/*++
* @method: GetListCount
*
* @description: Gets the number of elements in a specified type of list
*
* @input: eListType eTypeOfList
*
* @output: UINT
*
*--*/
UINT GetListCount( eListType eTypeOfList )
{
UINT nCnt = 0;
__try
{
// Get the count by looping through the list
PVOID pItem = NULL;
while( STATUS_SUCCESS == GetListEntry( eTypeOfList, nCnt, &pItem ) )
{
++nCnt;
}
}
__except( EXCEPTION_EXECUTE_HANDLER )
{
DbgPrint( "Exception caught in GetListCount()" );
nCnt = 0;
}
return nCnt;
}
static void ProcessVoxelMeshes( ChunkEnvironment* env )
{
const int w = env->w-2;
const int h = env->h-2;
const int d = env->d-2;
const float hw = ((float)w) / 2.f;
const float hh = ((float)h) / 2.f;
const float hd = ((float)d) / 2.f;
for(int z = 0; z < d; z++)
for(int y = 0; y < h; y++)
for(int x = 0; x < w; x++)
{
const int envIndex = Get3DArrayIndex(x+1,
y+1,
z+1,
env->w,
env->h,
env->d);
const int transparentNeighbors = env->transparentNeighbors[envIndex];
List* meshList = env->meshLists[envIndex];
const int meshCount = GetListLength(meshList);
for(int i = 0; i < meshCount; i++)
{
const VoxelMesh* mesh = *(VoxelMesh**)GetListEntry(meshList, i);
const float xTranslation = ((float)x) - hw + 0.5f;
const float yTranslation = ((float)y) - hh + 0.5f;
const float zTranslation = ((float)z) - hd + 0.5f;
ProcessVoxelMesh(env,
transparentNeighbors,
xTranslation,
yTranslation,
zTranslation,
mesh);
}
}
}
/*++
* @method: FindEntry
*
* @description: Finds a specified item in specified list
*
* @input: eListType eTypeOfList, PVOID pItemToFind
*
* @output: NTSTATUS
*
*--*/
NTSTATUS FindEntry( eListType eTypeOfList, PVOID pItemToFind )
{
NTSTATUS retVal = STATUS_UNSUCCESSFUL;
__try
{
UINT i = 0;
PVOID pCurrent = NULL;
if( pItemToFind )
{
// Loop through the list to find required entry
while( STATUS_SUCCESS == GetListEntry( eTypeOfList, i, &pCurrent ) )
{
++i;
if( pCurrent )
{
switch( eTypeOfList )
{
case eProcList:
{
if( ((PPROCLISTENTRY)pCurrent)->dwPID == ((PPROCLISTENTRY)pItemToFind)->dwPID )
{
retVal = STATUS_SUCCESS;
}
}
break;
case eDllList:
{
if( ((PDLLLISTENTRY)pCurrent)->dwBase == ((PDLLLISTENTRY)pItemToFind)->dwBase )
{
retVal = STATUS_SUCCESS;
}
}
break;
case eDrvList:
{
if( ((PDRIVERLISTENTRY)pCurrent)->dwBase == ((PDRIVERLISTENTRY)pItemToFind)->dwBase )
{
retVal = STATUS_SUCCESS;
}
}
break;
case eSsdtList:
{
if( ((PSSDTHOOKLISTENTRY)pCurrent)->dwHookAddr == ((PSSDTHOOKLISTENTRY)pItemToFind)->dwHookAddr )
{
retVal = STATUS_SUCCESS;
}
}
break;
default:
{
retVal = STATUS_UNSUCCESSFUL;
}
break;
}
}
else
{
break;
}
// Found entry
if( STATUS_SUCCESS == retVal )
{
break;
}
}
}
}
__except( EXCEPTION_EXECUTE_HANDLER )
{
DbgPrint( "Exception caught in FindEntry()" );
retVal = STATUS_UNSUCCESSFUL;
}
return retVal;
}
/*++
* @method: DrvDispatch
*
* @description: IOCTL dispatch routine
*
* @input: IN PDEVICE_OBJECT pDevice, IN PIRP pIrp
*
* @output: NTSTATUS
*
*--*/
NTSTATUS DrvDispatch( IN PDEVICE_OBJECT pDevice, IN PIRP pIrp )
{
NTSTATUS retVal = STATUS_UNSUCCESSFUL;
__try
{
UINT nIndex = 0;
DWORD dwInBuffSize = 0;
DWORD dwOutBuffSize = 0;
PIO_STACK_LOCATION pIoStackIrp = NULL;
if( MmIsAddressValid( pIrp ) )
{
pIoStackIrp = IoGetCurrentIrpStackLocation( pIrp );
}
if( MmIsAddressValid( pIoStackIrp ) )
{
dwInBuffSize = pIoStackIrp->Parameters.DeviceIoControl.InputBufferLength;
dwOutBuffSize = pIoStackIrp->Parameters.DeviceIoControl.OutputBufferLength;
}
switch( pIoStackIrp->Parameters.DeviceIoControl.IoControlCode )
{
case IOCTL_OS_VER_INFO:
{
// Set OS and SP versions got from usermode, in our globals
PMYOSVERINFO pOSVerInfo = pIrp->AssociatedIrp.SystemBuffer;
if( MmIsAddressValid( pOSVerInfo ) )
{
if( STATUS_SUCCESS == InitGlobals( pOSVerInfo ) )
{
retVal = STATUS_SUCCESS;
pIrp->IoStatus.Information = dwInBuffSize;
}
}
}
break;
case IOCTL_GET_DATA_CNT:
{
// Get the count of items requested by usermode
PARKDATACOUNT pArkDataCout = pIrp->AssociatedIrp.SystemBuffer;
if( MmIsAddressValid( pArkDataCout ) )
{
switch( pArkDataCout->typeOfArkData )
{
case eArkDataProcList:
{
// Get the count of running processes
pArkDataCout->dataCount = ScanAndGetProcessCount();
}
break;
case eArkDataDllList:
{
// Get the count of DLLs
pArkDataCout->dataCount = ScanAndGetDllCount( pArkDataCout->miscData );
}
break;
case eArkDataDriverList:
{
// Get the count of loaded drivers
pArkDataCout->dataCount = ScanAndGetDriverCount();
}
break;
case eArkDataSsdtList:
{
// Get the count of SSDT hooks
pArkDataCout->dataCount = ScanAndGetSSDTHooksCount();
}
break;
default:
{
pArkDataCout->dataCount = 0;
}
break;
}
// Set the IO status based on count of items
if( pArkDataCout->dataCount > 0 )
{
retVal = STATUS_SUCCESS;
pIrp->IoStatus.Information = sizeof( ARKDATACOUNT );
}
}
}
break;
case IOCTL_GET_PROCESS:
{
// Copy all processes info from our internal list to usermode array
PARKPROCESS pArkProcData = pIrp->AssociatedIrp.SystemBuffer;
if( MmIsAddressValid( pArkProcData ) && VALIDATE_LIST_BUFF_SIZE( dwOutBuffSize, ARKPROCESS, eProcList ) )
{
PPROCLISTENTRY pProcListEntry = NULL;
while( STATUS_SUCCESS == GetListEntry( eProcList, nIndex, &pProcListEntry ) )
{
if( MmIsAddressValid( pProcListEntry ) )
{
pArkProcData[nIndex].procId = pProcListEntry->dwPID;
RtlStringCchCopyA( pArkProcData[nIndex].procName, ARKITLIB_STR_LEN, pProcListEntry->szProcName );
++nIndex;
}
else
{
break;
}
}
if( nIndex > 0 )
{
retVal = STATUS_SUCCESS;
pIrp->IoStatus.Information = dwOutBuffSize;
}
}
// Free our internal process list
DelList( eProcList );
}
break;
case IOCTL_GET_DLLS:
{
// Copy all DLLs info from our internal list to usermode array
PARKDLL pArkDllData = pIrp->AssociatedIrp.SystemBuffer;
if( MmIsAddressValid( pArkDllData ) && VALIDATE_LIST_BUFF_SIZE( dwOutBuffSize, ARKDLL, eDllList ) )
{
PDLLLISTENTRY pDllListEntry = NULL;
while( STATUS_SUCCESS == GetListEntry( eDllList, nIndex, &pDllListEntry ) )
{
if( MmIsAddressValid( pDllListEntry ) )
{
pArkDllData[nIndex].baseAddr = pDllListEntry->dwBase;
RtlStringCchCopyA( pArkDllData[nIndex].dllName, ARKITLIB_STR_LEN, pDllListEntry->szDllName );
++nIndex;
}
else
{
break;
}
}
if( nIndex > 0 )
{
retVal = STATUS_SUCCESS;
pIrp->IoStatus.Information = dwOutBuffSize;
}
}
// Free our internal DLL list
DelList( eDllList );
}
break;
case IOCTL_GET_DRIVERS:
{
// Copy all drivers info from our internal list to usermode array
PARKDRIVER pArkDrvData = pIrp->AssociatedIrp.SystemBuffer;
if( MmIsAddressValid( pArkDrvData ) && VALIDATE_LIST_BUFF_SIZE( dwOutBuffSize, ARKDRIVER, eDrvList ) )
{
PDRIVERLISTENTRY pDrvListEntry = NULL;
while( STATUS_SUCCESS == GetListEntry( eDrvList, nIndex, &pDrvListEntry ) )
{
if( MmIsAddressValid( pDrvListEntry ) )
{
pArkDrvData[nIndex].baseAddr = pDrvListEntry->dwBase;
pArkDrvData[nIndex].endAddr = pDrvListEntry->dwEnd;
pArkDrvData[nIndex].entryPoint = pDrvListEntry->dwEntryPoint;
RtlStringCchCopyA( pArkDrvData[nIndex].driverName, ARKITLIB_STR_LEN, pDrvListEntry->szDrvName );
++nIndex;
}
else
{
break;
}
}
if( nIndex > 0 )
{
retVal = STATUS_SUCCESS;
pIrp->IoStatus.Information = dwOutBuffSize;
}
}
// Free our internal driver list
DelList( eDrvList );
}
break;
case IOCTL_GET_SSDTHOOKS:
{
// Copy all SSDT hooks info from our internal list to usermode array
PARKSSDTHOOK pArkSsdtData = pIrp->AssociatedIrp.SystemBuffer;
if( MmIsAddressValid( pArkSsdtData ) && VALIDATE_LIST_BUFF_SIZE( dwOutBuffSize, ARKSSDTHOOK, eSsdtList ) )
{
PSSDTHOOKLISTENTRY pSsdtListEntry = NULL;
while( STATUS_SUCCESS == GetListEntry( eSsdtList, nIndex, &pSsdtListEntry ) )
{
if( MmIsAddressValid( pSsdtListEntry ) )
{
pArkSsdtData[nIndex].unSsdtIndex = pSsdtListEntry->unIndex;
pArkSsdtData[nIndex].baseAddr = pSsdtListEntry->dwBase;
pArkSsdtData[nIndex].endAddr = pSsdtListEntry->dwEnd;
pArkSsdtData[nIndex].hookAddr = pSsdtListEntry->dwHookAddr;
RtlStringCchCopyA( pArkSsdtData[nIndex].driverName, ARKITLIB_STR_LEN, pSsdtListEntry->szDrvName );
++nIndex;
}
else
{
break;
}
}
if( nIndex > 0 )
{
retVal = STATUS_SUCCESS;
pIrp->IoStatus.Information = dwOutBuffSize;
}
}
// Free our internal driver and SSDT list
DelList( eDrvList );
DelList( eSsdtList );
}
break;
case IOCTL_GET_SYSENTERHOOK:
{
// Copy sysenter hook data to usermode buffer
PARKSYSENTERHOOK pSysenterHookData = pIrp->AssociatedIrp.SystemBuffer;
if( MmIsAddressValid( pSysenterHookData ) )
{
if( ScanAndGetSysenterHook( pSysenterHookData ) )
{
retVal = STATUS_SUCCESS;
pIrp->IoStatus.Information = dwOutBuffSize;
}
}
// Free driver list
DelList( eDrvList );
}
break;
case IOCTL_GET_KINLINEHOOK:
{
PARKINLINEHOOK pKernelFuncData = pIrp->AssociatedIrp.SystemBuffer;
if( MmIsAddressValid( pKernelFuncData ) )
{
if( ScanFunctionInlineHook( pKernelFuncData ) )
{
retVal = STATUS_SUCCESS;
pIrp->IoStatus.Information = dwOutBuffSize;
}
}
}
break;
case IOCTL_NT_API_INFO:
{
PARKNTAPI pNtApiData = pIrp->AssociatedIrp.SystemBuffer;
if( MmIsAddressValid( pNtApiData ) )
{
if( STATUS_SUCCESS == InitNtApiData( pNtApiData ) )
{
retVal = STATUS_SUCCESS;
pIrp->IoStatus.Information = dwInBuffSize;
}
}
}
break;
case IOCTL_FIX_ISSUES:
{
PARKFIX pFixData = pIrp->AssociatedIrp.SystemBuffer;
if( MmIsAddressValid( pFixData ) )
{
switch( pFixData->eType )
{
case eArkKillProcess:
{
PDWORD pdwPid = (PDWORD)(pFixData->cFixData);
if( KillProcess( pdwPid ) )
{
retVal = STATUS_SUCCESS;
}
}
break;
case eArkFixSsdtHook:
{
PARKFIXSSDT pFixSsdtHookData = (PARKFIXSSDT)(pFixData->cFixData);
if( FixSSDTHook( pFixSsdtHookData ) )
{
retVal = STATUS_SUCCESS;
}
}
break;
case eArkFixInlineHook:
{
PARKFIXINLINEHOOK pFixInlineHook = (PARKFIXINLINEHOOK)(pFixData->cFixData);
if( FixInlineHook( pFixInlineHook ) )
{
retVal = STATUS_SUCCESS;
}
}
break;
}
if( STATUS_SUCCESS == retVal )
{
pIrp->IoStatus.Information = dwInBuffSize;
}
}
}
break;
default:
{
retVal = STATUS_UNSUCCESSFUL;
pIrp->IoStatus.Information = 0;
}
break;
}
pIrp->IoStatus.Status = retVal;
IoCompleteRequest( pIrp, IO_NO_INCREMENT );
}
__except( EXCEPTION_EXECUTE_HANDLER )
{
retVal = STATUS_UNSUCCESSFUL;
DbgPrint( "Exception caught in DrvDispatch()" );
}
return retVal;
}
