From 5842ed216c24c8fb07a8d21ca9d68b80713f11c8 Mon Sep 17 00:00:00 2001 From: nganhkhoa Date: Wed, 20 May 2020 13:51:38 +0700 Subject: [PATCH] Add Windows 10 2019 support --- src/driver_state.rs | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/src/driver_state.rs b/src/driver_state.rs index bd6f68f..e7e81ab 100644 --- a/src/driver_state.rs +++ b/src/driver_state.rs @@ -268,7 +268,28 @@ impl DriverState { &mut last_va); Ok([first_va, last_va]) - } + }, + WindowsVersion::Windows10_2019 => { + let mistate = ntosbase + self.pdb_store.get_offset_r("MiState")?; + let system_node_ptr = self.pdb_store.addr_decompose( + mistate, "_MI_SYSTEM_INFORMATION.Hardware.SystemNodeInformation")?; + let mut system_node_addr = 0u64; + self.deref_addr(system_node_ptr, &mut system_node_addr); + + let mut first_va = 0u64; + let mut last_va = 0u64; + self.deref_addr( + system_node_addr + + self.pdb_store.get_offset_r("_MI_SYSTEM_NODE_INFORMATION.NonPagedPoolFirstVa")?, + &mut first_va); + + self.deref_addr( + system_node_addr + + self.pdb_store.get_offset_r("_MI_SYSTEM_NODE_INFORMATION.NonPagedPoolLastVa")?, + &mut last_va); + + Ok([first_va, last_va]) + }, _ => { Err("Windows version for nonpaged pool algorithm is not implemented".into()) }