Future/hypervisor
1
0
Fork 0
mirror of https://github.com/momo5502/hypervisor.git synced 2025-04-19 21:52:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Finish access watching

Browse Source
This commit is contained in:
momo5502 2022-05-16 12:17:11 +02:00
parent f37a919f77
commit 7c1e10d164
2 changed files with 72 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/driver/ept.cpp
View File

@ -178,7 +178,7 @@ namespace vmx
void ept::record_access(const uint64_t rip) void ept::record_access(const uint64_t rip)
{ {
for (unsigned long long& access_record : this->access_records) for (auto& access_record : this->access_records)
{ {
if (access_record == 0) if (access_record == 0)
{ {

21
src/runner/main.cpp
View File

@ -185,12 +185,13 @@ std::vector<uint64_t> query_records(const driver_device& driver_device, const si
return result; return result;
} }
void report_records(const std::atomic_bool& flag, const driver_device& driver_device, const uint32_t pid, const HMODULE target_module, const std::vector<std::pair<size_t, size_t>>& regions) void report_records(const std::atomic_bool& flag, const driver_device& driver_device, const uint32_t pid,
const HMODULE target_module, const std::vector<std::pair<size_t, size_t>>& regions)
{ {
std::set<uint64_t> access_addresses{}; std::set<uint64_t> access_addresses{};
int i = 0; int i = 0;
while (flag) while (!flag)
{ {
std::this_thread::sleep_for(std::chrono::seconds(1)); std::this_thread::sleep_for(std::chrono::seconds(1));
const auto new_records = query_records(driver_device, access_addresses.size()); const auto new_records = query_records(driver_device, access_addresses.size());
@ -203,7 +204,7 @@ void report_records(const std::atomic_bool& flag, const driver_device& driver_de
} }
} }
if((++i) % 5 == 0) if ((++i) % 5 == 0)
{ {
watch_regions(driver_device, pid, target_module, regions); watch_regions(driver_device, pid, target_module, regions);
} }
@ -212,6 +213,7 @@ void report_records(const std::atomic_bool& flag, const driver_device& driver_de
void unsafe_main(const int /*argc*/, char* /*argv*/[]) void unsafe_main(const int /*argc*/, char* /*argv*/[])
{ {
{
const auto driver_file = extract_driver(); const auto driver_file = extract_driver();
driver driver{driver_file, "MomoLul"}; driver driver{driver_file, "MomoLul"};
@ -229,7 +231,7 @@ void unsafe_main(const int /*argc*/, char* /*argv*/[])
printf("Reading modules...\n"); printf("Reading modules...\n");
const auto modules = process::get_modules(proc); const auto modules = process::get_modules(proc);
printf("Found %zu modules\n", modules.size()); printf("Found %zu modules:\n", modules.size());
std::vector<std::string> module_files{}; std::vector<std::string> module_files{};
module_files.reserve(modules.size()); module_files.reserve(modules.size());
@ -264,6 +266,7 @@ void unsafe_main(const int /*argc*/, char* /*argv*/[])
printf("Analyzing %s...\n", file.data()); printf("Analyzing %s...\n", file.data());
const auto regions = find_executable_regions(file); const auto regions = find_executable_regions(file);
printf("Executable regions:\n");
for (const auto& region : regions) for (const auto& region : regions)
{ {
printf("%p - %zu\n", module_base + region.first, region.second); printf("%p - %zu\n", module_base + region.first, region.second);
@ -274,13 +277,19 @@ void unsafe_main(const int /*argc*/, char* /*argv*/[])
std::atomic_bool terminate{false}; std::atomic_bool terminate{false};
std::thread t([&]() std::thread t([&]()
{ {
printf("\nWatching access:\n");
report_records(terminate, driver_device, pid, target_module, regions); report_records(terminate, driver_device, pid, target_module, regions);
}); });
_getch(); _getch();
terminate = true; terminate = true;
t.join(); t.join();
}
printf("\nWatching stopped.\n");
_getch();
return; return;
@ -315,13 +324,13 @@ void unsafe_main(const int /*argc*/, char* /*argv*/[])
patch_data(driver_device, pid, 0x52512C, data3, sizeof(data3)); patch_data(driver_device, pid, 0x52512C, data3, sizeof(data3));
*/ */
printf("Press any key to disable all hooks!\n"); /*printf("Press any key to disable all hooks!\n");
(void)_getch(); (void)_getch();
remove_hooks(driver_device); remove_hooks(driver_device);
printf("Press any key to exit!\n"); printf("Press any key to exit!\n");
(void)_getch(); (void)_getch();*/
} }
int main(const int argc, char* argv[]) int main(const int argc, char* argv[])