Skip to content

Add Legacy Windows Support using WDK 7.1.0 #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
CE1CECL wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add Legacy Windows Support using WDK 7.1.0 #7

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -360,4 +360,11 @@ MigrationBackup/
.ionide/

# Fody - auto-generated XML schema
FodyWeavers.xsd
FodyWeavers.xsd

# (Manually Added By: Christopher Lentocha)
# (Hopefully) Disable Windows 7.1.0 WDK (Windows Driver Kit) Compiled/Binary Files

obj*_*_*/
*/obj*_*_*/

2 changes: 2 additions & 0 deletions NoMoreBugCheck/MAKEFILE
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
!INCLUDE $(NTMAKEENV)\makefile.def

44 changes: 43 additions & 1 deletion NoMoreBugCheck/NoMoreBugCheck.vcxproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,17 +147,59 @@
<ClCompile>
<TreatWarningAsError>false</TreatWarningAsError>
</ClCompile>
<DriverSign>
<FileDigestAlgorithm>sha256</FileDigestAlgorithm>
</DriverSign>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<TreatWarningAsError>false</TreatWarningAsError>
</ClCompile>
<DriverSign>
<FileDigestAlgorithm>sha256</FileDigestAlgorithm>
</DriverSign>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
<ClCompile>
<TreatWarningAsError>false</TreatWarningAsError>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
<ClCompile>
<TreatWarningAsError>false</TreatWarningAsError>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
<ClCompile>
<TreatWarningAsError>false</TreatWarningAsError>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
<ClCompile>
<TreatWarningAsError>false</TreatWarningAsError>
</ClCompile>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<TreatWarningAsError>false</TreatWarningAsError>
</ClCompile>
<DriverSign>
<FileDigestAlgorithm>sha256</FileDigestAlgorithm>
</DriverSign>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<TreatWarningAsError>false</TreatWarningAsError>
</ClCompile>
<DriverSign>
<FileDigestAlgorithm>sha256</FileDigestAlgorithm>
</DriverSign>
</ItemDefinitionGroup>
<ItemGroup>
<FilesToPackage Include="$(TargetPath)" />
</ItemGroup>
<ItemGroup>
<ClCompile Include="driver.c" />
<ClCompile Include="driver.cpp" />
</ItemGroup>
<ItemGroup>
<None Include=".clang-format" />
Expand Down
2 changes: 1 addition & 1 deletion NoMoreBugCheck/NoMoreBugCheck.vcxproj.filters
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="driver.c">
<ClCompile Include="driver.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
Expand Down
100 changes: 0 additions & 100 deletions NoMoreBugCheck/driver.c
View file
Open in desktop

This file was deleted.

102 changes: 102 additions & 0 deletions NoMoreBugCheck/driver.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
#include <ntddk.h>

CHAR KeBugCheckExOrignalBytes[14] = {0};
ULONG_PTR KeBugCheckExAddress;

extern "C" {
NTSTATUS Overwrite(PVOID Address, PVOID Data, ULONG Size) {
PHYSICAL_ADDRESS PhysAddress = MmGetPhysicalAddress(Address);
PVOID MappedAddress = MmMapIoSpace(PhysAddress, Size, MmNonCached);

if (MappedAddress == NULL)
return STATUS_INSUFFICIENT_RESOURCES;

RtlCopyMemory(MappedAddress, Data, Size);
MmUnmapIoSpace(MappedAddress, Size);
return STATUS_SUCCESS;
}

VOID KeHookedBugCheckEx(ULONG BugCheckCode, ULONG_PTR Code1, ULONG_PTR Code2,
ULONG_PTR Code3, ULONG_PTR Code4) {
DbgPrint("[*] KeBugCheckEx was called by Process %d, thread id %d\n", PsGetCurrentProcessId(), PsGetCurrentThreadId());
DbgPrint("[*] KeBugCheckEx(0x%llx, 0x%llx, 0x%llx, 0x%llx)\n", BugCheckCode,
Code1, Code2, Code3, Code4);
LARGE_INTEGER Delay;

Delay.LowPart = 0;
Delay.HighPart = 0x80000000;

KeDelayExecutionThread(KernelMode, FALSE, &Delay);
}


VOID DriverUnload(PDRIVER_OBJECT DriverObject) {
UNREFERENCED_PARAMETER(DriverObject);
NTSTATUS Status = Overwrite((PVOID)KeBugCheckExAddress, (PVOID)KeBugCheckExOrignalBytes, 14);

if (Status != STATUS_SUCCESS)
DbgPrint("[!] Failed to restore the orignal KeBugCheckEx function\n");
else
DbgPrint("[+] Successfully restored the orignal KeBugCheckEx function\n");

DbgPrint("[*] Goodbye Cruel World\n");
}

NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject,
PUNICODE_STRING RegistryPath) {
UNREFERENCED_PARAMETER(RegistryPath);

DriverObject->DriverUnload = DriverUnload;

KeBugCheckExAddress = (ULONG_PTR)KeBugCheckEx;

DbgPrint("[*] Hello World\n");
DbgPrint("[*] KeBugCheckEx located at 0x%llx\n", KeBugCheckExAddress);
DbgPrint("[*] KeHookedBugCheckEx located at 0x%llx\n", KeHookedBugCheckEx);
RtlCopyMemory(KeBugCheckExOrignalBytes, (PVOID)KeBugCheckExAddress, 14);

if (KeBugCheckExOrignalBytes[0])
DbgPrint("[+] Copied over KeBugCheckEx\n");
else {
DbgPrint("[!] Failed to copy\n");
return STATUS_FAILED_DRIVER_ENTRY;
}

for (INT i = 0; i < 14; i++)
DbgPrint("[*] KeBugCheckExOrignalBytes[%d]: 0x%x\n", i,
KeBugCheckExOrignalBytes[i] & 0xff);

#if defined(_M_IX86) || defined(_M_X64)
CHAR Patch[] = {
0x49, 0xba, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, // mov r10, address
0x41, 0xff, 0xe2 // jmp r10
};

ULONG_PTR KeHookedBugCheckExAddress = (ULONG_PTR)KeHookedBugCheckEx;
CHAR *KeHookedBugCheckExAddressBytes = (CHAR*)&KeHookedBugCheckExAddress;

RtlCopyMemory(&Patch[2], KeHookedBugCheckExAddressBytes, sizeof(ULONG_PTR));

NTSTATUS Status = Overwrite((PVOID)KeBugCheckExAddress, (PVOID)Patch, sizeof(Patch));

if (Status != STATUS_SUCCESS) {
DbgPrint("[!] Failed to overwrite KeBugCheckEx\n");
return STATUS_FAILED_DRIVER_ENTRY;
}

DbgPrint("[+] Successfully overwrote KeBugCheckEx\n");
#else
DbgPrint("[!] Unknown architecture");
return STATUS_FAILED_DRIVER_ENTRY;
#endif

CHAR Temp[14] = {0};
RtlCopyMemory(Temp, (PVOID)KeBugCheckExAddress, 14);

for (INT i = 0; i < 14; i++)
DbgPrint("[*] KeBugCheckEx[%d]: 0x%x\n", i,
Temp[i] & 0xff);

return STATUS_SUCCESS;
}
}
4 changes: 4 additions & 0 deletions NoMoreBugCheck/sources
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
TARGETNAME=nomorebugcheck
TARGETTYPE=DRIVER
SOURCES=driver.cpp
MSC_WARNING_LEVEL=/W0