More stuff

2025-09-03 23:47:25 +00:00 · 2022-04-17 11:51:31 +02:00
parent 4b06fcbd70
commit 378c52eb47
4 changed files with 33 additions and 12 deletions
--- a/src/driver/ept.cpp
+++ b/src/driver/ept.cpp
@@ -425,6 +425,9 @@ namespace vmx
 		{
 			if (hook->target_page->flags == hook->original_entry.flags)
 			{
+				const auto* data_source = translation_hint ? &translation_hint->page[0] : virtual_target;
+				memcpy(&hook->fake_page[0], data_source, PAGE_SIZE);
+
 				hook->target_page->flags = hook->readwrite_entry.flags;
 			}

@@ -441,7 +444,6 @@ namespace vmx
 		this->split_large_page(physical_address);

 		const auto* data_source = translation_hint ? &translation_hint->page[0] : virtual_target;
-
 		memcpy(&hook->fake_page[0], data_source, PAGE_SIZE);
 		hook->physical_base_address = physical_base_address;

@@ -516,7 +518,7 @@ namespace vmx
 		auto current_destination = reinterpret_cast<uint64_t>(destination);
 		auto current_length = length;

-		 ept_translation_hint* current_hints = nullptr;
+		ept_translation_hint* current_hints = nullptr;

 		auto destructor = utils::finally([&current_hints]()
 		{
@@ -531,7 +533,7 @@ namespace vmx
 			const auto data_to_write = min(page_remaining, current_length);

 			auto* new_hint = memory::allocate_non_paged_object<ept_translation_hint>();
-			if(!new_hint)
+			if (!new_hint)
 			{
 				throw std::runtime_error("Failed to allocate hint");
 			}
@@ -541,12 +543,12 @@ namespace vmx
 			current_hints->virtual_base_address = aligned_destination;
 			current_hints->physical_base_address = memory::get_physical_address(aligned_destination);

-			if(!current_hints->physical_base_address)
+			if (!current_hints->physical_base_address)
 			{
 				throw std::runtime_error("Failed to resolve physical address");
 			}

-			memcpy(&current_hints->page[0], aligned_destination, PAGE_SIZE);			
+			memcpy(&current_hints->page[0], aligned_destination, PAGE_SIZE);

 			current_length -= data_to_write;
 			current_destination += data_to_write;
--- a/src/driver/irp.cpp
+++ b/src/driver/irp.cpp
@@ -41,7 +41,7 @@ namespace
 	void apply_hook(const hook_request* request)
 	{
 		auto* buffer = new uint8_t[request->source_data_size];
-		if(!buffer)
+		if (!buffer)
 		{
 			throw std::runtime_error("Failed to copy buffer");
 		}
@@ -80,17 +80,27 @@ namespace

 		t.join();

-		if(!translation_hints)
+		if (!translation_hints)
 		{
 			debug_log("Failed to generate tranlsation hints");
 			return;
 		}

-		hypervisor::get_instance()->install_ept_hook(request->target_address, buffer, request->source_data_size, translation_hints);
+		hypervisor::get_instance()->install_ept_hook(request->target_address, buffer, request->source_data_size,
+		                                             translation_hints);

 		debug_log("Done1\n");
 	}

+	void unhook()
+	{
+		const auto instance = hypervisor::get_instance();
+		if(instance)
+		{
+			instance->disable_all_ept_hooks();
+		}
+	}
+
 	_Function_class_(DRIVER_DISPATCH) NTSTATUS io_ctl_handler(
 		PDEVICE_OBJECT /*device_object*/, const PIRP irp)
 	{
@@ -113,6 +123,9 @@ namespace
 			case HOOK_DRV_IOCTL:
 				apply_hook(static_cast<hook_request*>(irp_sp->Parameters.DeviceIoControl.Type3InputBuffer));
 				break;
+			case UNHOOK_DRV_IOCTL:
+				unhook();
+				break;
 			default:
 				debug_log("Invalid IOCTL Code: 0x%X\n", ioctr_code);
 				irp->IoStatus.Status = STATUS_INVALID_DEVICE_REQUEST;