again. It was already imported at "C:\Program Files (x86)\Windows Kits\10\build\WindowsDriver.common.targets (1878,3)". This is most likely a build authoring error. This subsequent import will be ignored. diff --git a/x64/Release/vmhook-eac.pdb b/x64/Release/vmhook-eac.pdb new file mode 100644 index 0000000..c778f22 Binary files /dev/null and b/x64/Release/vmhook-eac.pdb differ diff --git a/x64/Release/vmhook-eac.sys.recipe b/x64/Release/vmhook-eac.sys.recipe new file mode 100644 index 0000000..540cd40 --- /dev/null +++ b/x64/Release/vmhook-eac.sys.recipe @@ -0,0 +1,11 @@ + + + + + D:\vmhook-eac\x64\Release\vmhook-eac.sys + + + + + + \ No newline at end of file diff --git a/x64/Release/vmhook-eac.tlog/CL.command.1.tlog b/x64/Release/vmhook-eac.tlog/CL.command.1.tlog new file mode 100644 index 0000000..1959f0d Binary files /dev/null and b/x64/Release/vmhook-eac.tlog/CL.command.1.tlog differ diff --git a/x64/Release/vmhook-eac.tlog/CL.read.1.tlog b/x64/Release/vmhook-eac.tlog/CL.read.1.tlog new file mode 100644 index 0000000..e6cc301 Binary files /dev/null and b/x64/Release/vmhook-eac.tlog/CL.read.1.tlog differ diff --git a/x64/Release/vmhook-eac.tlog/CL.write.1.tlog b/x64/Release/vmhook-eac.tlog/CL.write.1.tlog new file mode 100644 index 0000000..8ea41d6 Binary files /dev/null and b/x64/Release/vmhook-eac.tlog/CL.write.1.tlog differ diff --git a/x64/Release/vmhook-eac.tlog/Masm.read.1u.tlog b/x64/Release/vmhook-eac.tlog/Masm.read.1u.tlog new file mode 100644 index 0000000..fcd81b8 Binary files /dev/null and b/x64/Release/vmhook-eac.tlog/Masm.read.1u.tlog differ diff --git a/x64/Release/vmhook-eac.tlog/Masm.write.1u.tlog b/x64/Release/vmhook-eac.tlog/Masm.write.1u.tlog new file mode 100644 index 0000000..a9e6d48 Binary files /dev/null and b/x64/Release/vmhook-eac.tlog/Masm.write.1u.tlog differ diff --git a/x64/Release/vmhook-eac.tlog/link.command.1.tlog b/x64/Release/vmhook-eac.tlog/link.command.1.tlog new file mode 100644 index 0000000..f0810df Binary files /dev/null and b/x64/Release/vmhook-eac.tlog/link.command.1.tlog differ diff --git a/x64/Release/vmhook-eac.tlog/link.read.1.tlog b/x64/Release/vmhook-eac.tlog/link.read.1.tlog new file mode 100644 index 0000000..1e4968e Binary files /dev/null and b/x64/Release/vmhook-eac.tlog/link.read.1.tlog differ diff --git a/x64/Release/vmhook-eac.tlog/link.write.1.tlog b/x64/Release/vmhook-eac.tlog/link.write.1.tlog new file mode 100644 index 0000000..067f7d2 Binary files /dev/null and b/x64/Release/vmhook-eac.tlog/link.write.1.tlog differ diff --git a/x64/Release/vmhook-eac.tlog/signtool.command.1.tlog b/x64/Release/vmhook-eac.tlog/signtool.command.1.tlog new file mode 100644 index 0000000..48b764d Binary files /dev/null and b/x64/Release/vmhook-eac.tlog/signtool.command.1.tlog differ diff --git a/x64/Release/vmhook-eac.tlog/signtool.read.1.tlog b/x64/Release/vmhook-eac.tlog/signtool.read.1.tlog new file mode 100644 index 0000000..427aa2d Binary files /dev/null and b/x64/Release/vmhook-eac.tlog/signtool.read.1.tlog differ diff --git a/x64/Release/vmhook-eac.tlog/signtool.timestamp.1.tlog b/x64/Release/vmhook-eac.tlog/signtool.timestamp.1.tlog new file mode 100644 index 0000000..254ae0c --- /dev/null +++ b/x64/Release/vmhook-eac.tlog/signtool.timestamp.1.tlog @@ -0,0 +1,2 @@ +D:\EACLOG\X64\RELEASE\VMHOOK-EAC.SYS|637605507578183380 +D:\VMHOOK-EAC\X64\RELEASE\VMHOOK-EAC.SYS|637605525713265269 diff --git a/x64/Release/vmhook-eac.tlog/signtool.write.1.tlog b/x64/Release/vmhook-eac.tlog/signtool.write.1.tlog new file mode 100644 index 0000000..4cdb34e Binary files /dev/null and b/x64/Release/vmhook-eac.tlog/signtool.write.1.tlog differ diff --git a/x64/Release/vmhook-eac.tlog/vmhook-eac.lastbuildstate b/x64/Release/vmhook-eac.tlog/vmhook-eac.lastbuildstate new file mode 100644 index 0000000..e2d867a --- /dev/null +++ b/x64/Release/vmhook-eac.tlog/vmhook-eac.lastbuildstate @@ -0,0 +1,2 @@ +PlatformToolSet=WindowsKernelModeDriver10.0:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30037:TargetPlatformVersion=10.0.19041.0: +Release|x64|D:\vmhook-eac\| diff --git a/x64/Release/vmhook-eac.vcxproj.FileListAbsolute.txt b/x64/Release/vmhook-eac.vcxproj.FileListAbsolute.txt new file mode 100644 index 0000000..50db195 --- /dev/null +++ b/x64/Release/vmhook-eac.vcxproj.FileListAbsolute.txt @@ -0,0 +1 @@ +D:\vmhook-eac\x64\Release\vmhook-eac.sys diff --git a/x64/Release/vmhook-eac/ZwSwapCert.lib b/x64/Release/vmhook-eac/ZwSwapCert.lib new file mode 100644 index 0000000..25daeb3 Binary files /dev/null and b/x64/Release/vmhook-eac/ZwSwapCert.lib differ diff --git a/x64/Release/vmhook-eac/vmhook-eac.sys b/x64/Release/vmhook-eac/vmhook-eac.sys new file mode 100644 index 0000000..38f2859 Binary files /dev/null and b/x64/Release/vmhook-eac/vmhook-eac.sys differ diff --git a/x64/Release/vmhook.obj b/x64/Release/vmhook.obj new file mode 100644 index 0000000..40d32c7 Binary files /dev/null and b/x64/Release/vmhook.obj differ diff --git a/x64/Release/vtrap.obj b/x64/Release/vtrap.obj new file mode 100644 index 0000000..452cb33 Binary files /dev/null and b/x64/Release/vtrap.obj differ