From aeee2be3acdff2c0410eed5619b6e2f8fb3901cc Mon Sep 17 00:00:00 2001
From: Christopher Lentocha <christopherericlentocha@gmail.com>
Date: Sat, 7 Dec 2024 03:19:48 -0500
Subject: [PATCH] Add Legacy Windows Support using WDK 7.1.0

Closes Issue: https://github.com/NSG650/NoMoreBugCheck/issues/4

Signed-off-by: Christopher Lentocha <christopherericlentocha@gmail.com>
---
 .gitignore                                    |   9 +-
 NoMoreBugCheck/MAKEFILE                       |   2 +
 NoMoreBugCheck/NoMoreBugCheck.vcxproj         |  44 +++++++-
 NoMoreBugCheck/NoMoreBugCheck.vcxproj.filters |   2 +-
 NoMoreBugCheck/driver.c                       | 100 -----------------
 NoMoreBugCheck/driver.cpp                     | 102 ++++++++++++++++++
 NoMoreBugCheck/sources                        |   4 +
 7 files changed, 160 insertions(+), 103 deletions(-)
 create mode 100644 NoMoreBugCheck/MAKEFILE
 delete mode 100644 NoMoreBugCheck/driver.c
 create mode 100644 NoMoreBugCheck/driver.cpp
 create mode 100644 NoMoreBugCheck/sources

diff --git a/.gitignore b/.gitignore
index 9491a2f..0132c5c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -360,4 +360,11 @@ MigrationBackup/
 .ionide/
 
 # Fody - auto-generated XML schema
-FodyWeavers.xsd
\ No newline at end of file
+FodyWeavers.xsd
+
+# (Manually Added By: Christopher Lentocha)
+# (Hopefully) Disable Windows 7.1.0 WDK (Windows Driver Kit) Compiled/Binary Files
+
+obj*_*_*/
+*/obj*_*_*/
+
diff --git a/NoMoreBugCheck/MAKEFILE b/NoMoreBugCheck/MAKEFILE
new file mode 100644
index 0000000..c0c8314
--- /dev/null
+++ b/NoMoreBugCheck/MAKEFILE
@@ -0,0 +1,2 @@
+!INCLUDE $(NTMAKEENV)\makefile.def
+
diff --git a/NoMoreBugCheck/NoMoreBugCheck.vcxproj b/NoMoreBugCheck/NoMoreBugCheck.vcxproj
index bb54f72..50d44b1 100644
--- a/NoMoreBugCheck/NoMoreBugCheck.vcxproj
+++ b/NoMoreBugCheck/NoMoreBugCheck.vcxproj
@@ -147,17 +147,59 @@
     <ClCompile>
       <TreatWarningAsError>false</TreatWarningAsError>
     </ClCompile>
+    <DriverSign>
+      <FileDigestAlgorithm>sha256</FileDigestAlgorithm>
+    </DriverSign>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <TreatWarningAsError>false</TreatWarningAsError>
     </ClCompile>
+    <DriverSign>
+      <FileDigestAlgorithm>sha256</FileDigestAlgorithm>
+    </DriverSign>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
+    <ClCompile>
+      <TreatWarningAsError>false</TreatWarningAsError>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
+    <ClCompile>
+      <TreatWarningAsError>false</TreatWarningAsError>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
+    <ClCompile>
+      <TreatWarningAsError>false</TreatWarningAsError>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
+    <ClCompile>
+      <TreatWarningAsError>false</TreatWarningAsError>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <TreatWarningAsError>false</TreatWarningAsError>
+    </ClCompile>
+    <DriverSign>
+      <FileDigestAlgorithm>sha256</FileDigestAlgorithm>
+    </DriverSign>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <TreatWarningAsError>false</TreatWarningAsError>
+    </ClCompile>
+    <DriverSign>
+      <FileDigestAlgorithm>sha256</FileDigestAlgorithm>
+    </DriverSign>
   </ItemDefinitionGroup>
   <ItemGroup>
     <FilesToPackage Include="$(TargetPath)" />
   </ItemGroup>
   <ItemGroup>
-    <ClCompile Include="driver.c" />
+    <ClCompile Include="driver.cpp" />
   </ItemGroup>
   <ItemGroup>
     <None Include=".clang-format" />
diff --git a/NoMoreBugCheck/NoMoreBugCheck.vcxproj.filters b/NoMoreBugCheck/NoMoreBugCheck.vcxproj.filters
index 93c6425..aa3146b 100644
--- a/NoMoreBugCheck/NoMoreBugCheck.vcxproj.filters
+++ b/NoMoreBugCheck/NoMoreBugCheck.vcxproj.filters
@@ -19,7 +19,7 @@
     </Filter>
   </ItemGroup>
   <ItemGroup>
-    <ClCompile Include="driver.c">
+    <ClCompile Include="driver.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
   </ItemGroup>
diff --git a/NoMoreBugCheck/driver.c b/NoMoreBugCheck/driver.c
deleted file mode 100644
index 62b78a4..0000000
--- a/NoMoreBugCheck/driver.c
+++ /dev/null
@@ -1,100 +0,0 @@
-#include <ntddk.h>
-
-CHAR KeBugCheckExOrignalBytes[14] = {0};
-ULONG_PTR KeBugCheckExAddress;
-
-NTSTATUS Overwrite(PVOID Address, PVOID Data, ULONG Size) {
-	PHYSICAL_ADDRESS PhysAddress = MmGetPhysicalAddress(Address);
-	PVOID MappedAddress = MmMapIoSpace(PhysAddress, Size, MmNonCached);
-
-	if (MappedAddress == NULL)
-		return STATUS_INSUFFICIENT_RESOURCES;
-
-	RtlCopyMemory(MappedAddress, Data, Size);
-	MmUnmapIoSpace(MappedAddress, Size);
-	return STATUS_SUCCESS;
-}
-
-VOID KeHookedBugCheckEx(ULONG BugCheckCode, ULONG_PTR Code1, ULONG_PTR Code2,
-						ULONG_PTR Code3, ULONG_PTR Code4) {
-	DbgPrint("[*] KeBugCheckEx was called by Process %d, thread id %d\n", PsGetCurrentProcessId(), PsGetCurrentThreadId());
-	DbgPrint("[*] KeBugCheckEx(0x%llx, 0x%llx, 0x%llx, 0x%llx)\n", BugCheckCode,
-			 Code1, Code2, Code3, Code4);
-	LARGE_INTEGER Delay;
-
-	Delay.LowPart = 0;
-	Delay.HighPart = 0x80000000;
-
-	KeDelayExecutionThread(KernelMode, FALSE, &Delay);
-}
-
-
-VOID DriverUnload(PDRIVER_OBJECT DriverObject) {
-	UNREFERENCED_PARAMETER(DriverObject);
-	NTSTATUS Status = Overwrite(KeBugCheckExAddress, (PVOID)KeBugCheckExOrignalBytes, 14);
-
-	if (Status != STATUS_SUCCESS)
-		DbgPrint("[!] Failed to restore the orignal KeBugCheckEx function\n");
-	else
-		DbgPrint("[+] Successfully restored the orignal KeBugCheckEx function\n");
-
-	DbgPrint("[*] Goodbye Cruel World\n");
-}
-
-NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject,
-					 PUNICODE_STRING RegistryPath) {
-	UNREFERENCED_PARAMETER(RegistryPath);
-
-	DriverObject->DriverUnload = DriverUnload;
-
-	KeBugCheckExAddress = (ULONG_PTR)KeBugCheckEx;
-
-	DbgPrint("[*] Hello World\n");
-	DbgPrint("[*] KeBugCheckEx located at 0x%llx\n", KeBugCheckExAddress);
-	DbgPrint("[*] KeHookedBugCheckEx located at 0x%llx\n", KeHookedBugCheckEx);
-	RtlCopyMemory(KeBugCheckExOrignalBytes, KeBugCheckExAddress, 14);
-	
-	if (KeBugCheckExOrignalBytes[0])
-		DbgPrint("[+] Copied over KeBugCheckEx\n");
-	else {
-		DbgPrint("[!] Failed to copy\n");
-		return STATUS_FAILED_DRIVER_ENTRY;
-	}
-
-	for (INT i = 0; i < 14; i++)
-		DbgPrint("[*] KeBugCheckExOrignalBytes[%d]: 0x%x\n", i,
-				 KeBugCheckExOrignalBytes[i] & 0xff);
-
-	#if defined(_M_X64)
-	CHAR Patch[] = {
-	    0x49, 0xba, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, // mov r10, address
-		0x41, 0xff, 0xe2 // jmp r10
-	};
-
-	ULONG_PTR KeHookedBugCheckExAddress = (ULONG_PTR)KeHookedBugCheckEx;
-	CHAR *KeHookedBugCheckExAddressBytes = (CHAR*)&KeHookedBugCheckExAddress;
-
-	RtlCopyMemory(&Patch[2], KeHookedBugCheckExAddressBytes, sizeof(ULONG_PTR));
-
-	NTSTATUS Status = Overwrite(KeBugCheckExAddress, (PVOID)Patch, sizeof(Patch));
-	
-	if (Status != STATUS_SUCCESS) {
-		DbgPrint("[!] Failed to overwrite KeBugCheckEx\n");
-		return STATUS_FAILED_DRIVER_ENTRY;
-	}
-
-	DbgPrint("[+] Successfully overwrote KeBugCheckEx\n");
-	#else
-	DbgPrint("[!] Unknown architecture");
-	return STATUS_FAILED_DRIVER_ENTRY;
-	#endif
-
-	CHAR Temp[14] = {0};
-	RtlCopyMemory(Temp, KeBugCheckExAddress, 14);
-
-	for (INT i = 0; i < 14; i++)
-		DbgPrint("[*] KeBugCheckEx[%d]: 0x%x\n", i,
-				 Temp[i] & 0xff);
-
-	return STATUS_SUCCESS;
-}
\ No newline at end of file
diff --git a/NoMoreBugCheck/driver.cpp b/NoMoreBugCheck/driver.cpp
new file mode 100644
index 0000000..0cbfea0
--- /dev/null
+++ b/NoMoreBugCheck/driver.cpp
@@ -0,0 +1,102 @@
+#include <ntddk.h>
+
+CHAR KeBugCheckExOrignalBytes[14] = {0};
+ULONG_PTR KeBugCheckExAddress;
+
+extern "C" {
+	NTSTATUS Overwrite(PVOID Address, PVOID Data, ULONG Size) {
+		PHYSICAL_ADDRESS PhysAddress = MmGetPhysicalAddress(Address);
+		PVOID MappedAddress = MmMapIoSpace(PhysAddress, Size, MmNonCached);
+
+		if (MappedAddress == NULL)
+			return STATUS_INSUFFICIENT_RESOURCES;
+
+		RtlCopyMemory(MappedAddress, Data, Size);
+		MmUnmapIoSpace(MappedAddress, Size);
+		return STATUS_SUCCESS;
+	}
+
+	VOID KeHookedBugCheckEx(ULONG BugCheckCode, ULONG_PTR Code1, ULONG_PTR Code2,
+							ULONG_PTR Code3, ULONG_PTR Code4) {
+		DbgPrint("[*] KeBugCheckEx was called by Process %d, thread id %d\n", PsGetCurrentProcessId(), PsGetCurrentThreadId());
+		DbgPrint("[*] KeBugCheckEx(0x%llx, 0x%llx, 0x%llx, 0x%llx)\n", BugCheckCode,
+				 Code1, Code2, Code3, Code4);
+		LARGE_INTEGER Delay;
+
+		Delay.LowPart = 0;
+		Delay.HighPart = 0x80000000;
+
+		KeDelayExecutionThread(KernelMode, FALSE, &Delay);
+	}
+
+
+	VOID DriverUnload(PDRIVER_OBJECT DriverObject) {
+		UNREFERENCED_PARAMETER(DriverObject);
+		NTSTATUS Status = Overwrite((PVOID)KeBugCheckExAddress, (PVOID)KeBugCheckExOrignalBytes, 14);
+
+		if (Status != STATUS_SUCCESS)
+			DbgPrint("[!] Failed to restore the orignal KeBugCheckEx function\n");
+		else
+			DbgPrint("[+] Successfully restored the orignal KeBugCheckEx function\n");
+
+		DbgPrint("[*] Goodbye Cruel World\n");
+	}
+
+	NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject,
+						 PUNICODE_STRING RegistryPath) {
+		UNREFERENCED_PARAMETER(RegistryPath);
+
+		DriverObject->DriverUnload = DriverUnload;
+
+		KeBugCheckExAddress = (ULONG_PTR)KeBugCheckEx;
+
+		DbgPrint("[*] Hello World\n");
+		DbgPrint("[*] KeBugCheckEx located at 0x%llx\n", KeBugCheckExAddress);
+		DbgPrint("[*] KeHookedBugCheckEx located at 0x%llx\n", KeHookedBugCheckEx);
+		RtlCopyMemory(KeBugCheckExOrignalBytes, (PVOID)KeBugCheckExAddress, 14);
+		
+		if (KeBugCheckExOrignalBytes[0])
+			DbgPrint("[+] Copied over KeBugCheckEx\n");
+		else {
+			DbgPrint("[!] Failed to copy\n");
+			return STATUS_FAILED_DRIVER_ENTRY;
+		}
+
+		for (INT i = 0; i < 14; i++)
+			DbgPrint("[*] KeBugCheckExOrignalBytes[%d]: 0x%x\n", i,
+					 KeBugCheckExOrignalBytes[i] & 0xff);
+
+		#if defined(_M_IX86) || defined(_M_X64)
+		CHAR Patch[] = {
+			0x49, 0xba, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, // mov r10, address
+			0x41, 0xff, 0xe2 // jmp r10
+		};
+
+		ULONG_PTR KeHookedBugCheckExAddress = (ULONG_PTR)KeHookedBugCheckEx;
+		CHAR *KeHookedBugCheckExAddressBytes = (CHAR*)&KeHookedBugCheckExAddress;
+
+		RtlCopyMemory(&Patch[2], KeHookedBugCheckExAddressBytes, sizeof(ULONG_PTR));
+
+		NTSTATUS Status = Overwrite((PVOID)KeBugCheckExAddress, (PVOID)Patch, sizeof(Patch));
+		
+		if (Status != STATUS_SUCCESS) {
+			DbgPrint("[!] Failed to overwrite KeBugCheckEx\n");
+			return STATUS_FAILED_DRIVER_ENTRY;
+		}
+
+		DbgPrint("[+] Successfully overwrote KeBugCheckEx\n");
+		#else
+		DbgPrint("[!] Unknown architecture");
+		return STATUS_FAILED_DRIVER_ENTRY;
+		#endif
+
+		CHAR Temp[14] = {0};
+		RtlCopyMemory(Temp, (PVOID)KeBugCheckExAddress, 14);
+
+		for (INT i = 0; i < 14; i++)
+			DbgPrint("[*] KeBugCheckEx[%d]: 0x%x\n", i,
+					 Temp[i] & 0xff);
+
+		return STATUS_SUCCESS;
+	}
+}
diff --git a/NoMoreBugCheck/sources b/NoMoreBugCheck/sources
new file mode 100644
index 0000000..b1db656
--- /dev/null
+++ b/NoMoreBugCheck/sources
@@ -0,0 +1,4 @@
+TARGETNAME=nomorebugcheck
+TARGETTYPE=DRIVER
+SOURCES=driver.cpp
+MSC_WARNING_LEVEL=/W0