mirror of
https://github.com/tnodir/fort
synced 2024-11-15 07:57:24 +00:00
DriverLoader: Windows 8+: Try to load HAL.dll functions from ntoskrnl.exe first
This commit is contained in:
parent
eb3b478eb4
commit
d018a599d8
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
#define FORT_AMALG
|
#define FORT_AMALG
|
||||||
#define FORT_DRIVER
|
#define FORT_DRIVER
|
||||||
|
#define FORT_DEBUG
|
||||||
|
|
||||||
#include "../fortutl.c"
|
#include "../fortutl.c"
|
||||||
|
|
||||||
|
@ -208,7 +208,7 @@ static NTSTATUS PerformBaseRelocation(
|
|||||||
|
|
||||||
/* Build the import address table: Library functions. */
|
/* Build the import address table: Library functions. */
|
||||||
static NTSTATUS BuildImportTableLibrary(PUCHAR codeBase, const PIMAGE_IMPORT_DESCRIPTOR importDesc,
|
static NTSTATUS BuildImportTableLibrary(PUCHAR codeBase, const PIMAGE_IMPORT_DESCRIPTOR importDesc,
|
||||||
LPCSTR libName, LOADEDMODULE libModule)
|
LPCSTR libName, PLOADEDMODULE libModule, PLOADEDMODULE forwardModule)
|
||||||
{
|
{
|
||||||
NTSTATUS status = STATUS_SUCCESS;
|
NTSTATUS status = STATUS_SUCCESS;
|
||||||
|
|
||||||
@ -228,8 +228,18 @@ static NTSTATUS BuildImportTableLibrary(PUCHAR codeBase, const PIMAGE_IMPORT_DES
|
|||||||
funcName = (LPCSTR) &thunkData->Name;
|
funcName = (LPCSTR) &thunkData->Name;
|
||||||
}
|
}
|
||||||
|
|
||||||
*funcRef = ModuleGetProcAddress(&libModule, funcName);
|
if (forwardModule != NULL) {
|
||||||
if (*funcRef == 0) {
|
*funcRef = ModuleGetProcAddress(forwardModule, funcName);
|
||||||
|
if (*funcRef != NULL) {
|
||||||
|
#ifdef FORT_DEBUG
|
||||||
|
LOG("Loader Module: Import forwarded: %s: %s: %p\n", libName, funcName, *funcRef);
|
||||||
|
#endif
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
*funcRef = ModuleGetProcAddress(libModule, funcName);
|
||||||
|
if (*funcRef == NULL) {
|
||||||
LOG("Loader Module: Error: Procedure Not Found: %s: %s\n", libName, funcName);
|
LOG("Loader Module: Error: Procedure Not Found: %s: %s\n", libName, funcName);
|
||||||
status = STATUS_PROCEDURE_NOT_FOUND;
|
status = STATUS_PROCEDURE_NOT_FOUND;
|
||||||
} else {
|
} else {
|
||||||
@ -258,6 +268,21 @@ static NTSTATUS BuildImportTable(PUCHAR codeBase, PIMAGE_NT_HEADERS pHeaders)
|
|||||||
if (!NT_SUCCESS(status))
|
if (!NT_SUCCESS(status))
|
||||||
return status;
|
return status;
|
||||||
|
|
||||||
|
#if defined(FORT_WIN7_COMPAT)
|
||||||
|
LOADEDMODULE kernelModule = { NULL };
|
||||||
|
{
|
||||||
|
RTL_OSVERSIONINFOW osvi;
|
||||||
|
RtlZeroMemory(&osvi, sizeof(osvi));
|
||||||
|
osvi.dwOSVersionInfoSize = sizeof(osvi);
|
||||||
|
RtlGetVersion(&osvi);
|
||||||
|
const BOOL isWindows7 = (osvi.dwMajorVersion == 6 && osvi.dwMinorVersion == 1);
|
||||||
|
|
||||||
|
if (!isWindows7) {
|
||||||
|
GetModuleInfo(&kernelModule, "ntoskrnl.exe", modules, modulesCount);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
status = STATUS_SUCCESS;
|
status = STATUS_SUCCESS;
|
||||||
|
|
||||||
PIMAGE_IMPORT_DESCRIPTOR importDesc =
|
PIMAGE_IMPORT_DESCRIPTOR importDesc =
|
||||||
@ -273,7 +298,16 @@ static NTSTATUS BuildImportTable(PUCHAR codeBase, PIMAGE_NT_HEADERS pHeaders)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = BuildImportTableLibrary(codeBase, importDesc, libName, libModule);
|
PLOADEDMODULE forwardModule = NULL;
|
||||||
|
#if defined(FORT_WIN7_COMPAT)
|
||||||
|
if (kernelModule.codeBase != NULL && _stricmp(libName, "hal.dll") == 0) {
|
||||||
|
/* Functions of HAL.dll are exported from kernel on Windows 8+ */
|
||||||
|
LOG("Loader Module: Forward to kernel: %s\n", libName);
|
||||||
|
forwardModule = &kernelModule;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
status = BuildImportTableLibrary(codeBase, importDesc, libName, &libModule, forwardModule);
|
||||||
if (!NT_SUCCESS(status)) {
|
if (!NT_SUCCESS(status)) {
|
||||||
LOG("Loader Module: Library Import Error: %s\n", libName);
|
LOG("Loader Module: Library Import Error: %s\n", libName);
|
||||||
break;
|
break;
|
||||||
|
@ -271,6 +271,12 @@ void RtlTimeToTimeFields(PLARGE_INTEGER time, PTIME_FIELDS timeFields)
|
|||||||
UNUSED(timeFields);
|
UNUSED(timeFields);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
NTSTATUS RtlGetVersion(PRTL_OSVERSIONINFOW versionInformation)
|
||||||
|
{
|
||||||
|
UNUSED(versionInformation);
|
||||||
|
return STATUS_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
NTSTATUS ZwOpenKey(
|
NTSTATUS ZwOpenKey(
|
||||||
PHANDLE keyHandle, ACCESS_MASK desiredAccess, POBJECT_ATTRIBUTES objectAttributes)
|
PHANDLE keyHandle, ACCESS_MASK desiredAccess, POBJECT_ATTRIBUTES objectAttributes)
|
||||||
{
|
{
|
||||||
|
@ -286,6 +286,8 @@ FORT_API void KeQuerySystemTime(PLARGE_INTEGER time);
|
|||||||
FORT_API void ExSystemTimeToLocalTime(PLARGE_INTEGER systemTime, PLARGE_INTEGER localTime);
|
FORT_API void ExSystemTimeToLocalTime(PLARGE_INTEGER systemTime, PLARGE_INTEGER localTime);
|
||||||
FORT_API void RtlTimeToTimeFields(PLARGE_INTEGER time, PTIME_FIELDS timeFields);
|
FORT_API void RtlTimeToTimeFields(PLARGE_INTEGER time, PTIME_FIELDS timeFields);
|
||||||
|
|
||||||
|
FORT_API NTSTATUS RtlGetVersion(PRTL_OSVERSIONINFOW versionInformation);
|
||||||
|
|
||||||
FORT_API NTSTATUS ZwOpenKey(
|
FORT_API NTSTATUS ZwOpenKey(
|
||||||
PHANDLE keyHandle, ACCESS_MASK desiredAccess, POBJECT_ATTRIBUTES objectAttributes);
|
PHANDLE keyHandle, ACCESS_MASK desiredAccess, POBJECT_ATTRIBUTES objectAttributes);
|
||||||
FORT_API NTSTATUS ZwClose(HANDLE handle);
|
FORT_API NTSTATUS ZwClose(HANDLE handle);
|
||||||
|
Loading…
Reference in New Issue
Block a user