Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optimize on Windows x64 21H2 #3

Open
BatchClayderman opened this issue Jul 29, 2022 · 6 comments
Open

Optimize on Windows x64 21H2 #3

BatchClayderman opened this issue Jul 29, 2022 · 6 comments

Comments

@BatchClayderman
Copy link

BatchClayderman commented Jul 29, 2022
edited
Loading

Hello, World!
I have tested the driver on Windows 10 21H2 x64.
Here is a suggestion.

Function ExAllocatePoolWithTag() is used in ProcessReference.cpp and handle.cpp.
When I use the EXE file to ask the driver to delete a file, it leads to BSOD.
There are two reasons for that, from my perspective.

  1. ExAllocatePoolWithTag should be replaced by ExAllocatePool2.
  2. The vars "m_apc_state" and "handles_pool" should be checked whether it is NULL after allocating.

Thus, I made some changes shown as follows.

ProcessReference.cpp:

NTSTATUS ProcessReference::init(size_t pid, bool attach)
{
	CHECK(PsLookupProcessByProcessId(reinterpret_cast<HANDLE>(pid), &m_process));
	m_attach = attach;
	if (attach)
	{
		m_apc_state = (KAPC_STATE*)ExAllocatePool2(NonPagedPool, sizeof(KAPC_STATE), '2cba');
		if (NULL == m_apc_state)
			m_apc_state = (KAPC_STATE*)ExAllocatePoolZero(NonPagedPool, sizeof(KAPC_STATE), '2cba');
		if (NULL == m_apc_state)
			return STATUS_MEMORY_NOT_ALLOCATED;
		KeStackAttachProcess(m_process, m_apc_state);
	}
	return STATUS_SUCCESS;
}

handle.cpp:

SYSTEM_HANDLE_INFORMATION* get_all_handles()
{
    size_t handles_allocation_size = 0;
    PVOID handles_pool = nullptr;

    for (;;)
    {
        handles_allocation_size += 0x10000;
        handles_pool = ExAllocatePool2(PagedPool, handles_allocation_size, '1cba');
        if (NULL == handles_pool)
            handles_pool = ExAllocatePoolZero(PagedPool, handles_allocation_size, '1cba');

        auto status = ZwQuerySystemInformation(SystemHandleInformation, handles_pool, (ULONG)handles_allocation_size, nullptr);
        if (status == STATUS_INFO_LENGTH_MISMATCH && NULL != handles_pool)
            ExFreePool(handles_pool);
        else
            break;
    }
    return (SYSTEM_HANDLE_INFORMATION*)handles_pool;
}

Thanks for your hard work and helpful codes.
@BatchClayderman BatchClayderman changed the title Optimize on 21H2 Optimize on Windows x64 21H2 Jul 29, 2022
@Rhydon1337
Copy link
Owner

Hi, it seems very cool.
Would you like to create a pull request?

@BatchClayderman
Copy link
Author

A pull request has been created.
As this is my first time creating a pull request, if you couldn't see it, please tell me.
Please only be concerned about the two ".cpp" files mentioned above.
Thanks & Regards.

@Rhydon1337
Copy link
Owner

I can't see it :)

@BatchClayderman
Copy link
Author

I have no access to make a pull request on this issue.
Could you mind your obtaining the related access to me?

@Rhydon1337
Copy link
Owner

As far as I know, everyone with read permission can create pull requests. Are you sure you are doing it right?

@BatchClayderman BatchClayderman mentioned this issue Jul 29, 2022
Open
@BatchClayderman
Copy link
Author

I have tried it again. It might be seen now.
Sorry for taking up for your time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Rhydon1337 @BatchClayderman