Update README.md

2020-05-31 11:27:06 +02:00 · 2020-05-31 11:25:38 +02:00 · 2020-05-31 11:25:08 +02:00 · 2020-05-06 15:45:52 +02:00 · 2020-04-29 15:51:40 +02:00 · 2020-04-15 16:33:36 +02:00
11 changed files with 369 additions and 262 deletions
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
  <img src="assets/logo.png"/>
 </p>

-Efi-memory is a proof-of-concept EFI runtime driver for reading and writing to virtual memory. It hooks SetVariable() to communicate with client program in the OS. 
+Efi-memory is a proof-of-concept EFI runtime driver for reading and writing to virtual memory. It uses [EfiGuards](https://github.com/Mattiwatti/EfiGuard/) method of hooking SetVariable to communicate with the user-mode process. [Here is an example how it works](https://youtu.be/XKODdIsTgzU).

 ## Repo content
 driver/
@@ -14,22 +14,74 @@ client/efi-mapper/
 ## Compiling
 Compiling any of the example client programs is pretty simple. Open the solution file in Visual Studio and compile the project with it's default settings.

-Compiling the driver is also pretty simple. First you need a working Linux install (or you can use Linux subsystem for Windows) and install gnu-efi (commands for Ubuntu 18.04):
+Compiling the driver is also pretty simple. First you need a working Linux install (or you can use Linux subsystem for Windows) and install gnu-efi (commands for Arch Linux):
 ```
-    apt install gnu-efi
+sudo pacman -S gnu-efi-libs
 ```
 That's all you need to install. Package manager (in the example apt) should take care of all the depencies for you. Once the installation is complete, clone this repo (make sure you have git installed):
 ```   
-    git clone https://github.com/SamuelTulach/efi-memory
+git clone https://github.com/SamuelTulach/efi-memory
 ```
 Than navigate to the driver folder and compile the driver with make:
 ```
-    cd efi-memory
-    cd driver
-    make
+cd efi-memory
+cd driver
+make
 ```
 If the compile was successful, you should now see memory.efi in the driver folder.

+**Note:** Some people were reporting that they were unable to compile the driver with some errors related to GUIDs (passing them in as a pointer). If you are having the same issues please make sure that you are using latest gcc and gnu-efi libs. Ubuntu and Debian have older versions of them and therefore require you to manually compile and install latest versions.
+
+```
+[q@propc:~]$ pacman -Q --info gnu-efi-libs
+Name            : gnu-efi-libs
+Version         : 3.0.11-2
+Description     : Library for building UEFI Applications using GNU toolchain
+Architecture    : x86_64
+URL             : https://sourceforge.net/projects/gnu-efi/
+Licenses        : GPL
+Groups          : None
+Provides        : None
+Depends On      : None
+Optional Deps   : None
+Required By     : None
+Optional For    : None
+Conflicts With  : None
+Replaces        : None
+Installed Size  : 1943.01 KiB
+Packager        : Felix Yan <felixonmars@archlinux.org>
+Build Date      : Sat 16 May 2020 12:57:49 PM CEST
+Install Date    : Tue 19 May 2020 03:12:17 PM CEST
+Install Reason  : Explicitly installed
+Install Script  : No
+Validated By    : Signature
+
+[q@propc:~]$ pacman -Q --info gcc
+Name            : gcc
+Version         : 10.1.0-1
+Description     : The GNU Compiler Collection - C and C++ frontends
+Architecture    : x86_64
+URL             : https://gcc.gnu.org
+Licenses        : GPL  LGPL  FDL  custom
+Groups          : base-devel
+Provides        : gcc-multilib
+Depends On      : gcc-libs=10.1.0-1  binutils>=2.28  libmpc
+Optional Deps   : lib32-gcc-libs: for generating code for 32-bit ABI [installed]
+Required By     : clang  dkms
+Optional For    : clion  xorg-xrdb
+Conflicts With  : None
+Replaces        : gcc-multilib
+Installed Size  : 147.19 MiB
+Packager        : Bartłomiej Piotrowski <bpiotrowski@archlinux.org>
+Build Date      : Fri 08 May 2020 01:14:50 PM CEST
+Install Date    : Sat 16 May 2020 02:55:54 PM CEST
+Install Reason  : Explicitly installed
+Install Script  : No
+Validated By    : Signature
+
+[q@propc:~]$
+```
+
 ## Usage
 In order to use the efi-memory driver, you need to load it. First, obtain a copy of memory.efi ([compile it](https://github.com/SamuelTulach/efi-memory#compiling) or [download it from release section](https://github.com/SamuelTulach/efi-memory/releases)) and a copy of [EDK2 efi shell](https://github.com/tianocore/edk2/releases). Now follow these steps:

@@ -37,22 +89,22 @@ In order to use the efi-memory driver, you need to load it. First, obtain a copy
 2. Format some USB drive to FAT32
 3. Create following folder structure:
 ```
-  USB:.
-   │   memory.efi
-   │
-   └───EFI
-        └───Boot
-                bootx64.efi
+USB:.
+ │   memory.efi
+ │
+ └───EFI
+      └───Boot
+              bootx64.efi
 ```
 4. Boot from the USB drive
 5. An UEFI shell should start, change directory to your USB (FS0 should be the USB since we are booting from it) and list files:
 ```
-    FS0:
-    ls
+FS0:
+ls
 ```
 6. You should see file memory.efi, if you do, load it:
 ```
-    load memory.efi
+load memory.efi
 ```
 7. Now there should be a nice efi-memory ascii logo printed in your UEFI shell. If there is, the driver was loaded successfuly. If that is the case, type `exit` to start standard boot procedure (while Windows is booting the screen should go blue with confirmation text)

--- a/client/efi-mapper/kdmapper/efi_driver.cpp
+++ b/client/efi-mapper/kdmapper/efi_driver.cpp
@@ -41,8 +41,13 @@ bool efi_driver::MemCopy(HANDLE device_handle, uint64_t destination, uint64_t so
 	MemoryCommand* cmd = new MemoryCommand();
 	cmd->operation = 0;
 	cmd->magic = COMMAND_MAGIC;
-	cmd->data1 = destination;
-	cmd->data2 = source;
+	
+	uintptr_t data[10];
+	data[0] = destination;
+	data[1] = source;
+
+	memcpy(&cmd->data, &data[0], sizeof(data));
+
 	cmd->size = (int)size;

 	SendCommand(cmd);
@@ -82,8 +87,19 @@ uint64_t efi_driver::AllocatePool(HANDLE device_handle, nt::POOL_TYPE pool_type,

 	uint64_t allocated_pool = 0;

-	if (!CallKernelFunction(device_handle, &allocated_pool, kernel_ExAllocatePool, pool_type, size))
-		return 0;
+	MemoryCommand* cmd = new MemoryCommand();
+	cmd->operation = 1;
+	cmd->magic = COMMAND_MAGIC;
+
+	uintptr_t data[10];
+	data[0] = kernel_ExAllocatePool;
+	data[1] = pool_type;
+	data[2] = size;
+	data[3] = (uintptr_t)&allocated_pool;
+
+	memcpy(&cmd->data, &data[0], sizeof(data));
+
+	SendCommand(cmd);

 	return allocated_pool;
 }
@@ -98,7 +114,19 @@ bool efi_driver::FreePool(HANDLE device_handle, uint64_t address)
 	if (!kernel_ExFreePool)
 		kernel_ExFreePool = GetKernelModuleExport(device_handle, utils::GetKernelModuleAddress("ntoskrnl.exe"), "ExFreePool");

-	return CallKernelFunction<void>(device_handle, nullptr, kernel_ExFreePool, address);
+	MemoryCommand* cmd = new MemoryCommand();
+	cmd->operation = 2;
+	cmd->magic = COMMAND_MAGIC;
+
+	uintptr_t data[10];
+	data[0] = kernel_ExFreePool;
+	data[1] = address;
+
+	memcpy(&cmd->data, &data[0], sizeof(data));
+
+	SendCommand(cmd);
+
+	return true; // yolo?
 }

 uint64_t efi_driver::GetKernelModuleExport(HANDLE device_handle, uint64_t kernel_module_base, const std::string & function_name)
@@ -193,6 +221,36 @@ bool efi_driver::GetNtGdiDdDDIReclaimAllocations2KernelInfo(HANDLE device_handle
 	return true;
 }

+bool efi_driver::GetNtGdiGetCOPPCompatibleOPMInformationInfo(HANDLE device_handle, uint64_t* out_kernel_function_ptr, uint8_t* out_kernel_original_bytes)
+{
+	// 48ff2551d81f00   jmp	cs:__imp_NtGdiGetCOPPCompatibleOPMInformation
+	// cccccccccc       padding
+
+	static uint64_t kernel_function_ptr = 0;
+	static uint8_t kernel_original_jmp_bytes[12] = { 0 };
+
+	if (!kernel_function_ptr || kernel_original_jmp_bytes[0] == 0)
+	{
+		const uint64_t kernel_NtGdiGetCOPPCompatibleOPMInformation = GetKernelModuleExport(device_handle, utils::GetKernelModuleAddress("win32kfull.sys"), "NtGdiGetCOPPCompatibleOPMInformation");
+
+		if (!kernel_NtGdiGetCOPPCompatibleOPMInformation)
+		{
+			std::cout << "[-] Failed to get export win32kfull.NtGdiGetCOPPCompatibleOPMInformation" << std::endl;
+			return false;
+		}
+
+		kernel_function_ptr = kernel_NtGdiGetCOPPCompatibleOPMInformation;
+
+		if (!ReadMemory(device_handle, kernel_function_ptr, kernel_original_jmp_bytes, sizeof(kernel_original_jmp_bytes)))
+			return false;
+	}
+
+	*out_kernel_function_ptr = kernel_function_ptr;
+	memcpy(out_kernel_original_bytes, kernel_original_jmp_bytes, sizeof(kernel_original_jmp_bytes));
+
+	return true;
+}
+
 bool efi_driver::ClearMmUnloadedDrivers(HANDLE device_handle)
 {
 	ULONG buffer_size = 0;
--- a/client/efi-mapper/kdmapper/efi_driver.hpp
+++ b/client/efi-mapper/kdmapper/efi_driver.hpp
@@ -14,8 +14,7 @@ namespace efi_driver
 	{
 		int magic;
 		int operation;
-		unsigned long long data1;
-		unsigned long long data2;
+		unsigned long long data[10];
 		int size;
 	} MemoryCommand;

@@ -45,69 +44,6 @@ namespace efi_driver
 	bool FreePool(HANDLE device_handle, uint64_t address);
 	uint64_t GetKernelModuleExport(HANDLE device_handle, uint64_t kernel_module_base, const std::string& function_name);
 	bool GetNtGdiDdDDIReclaimAllocations2KernelInfo(HANDLE device_handle, uint64_t* out_kernel_function_ptr, uint64_t* out_kernel_original_function_address);
+	bool GetNtGdiGetCOPPCompatibleOPMInformationInfo(HANDLE device_handle, uint64_t* out_kernel_function_ptr, uint8_t* out_kernel_original_bytes);
 	bool ClearMmUnloadedDrivers(HANDLE device_handle);
-
-	template<typename T, typename ...A>
-	bool CallKernelFunction(HANDLE device_handle, T* out_result, uint64_t kernel_function_address, const A ...arguments)
-	{
-		constexpr auto call_void = std::is_same_v<T, void>;
-
-		if constexpr (!call_void)
-		{
-			if (!out_result)
-				return false;
-		}
-		else
-		{
-			UNREFERENCED_PARAMETER(out_result);
-		}
-
-		if (!kernel_function_address)
-			return false;
-
-		// Setup function call 
-
-		const auto NtGdiDdDDIReclaimAllocations2 = reinterpret_cast<void*>(GetProcAddress(LoadLibrary("gdi32full.dll"), "NtGdiDdDDIReclaimAllocations2"));
-
-		if (!NtGdiDdDDIReclaimAllocations2)
-		{
-			std::cout << "[-] Failed to get export gdi32full.NtGdiDdDDIReclaimAllocations2" << std::endl;
-			return false;
-		}
-
-		// Get function pointer (@win32kbase!gDxgkInterface table) used by NtGdiDdDDIReclaimAllocations2 and save the original address (dxgkrnl!DxgkReclaimAllocations2)
-
-		uint64_t kernel_function_ptr = 0;
-		uint64_t kernel_original_function_address = 0;
-
-		if (!GetNtGdiDdDDIReclaimAllocations2KernelInfo(device_handle, &kernel_function_ptr, &kernel_original_function_address))
-			return false;
-
-		// Overwrite the pointer with kernel_function_address
-
-		if (!WriteMemory(device_handle, kernel_function_ptr, &kernel_function_address, sizeof(kernel_function_address)))
-			return false;
-
-		// Call function 
-
-		if constexpr (!call_void)
-		{
-			using FunctionFn = T(__stdcall*)(A...);
-			const auto Function = static_cast<FunctionFn>(NtGdiDdDDIReclaimAllocations2);
-
-			*out_result = Function(arguments...);
-		}
-		else
-		{
-			using FunctionFn = void(__stdcall*)(A...);
-			const auto Function = static_cast<FunctionFn>(NtGdiDdDDIReclaimAllocations2);
-
-			Function(arguments...);
-		}
-
-		// Restore the pointer
-
-		WriteMemory(device_handle, kernel_function_ptr, &kernel_original_function_address, sizeof(kernel_original_function_address));
-		return true;
-	}
-}
+}
--- a/client/efi-mapper/kdmapper/kdmapper.cpp
+++ b/client/efi-mapper/kdmapper/kdmapper.cpp
@@ -79,18 +79,23 @@ uint64_t kdmapper::MapDriver(HANDLE iqvw64e_device_handle, const std::string& dr

 		std::cout << "[<] Calling DriverEntry 0x" << reinterpret_cast<void*>(address_of_entry_point) << std::endl;

-		NTSTATUS status = 0;
+		long status = 0; // NTSTATUS

-		if (!efi_driver::CallKernelFunction(iqvw64e_device_handle, &status, address_of_entry_point))
-		{
-			std::cout << "[-] Failed to call driver entry" << std::endl;
-			break;
-		}
+		efi_driver::MemoryCommand* cmd = new efi_driver::MemoryCommand();
+		cmd->operation = 5;
+		cmd->magic = COMMAND_MAGIC;
+
+		uintptr_t data[10];
+		data[0] = address_of_entry_point;
+		data[1] = (uintptr_t)&status;
+
+		memcpy(&cmd->data, &data[0], sizeof(data));
+
+		efi_driver::SendCommand(cmd);

 		std::cout << "[+] DriverEntry returned 0x" << std::hex << std::setw(8) << std::setfill('0') << std::uppercase << status << std::nouppercase << std::dec << std::endl;

 		// Erase PE headers
-
 		efi_driver::SetMemory(iqvw64e_device_handle, kernel_image_base, 0, nt_headers->OptionalHeader.SizeOfHeaders);
 		return kernel_image_base;

--- a/client/efi-mapper/kdmapper/kdmapper.vcxproj
+++ b/client/efi-mapper/kdmapper/kdmapper.vcxproj
@@ -1,141 +1,144 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Debug|Win32">
-      <Configuration>Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|Win32">
-      <Configuration>Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|x64">
-      <Configuration>Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|x64">
-      <Configuration>Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <PropertyGroup Label="Globals">
-    <VCProjectVersion>15.0</VCProjectVersion>
-    <ProjectGuid>{518E0636-BA8F-459D-ACAC-81BD33475E3E}</ProjectGuid>
-    <RootNamespace>kdmapper</RootNamespace>
-    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
-    <CharacterSet>MultiByte</CharacterSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-    <CharacterSet>MultiByte</CharacterSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseDebugLibraries>true</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
-    <CharacterSet>MultiByte</CharacterSet>
-    <SpectreMitigation>false</SpectreMitigation>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseDebugLibraries>false</UseDebugLibraries>
-    <PlatformToolset>v142</PlatformToolset>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-    <CharacterSet>MultiByte</CharacterSet>
-    <SpectreMitigation>false</SpectreMitigation>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  <ImportGroup Label="ExtensionSettings">
-  </ImportGroup>
-  <ImportGroup Label="Shared">
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <PropertyGroup Label="UserMacros" />
-  <PropertyGroup />
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <ClCompile>
-      <WarningLevel>Level3</WarningLevel>
-      <Optimization>Disabled</Optimization>
-      <SDLCheck>true</SDLCheck>
-      <ConformanceMode>true</ConformanceMode>
-    </ClCompile>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <ClCompile>
-      <WarningLevel>Level4</WarningLevel>
-      <SDLCheck>true</SDLCheck>
-      <ConformanceMode>true</ConformanceMode>
-      <LanguageStandard>stdcpp17</LanguageStandard>
-      <TreatWarningAsError>false</TreatWarningAsError>
-    </ClCompile>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <ClCompile>
-      <WarningLevel>Level3</WarningLevel>
-      <Optimization>MaxSpeed</Optimization>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <SDLCheck>true</SDLCheck>
-      <ConformanceMode>true</ConformanceMode>
-    </ClCompile>
-    <Link>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <OptimizeReferences>true</OptimizeReferences>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <ClCompile>
-      <WarningLevel>Level4</WarningLevel>
-      <Optimization>MaxSpeed</Optimization>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <SDLCheck>true</SDLCheck>
-      <ConformanceMode>true</ConformanceMode>
-      <TreatWarningAsError>true</TreatWarningAsError>
-      <LanguageStandard>stdcpp17</LanguageStandard>
-    </ClCompile>
-    <Link>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <OptimizeReferences>true</OptimizeReferences>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemGroup>
-    <ClCompile Include="efi_driver.cpp" />
-    <ClCompile Include="main.cpp" />
-    <ClCompile Include="kdmapper.cpp" />
-    <ClCompile Include="portable_executable.cpp" />
-    <ClCompile Include="service.cpp" />
-    <ClCompile Include="utils.cpp" />
-  </ItemGroup>
-  <ItemGroup>
-    <ClInclude Include="efi_driver.hpp" />
-    <ClInclude Include="kdmapper.hpp" />
-    <ClInclude Include="nt.hpp" />
-    <ClInclude Include="portable_executable.hpp" />
-    <ClInclude Include="service.hpp" />
-    <ClInclude Include="utils.hpp" />
-  </ItemGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-  <ImportGroup Label="ExtensionTargets">
-  </ImportGroup>
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>15.0</VCProjectVersion>
+    <ProjectGuid>{518E0636-BA8F-459D-ACAC-81BD33475E3E}</ProjectGuid>
+    <RootNamespace>kdmapper</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>MultiByte</CharacterSet>
+    <SpectreMitigation>false</SpectreMitigation>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>MultiByte</CharacterSet>
+    <SpectreMitigation>false</SpectreMitigation>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup />
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <SDLCheck>true</SDLCheck>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level4</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <ConformanceMode>true</ConformanceMode>
+      <LanguageStandard>stdcpp17</LanguageStandard>
+      <TreatWarningAsError>false</TreatWarningAsError>
+    </ClCompile>
+    <Link>
+      <AdditionalDependencies>version.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <ConformanceMode>true</ConformanceMode>
+    </ClCompile>
+    <Link>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level4</WarningLevel>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <ConformanceMode>true</ConformanceMode>
+      <TreatWarningAsError>true</TreatWarningAsError>
+      <LanguageStandard>stdcpp17</LanguageStandard>
+    </ClCompile>
+    <Link>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="efi_driver.cpp" />
+    <ClCompile Include="main.cpp" />
+    <ClCompile Include="kdmapper.cpp" />
+    <ClCompile Include="portable_executable.cpp" />
+    <ClCompile Include="service.cpp" />
+    <ClCompile Include="utils.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="efi_driver.hpp" />
+    <ClInclude Include="kdmapper.hpp" />
+    <ClInclude Include="nt.hpp" />
+    <ClInclude Include="portable_executable.hpp" />
+    <ClInclude Include="service.hpp" />
+    <ClInclude Include="utils.hpp" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
 </Project>
--- a/client/efi-mapper/kdmapper/main.cpp
+++ b/client/efi-mapper/kdmapper/main.cpp
@@ -1,7 +1,7 @@
 #include "kdmapper.hpp"

 int main(const int argc, char** argv)
-{
+{	
 	if (argc != 2 || std::filesystem::path(argv[1]).extension().string().compare(".sys"))
 	{
 		std::cout << "[-] Incorrect usage" << std::endl;
--- a/client/efi-mapper/kdmapper/portable_executable.cpp
+++ b/client/efi-mapper/kdmapper/portable_executable.cpp
@@ -23,6 +23,7 @@ portable_executable::vec_relocs portable_executable::GetRelocs(void* image_base)
 		return {};

 	vec_relocs relocs;
+	return relocs; // gonna probably kill me for this but for some reason drivers without reallocation seems falsely reporting some shit memory regions causing mapper to crash

 	auto current_base_relocation = reinterpret_cast<PIMAGE_BASE_RELOCATION>(reinterpret_cast<uint64_t>(image_base) + nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress);
 	const auto reloc_end = reinterpret_cast<uint64_t>(current_base_relocation) + nt_headers->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].Size;
--- a/driver/LICENSE.md
+++ b/driver/LICENSE.md
@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2020 Samuel Tulach
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
--- a/driver/LICENSE.txt
+++ b/driver/LICENSE.txt
@@ -0,0 +1,15 @@
+Copyright (c) 2020 Samuel Tulach (@SamuelTulach)
+Copyright (c) 2019 Matthijs Lavrijsen (@Mattiwatti)
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.
--- a/driver/main.c
+++ b/driver/main.c
@@ -2,6 +2,8 @@
 // instead of SysV ABI, we now have to do transitions
 // GNU-EFI has a functionality for this (thanks god)
 #define GNU_EFI_USE_MS_ABI 1
+#define stdcall __attribute__((stdcall)) // wHy NoT tO jUsT uSe MsVc
+#define fastcall __attribute__((fastcall))

 // Mandatory defines
 #include <efi.h>
@@ -42,11 +44,17 @@ typedef struct _MemoryCommand
 {
    int magic;
    int operation;
-    unsigned long long data1;
-    unsigned long long data2;
+    unsigned long long data[10];
    int size;
 } MemoryCommand;

+// Functions (Windows only)
+typedef uintptr_t (stdcall *ExAllocatePool)(int type, uintptr_t size);
+typedef void (stdcall *ExFreePool)(uintptr_t address);
+typedef void (stdcall *StandardFuncStd)();
+typedef void (fastcall *StandardFuncFast)();
+typedef unsigned long (stdcall *DriverEntry)(void* driver, void* registry);
+
 // Function that actually performs the r/w
 EFI_STATUS
 RunCommand(MemoryCommand* cmd) 
@@ -62,10 +70,60 @@ RunCommand(MemoryCommand* cmd)
    if (cmd->operation == 0) 
    {
        // Same as memcpy function
-        CopyMem(cmd->data1, cmd->data2, cmd->size);    
+        CopyMem(cmd->data[0], cmd->data[1], cmd->size);    
+
        return EFI_SUCCESS;
    }

+    // Call ExAllocatePool
+    if (cmd->operation == 1) 
+    {
+        void* function = cmd->data[0]; // Pointer to the function (supplied by client)
+        ExAllocatePool exalloc = (ExAllocatePool)function;
+        int temp = cmd->data[1]; // gcc you ok?
+        uintptr_t allocbase = exalloc(temp, cmd->data[2]);
+        *(uintptr_t*)cmd->data[3] = allocbase;
+    }
+
+    // Call ExFreePool
+    if (cmd->operation == 2) 
+    {
+        void* function = cmd->data[0];
+        ExFreePool exfree = (ExFreePool)function;
+        exfree(cmd->data[1]);
+    }
+
+    // Call any void function (__stdcall)
+    if (cmd->operation == 3) 
+    {
+        void* function = cmd->data[0];
+        StandardFuncStd stand = (StandardFuncStd)function;
+        stand();
+    }
+
+    // Call any void function (__fastcall)
+    if (cmd->operation == 4) 
+    {
+        void* function = cmd->data[0];
+        StandardFuncFast stand = (StandardFuncFast)function;
+        stand();
+    }
+
+    // Call driver entry
+    if (cmd->operation == 5) 
+    {
+        void* function = cmd->data[0];
+        DriverEntry entry = (DriverEntry)function;
+        
+        // gcc compiles long as 8 byte
+        // msvc compiles long as 4 byte
+        // we are gonna use int
+        // you can't even imagine how long I was fking 
+        // with this
+        int status = entry(0, 0);
+        *(int*)cmd->data[1] = status;
+    }
+
    // Invalid command
    return EFI_UNSUPPORTED;
 }
@@ -249,7 +307,7 @@ efi_main(IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable)
                                TPL_NOTIFY,
                                SetVirtualAddressMapEvent,
                                NULL,
-                                VirtualGuid,
+                                &VirtualGuid,
                                &NotifyEvent);

    // Return if event create failed
@@ -264,7 +322,7 @@ efi_main(IN EFI_HANDLE ImageHandle, IN EFI_SYSTEM_TABLE *SystemTable)
                                TPL_NOTIFY,
                                ExitBootServicesEvent,
                                NULL,
-                                ExitGuid,
+                                &ExitGuid,
                                &ExitEvent);

    // Return if event create failed (yet again)
--- a/update.sh
+++ b/update.sh
Author	SHA1	Message	Date
Samuel Tulach	cd25c7a78e	Update README.md	2020-05-31 11:27:06 +02:00
Samuel Tulach	047bab3029	Update README.md	2020-05-31 11:25:38 +02:00
Samuel Tulach	01f195eae4	Update README.md	2020-05-31 11:25:08 +02:00
Samuel Tulach	7a7af25f13	Update README.md	2020-05-06 15:45:52 +02:00
Samuel Tulach	b216b24b8d	Wed 29 Apr 2020 03:51:40 PM CEST	2020-04-29 15:51:40 +02:00
Samuel Tulach	131720686f	Update README.md	2020-04-15 16:33:36 +02:00
Samuel Tulach	42ccfaabe1	Update README.md	2020-04-15 16:33:13 +02:00
Samuel Tulach	75564152c2	Rename LICENSE.md to LICENSE.txt	2020-04-15 16:32:18 +02:00
Samuel Tulach	98b9b91bce	Update LICENSE.md	2020-04-15 16:32:09 +02:00