Fix SSDT entry
SSDT entries can be negative, so signed int is used
This commit is contained in:
parent
2d7576b1e2
commit
967684f140
@ -27,7 +27,7 @@ fn main() -> Result<(), Box<dyn Error>> {
|
||||
// }
|
||||
println!("=============================================");
|
||||
for r in unloaded.iter() {
|
||||
println!("{:#}", r.to_string());
|
||||
println!("{:#}", r);
|
||||
}
|
||||
println!("=============================================");
|
||||
for (idx, func) in ssdt.iter().enumerate() {
|
||||
@ -65,7 +65,7 @@ fn main() -> Result<(), Box<dyn Error>> {
|
||||
println!("\towned by nt!{}", funcname);
|
||||
}
|
||||
else if let Some(owner_) = owner {
|
||||
println!("\towned by {}", owner_);
|
||||
println!("\\thooked by {}", owner_);
|
||||
}
|
||||
else {
|
||||
println!("\tmissing owner");
|
||||
|
||||
@ -573,12 +573,15 @@ pub fn ssdt_table(driver: &DriverState) -> BoxResult<Vec<u64>> {
|
||||
let servicetable = ntosbase.clone() + driver.pdb_store.get_offset_r("KiServiceTable")?;
|
||||
let servicelimit_ptr = ntosbase.clone() + driver.pdb_store.get_offset_r("KiServiceLimit")?;
|
||||
|
||||
// TODO: Shifting is wrong, Rust seems to do arithmetic shift
|
||||
let servicelimit = driver.deref_addr_new::<u32>(servicelimit_ptr.address()) as u64;
|
||||
let ssdt: Vec<u64> = driver
|
||||
.deref_array::<u32>(&servicetable, servicelimit)
|
||||
.deref_array::<i32>(&servicetable, servicelimit)
|
||||
.iter()
|
||||
.map(|entry| servicetable.address() + ((*entry as u64) >> 4))
|
||||
.map(|entry| {
|
||||
// the entry can be negative, we need to do calculation using signed int
|
||||
// and convert back to unsigned int for address
|
||||
((servicetable.address() as i64) + ((*entry >> 4) as i64)) as u64
|
||||
})
|
||||
.collect();
|
||||
Ok(ssdt)
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user