mirror of
https://github.com/JKornev/hidden
synced 2024-06-25 16:38:05 +00:00
Added Get\Set ps state ability
Fixed issue with DeviceIOControl output Fixed issues in the PsRule & PsTable
This commit is contained in:
parent
b9e7f2c015
commit
8a7929b310
@ -238,7 +238,7 @@ NTSTATUS GetPsObjectInfo(PHid_GetPsObjectInfoPacket Packet, USHORT Size, PHid_Ge
|
|||||||
Packet->enable = (USHORT)enable;
|
Packet->enable = (USHORT)enable;
|
||||||
Packet->inheritType = (USHORT)inheritType;
|
Packet->inheritType = (USHORT)inheritType;
|
||||||
|
|
||||||
RtlCopyMemory(Packet, OutPacket, sizeof(Hid_GetPsObjectInfoPacket));
|
RtlCopyMemory(OutPacket, Packet, sizeof(Hid_GetPsObjectInfoPacket));
|
||||||
*OutSize = sizeof(Hid_GetPsObjectInfoPacket);
|
*OutSize = sizeof(Hid_GetPsObjectInfoPacket);
|
||||||
|
|
||||||
return status;
|
return status;
|
||||||
@ -404,7 +404,7 @@ EndProc:
|
|||||||
{
|
{
|
||||||
if (outputDataSize > outputDataMaxSize)
|
if (outputDataSize > outputDataMaxSize)
|
||||||
{
|
{
|
||||||
DbgPrint("FsFilter1!" __FUNCTION__ ": An internal error that looks like stack corruption!\n");
|
DbgPrint("FsFilter1!" __FUNCTION__ ": An internal error that looks like a stack corruption!\n");
|
||||||
outputDataSize = outputDataMaxSize;
|
outputDataSize = outputDataMaxSize;
|
||||||
result.status = (ULONG)STATUS_PARTIAL_COPY;
|
result.status = (ULONG)STATUS_PARTIAL_COPY;
|
||||||
}
|
}
|
||||||
@ -415,7 +415,7 @@ EndProc:
|
|||||||
// Copy result to output buffer
|
// Copy result to output buffer
|
||||||
if (NT_SUCCESS(status))
|
if (NT_SUCCESS(status))
|
||||||
{
|
{
|
||||||
outputBufferSize = sizeof(result);
|
outputBufferSize = sizeof(result) + outputDataSize;
|
||||||
RtlCopyMemory(outputBuffer, &result, sizeof(result));
|
RtlCopyMemory(outputBuffer, &result, sizeof(result));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -98,8 +98,9 @@ NTSTATUS AddRuleToPsRuleList(PsRulesContext RuleContext, PUNICODE_STRING ImgPath
|
|||||||
RtlCopyUnicodeString(&entry->imagePath, ImgPath);
|
RtlCopyUnicodeString(&entry->imagePath, ImgPath);
|
||||||
|
|
||||||
KeAcquireInStackQueuedSpinLock(&context->tableLock, &lockHandle);
|
KeAcquireInStackQueuedSpinLock(&context->tableLock, &lockHandle);
|
||||||
buf = RtlInsertElementGenericTableAvl(&context->table, entry, entryLen, &newElem);
|
|
||||||
guid = context->idCounter++;
|
guid = context->idCounter++;
|
||||||
|
entry->guid = guid;
|
||||||
|
buf = RtlInsertElementGenericTableAvl(&context->table, entry, entryLen, &newElem);
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
||||||
|
|
||||||
if (!buf)
|
if (!buf)
|
||||||
|
@ -89,7 +89,7 @@ BOOLEAN UpdateProcessInProcessTable(PProcessTableEntry entry)
|
|||||||
|
|
||||||
entry2 = (PProcessTableEntry)RtlLookupElementGenericTableAvl(&g_processTable, entry);
|
entry2 = (PProcessTableEntry)RtlLookupElementGenericTableAvl(&g_processTable, entry);
|
||||||
|
|
||||||
if (!entry2)
|
if (entry2)
|
||||||
RtlCopyMemory(entry2, entry, sizeof(ProcessTableEntry));
|
RtlCopyMemory(entry2, entry, sizeof(ProcessTableEntry));
|
||||||
|
|
||||||
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
KeReleaseInStackQueuedSpinLock(&lockHandle);
|
||||||
|
@ -425,6 +425,71 @@ HidStatus SendIoctl_RemoveAllPsObjectsPacket(PHidContextInternal context, unsign
|
|||||||
return HID_SET_STATUS(TRUE, 0);
|
return HID_SET_STATUS(TRUE, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
HidStatus SendIoctl_GetPsStatePacket(PHidContextInternal context, HidProcId procId, unsigned short type, HidActiveState* state, HidPsInheritTypes* inheritType)
|
||||||
|
{
|
||||||
|
char buffer[sizeof(Hid_StatusPacket) + sizeof(Hid_GetPsObjectInfoPacket)];
|
||||||
|
PHid_GetPsObjectInfoPacket info;
|
||||||
|
PHid_StatusPacket result;
|
||||||
|
DWORD returned;
|
||||||
|
|
||||||
|
memset(buffer, 0, sizeof(buffer));
|
||||||
|
|
||||||
|
info = (PHid_GetPsObjectInfoPacket)buffer;
|
||||||
|
info->objType = type;
|
||||||
|
info->procId = procId;
|
||||||
|
|
||||||
|
// Send IOCTL to device
|
||||||
|
|
||||||
|
if (!DeviceIoControl(context->hdevice, HID_IOCTL_GET_OBJECT_STATE, info, sizeof(Hid_GetPsObjectInfoPacket), &buffer, sizeof(buffer), &returned, NULL))
|
||||||
|
return HID_SET_STATUS(FALSE, GetLastError());
|
||||||
|
|
||||||
|
// Check result
|
||||||
|
|
||||||
|
if (returned < sizeof(Hid_StatusPacket))
|
||||||
|
return HID_SET_STATUS(FALSE, ERROR_INVALID_BLOCK_LENGTH);
|
||||||
|
|
||||||
|
result = (PHid_StatusPacket)buffer;
|
||||||
|
info = (PHid_GetPsObjectInfoPacket)(buffer + sizeof(Hid_StatusPacket));
|
||||||
|
|
||||||
|
if (!NT_SUCCESS(result->status))
|
||||||
|
return HID_SET_STATUS(FALSE, result->status);
|
||||||
|
|
||||||
|
if (returned != sizeof(Hid_StatusPacket) + sizeof(Hid_GetPsObjectInfoPacket))
|
||||||
|
return HID_SET_STATUS(FALSE, ERROR_INVALID_BLOCK_LENGTH);
|
||||||
|
|
||||||
|
*state = (info->enable ? HidActiveState::StateEnabled : HidActiveState::StateDisabled);
|
||||||
|
*inheritType = (HidPsInheritTypes)info->inheritType;
|
||||||
|
|
||||||
|
return HID_SET_STATUS(TRUE, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
HidStatus SendIoctl_SetPsStatePacket(PHidContextInternal context, HidProcId procId, unsigned short type, HidActiveState state, HidPsInheritTypes inheritType)
|
||||||
|
{
|
||||||
|
Hid_SetPsObjectInfoPacket info;
|
||||||
|
Hid_StatusPacket result;
|
||||||
|
DWORD returned;
|
||||||
|
|
||||||
|
info.objType = type;
|
||||||
|
info.procId = procId;
|
||||||
|
info.enable = (state == HidActiveState::StateEnabled);
|
||||||
|
info.inheritType = inheritType;
|
||||||
|
|
||||||
|
// Send IOCTL to device
|
||||||
|
|
||||||
|
if (!DeviceIoControl(context->hdevice, HID_IOCTL_SET_OBJECT_STATE, &info, sizeof(info), &result, sizeof(result), &returned, NULL))
|
||||||
|
return HID_SET_STATUS(FALSE, GetLastError());
|
||||||
|
|
||||||
|
// Check result
|
||||||
|
|
||||||
|
if (returned != sizeof(result))
|
||||||
|
return HID_SET_STATUS(FALSE, ERROR_INVALID_PARAMETER);
|
||||||
|
|
||||||
|
if (!NT_SUCCESS(result.status))
|
||||||
|
return HID_SET_STATUS(FALSE, result.status);
|
||||||
|
|
||||||
|
return HID_SET_STATUS(TRUE, 0);
|
||||||
|
}
|
||||||
|
|
||||||
// Control interface
|
// Control interface
|
||||||
|
|
||||||
HidStatus Hid_SetState(HidContext context, HidActiveState state)
|
HidStatus Hid_SetState(HidContext context, HidActiveState state)
|
||||||
@ -454,7 +519,6 @@ HidStatus Hid_AddHiddenRegKey(HidContext context, HidRegRootTypes root, const wc
|
|||||||
FreeNormalizedPath(normalized);
|
FreeNormalizedPath(normalized);
|
||||||
|
|
||||||
return status;
|
return status;
|
||||||
//return SendIoctl_HideObjectPacket((PHidContextInternal)context, regKey, RegKeyObject, objId);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
HidStatus Hid_RemoveHiddenRegKey(HidContext context, HidObjId objId)
|
HidStatus Hid_RemoveHiddenRegKey(HidContext context, HidObjId objId)
|
||||||
@ -480,7 +544,6 @@ HidStatus Hid_AddHiddenRegValue(HidContext context, HidRegRootTypes root, const
|
|||||||
FreeNormalizedPath(normalized);
|
FreeNormalizedPath(normalized);
|
||||||
|
|
||||||
return status;
|
return status;
|
||||||
//return SendIoctl_HideObjectPacket((PHidContextInternal)context, regValue, RegValueObject, objId);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
HidStatus Hid_RemoveHiddenRegValue(HidContext context, HidObjId objId)
|
HidStatus Hid_RemoveHiddenRegValue(HidContext context, HidObjId objId)
|
||||||
@ -574,17 +637,17 @@ HidStatus Hid_RemoveAllExcludedImages(HidContext context)
|
|||||||
|
|
||||||
HidStatus Hid_GetExcludedState(HidContext context, HidProcId procId, HidActiveState* state, HidPsInheritTypes* inheritType)
|
HidStatus Hid_GetExcludedState(HidContext context, HidProcId procId, HidActiveState* state, HidPsInheritTypes* inheritType)
|
||||||
{
|
{
|
||||||
return HID_SET_STATUS(FALSE, ERROR_CALL_NOT_IMPLEMENTED);
|
return SendIoctl_GetPsStatePacket((PHidContextInternal)context, procId, PsExcludedObject, state, inheritType);
|
||||||
}
|
}
|
||||||
|
|
||||||
HidStatus Hid_AttachExcludedState(HidContext context, HidProcId procId, HidPsInheritTypes inheritType)
|
HidStatus Hid_AttachExcludedState(HidContext context, HidProcId procId, HidPsInheritTypes inheritType)
|
||||||
{
|
{
|
||||||
return HID_SET_STATUS(FALSE, ERROR_CALL_NOT_IMPLEMENTED);
|
return SendIoctl_SetPsStatePacket((PHidContextInternal)context, procId, PsExcludedObject, HidActiveState::StateEnabled, inheritType);
|
||||||
}
|
}
|
||||||
|
|
||||||
HidStatus Hid_RemoveExcludedState(HidContext context, HidProcId procId)
|
HidStatus Hid_RemoveExcludedState(HidContext context, HidProcId procId)
|
||||||
{
|
{
|
||||||
return HID_SET_STATUS(FALSE, ERROR_CALL_NOT_IMPLEMENTED);
|
return SendIoctl_SetPsStatePacket((PHidContextInternal)context, procId, PsExcludedObject, HidActiveState::StateDisabled, HidPsInheritTypes::WithoutInherit);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Process protect interface
|
// Process protect interface
|
||||||
@ -616,15 +679,15 @@ HidStatus Hid_RemoveAllProtectedImages(HidContext context)
|
|||||||
|
|
||||||
HidStatus Hid_GetProtectedState(HidContext context, HidProcId procId, HidActiveState* state, HidPsInheritTypes* inheritType)
|
HidStatus Hid_GetProtectedState(HidContext context, HidProcId procId, HidActiveState* state, HidPsInheritTypes* inheritType)
|
||||||
{
|
{
|
||||||
return HID_SET_STATUS(FALSE, ERROR_CALL_NOT_IMPLEMENTED);
|
return SendIoctl_GetPsStatePacket((PHidContextInternal)context, procId, PsProtectedObject, state, inheritType);
|
||||||
}
|
}
|
||||||
|
|
||||||
HidStatus Hid_AttachProtectedState(HidContext context, HidProcId procId, HidPsInheritTypes inheritType)
|
HidStatus Hid_AttachProtectedState(HidContext context, HidProcId procId, HidPsInheritTypes inheritType)
|
||||||
{
|
{
|
||||||
return HID_SET_STATUS(FALSE, ERROR_CALL_NOT_IMPLEMENTED);
|
return SendIoctl_SetPsStatePacket((PHidContextInternal)context, procId, PsProtectedObject, HidActiveState::StateEnabled, inheritType);
|
||||||
}
|
}
|
||||||
|
|
||||||
HidStatus Hid_RemoveProtectedState(HidContext context, HidProcId procId)
|
HidStatus Hid_RemoveProtectedState(HidContext context, HidProcId procId)
|
||||||
{
|
{
|
||||||
return HID_SET_STATUS(FALSE, ERROR_CALL_NOT_IMPLEMENTED);
|
return SendIoctl_SetPsStatePacket((PHidContextInternal)context, procId, PsProtectedObject, HidActiveState::StateDisabled, HidPsInheritTypes::WithoutInherit);
|
||||||
}
|
}
|
||||||
|
@ -5,7 +5,7 @@ typedef unsigned long long HidStatus;
|
|||||||
#define HID_STATUS_SUCCESSFUL(status) (status & 1)
|
#define HID_STATUS_SUCCESSFUL(status) (status & 1)
|
||||||
#define HID_STATUS_CODE(status) (unsigned int)(status >> 1)
|
#define HID_STATUS_CODE(status) (unsigned int)(status >> 1)
|
||||||
|
|
||||||
#define HID_SET_STATUS(state, code) (unsigned long long)(code << 1 | (state ? 1 : 0))
|
#define HID_SET_STATUS(state, code) (unsigned long long)((unsigned long long)code << 1 | (state ? 1 : 0))
|
||||||
|
|
||||||
typedef void* HidContext;
|
typedef void* HidContext;
|
||||||
typedef HidContext* PHidContext;
|
typedef HidContext* PHidContext;
|
||||||
@ -20,6 +20,8 @@ enum HidActiveState
|
|||||||
StateEnabled
|
StateEnabled
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// Important note:
|
||||||
|
// This enum should be equal to PsRuleInheritTypes (PsRules.h)
|
||||||
enum HidPsInheritTypes
|
enum HidPsInheritTypes
|
||||||
{
|
{
|
||||||
WithoutInherit = 0,
|
WithoutInherit = 0,
|
||||||
|
Loading…
Reference in New Issue
Block a user