Format code
This commit is contained in:
parent
e2eac767e0
commit
ae679b62be
@ -39,8 +39,7 @@ fn main() -> Result<(), Box<dyn Error>> {
|
|||||||
.iter()
|
.iter()
|
||||||
.enumerate()
|
.enumerate()
|
||||||
{
|
{
|
||||||
let addr: u64 =
|
let addr: u64 = addr_.as_str().and_then(|x| parse(x).ok()).unwrap_or(0);
|
||||||
addr_.as_str().and_then(|x| parse(x).ok()).unwrap_or(0);
|
|
||||||
let mut owner = "(??)";
|
let mut owner = "(??)";
|
||||||
println!("{} {}", addr, get_irp_name(idx));
|
println!("{} {}", addr, get_irp_name(idx));
|
||||||
for kmod in kmods.iter() {
|
for kmod in kmods.iter() {
|
||||||
|
@ -45,29 +45,30 @@ fn main() -> Result<(), Box<dyn Error>> {
|
|||||||
if *func > base && *func < base + size {
|
if *func > base && *func < base + size {
|
||||||
let module = r["BaseName"].as_str().unwrap();
|
let module = r["BaseName"].as_str().unwrap();
|
||||||
Some(module)
|
Some(module)
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
None
|
None
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
if owner == Some("ntoskrnl.exe") {
|
if owner == Some("ntoskrnl.exe") {
|
||||||
let offset = func - ntosbase.address();
|
let offset = func - ntosbase.address();
|
||||||
let funcname: String = {
|
let funcname: String = {
|
||||||
driver.pdb_store.symbols.iter().find_map(|(name, o)| {
|
driver
|
||||||
|
.pdb_store
|
||||||
|
.symbols
|
||||||
|
.iter()
|
||||||
|
.find_map(|(name, o)| {
|
||||||
if o.clone() == offset {
|
if o.clone() == offset {
|
||||||
Some(name.clone())
|
Some(name.clone())
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
None
|
None
|
||||||
}
|
}
|
||||||
}).unwrap_or("(??)".to_string())
|
})
|
||||||
|
.unwrap_or("(??)".to_string())
|
||||||
};
|
};
|
||||||
println!("\towned by nt!{}", funcname);
|
println!("\towned by nt!{}", funcname);
|
||||||
}
|
} else if let Some(owner_) = owner {
|
||||||
else if let Some(owner_) = owner {
|
|
||||||
println!("\\thooked by {}", owner_);
|
println!("\\thooked by {}", owner_);
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
println!("\tmissing owner");
|
println!("\tmissing owner");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,13 +1,11 @@
|
|||||||
use serde_json::{json};
|
use serde_json::json;
|
||||||
use std::error::Error;
|
use std::error::Error;
|
||||||
use std::fs;
|
use std::fs;
|
||||||
|
|
||||||
|
|
||||||
use lpus::{
|
use lpus::{
|
||||||
driver_state::DriverState, scan_eprocess, scan_ethread, traverse_activehead,
|
driver_state::DriverState, scan_driver, scan_eprocess, scan_ethread, scan_kernel_module,
|
||||||
traverse_handletable, traverse_kiprocesslist, scan_driver, scan_kernel_module,
|
ssdt_table, traverse_activehead, traverse_handletable, traverse_kiprocesslist,
|
||||||
traverse_loadedmodulelist, traverse_unloadeddrivers,
|
traverse_loadedmodulelist, traverse_unloadeddrivers,
|
||||||
ssdt_table
|
|
||||||
};
|
};
|
||||||
|
|
||||||
fn main() -> Result<(), Box<dyn Error>> {
|
fn main() -> Result<(), Box<dyn Error>> {
|
||||||
@ -30,7 +28,10 @@ fn main() -> Result<(), Box<dyn Error>> {
|
|||||||
let kernel_module_1 = scan_kernel_module(&driver)?;
|
let kernel_module_1 = scan_kernel_module(&driver)?;
|
||||||
let kernel_module_2 = traverse_loadedmodulelist(&driver)?;
|
let kernel_module_2 = traverse_loadedmodulelist(&driver)?;
|
||||||
let unloaded_driver = traverse_unloadeddrivers(&driver)?;
|
let unloaded_driver = traverse_unloadeddrivers(&driver)?;
|
||||||
let ssdt: Vec<String> = ssdt_table(&driver)?.into_iter().map(|x| format!("0x{:x}", x)).collect();
|
let ssdt: Vec<String> = ssdt_table(&driver)?
|
||||||
|
.into_iter()
|
||||||
|
.map(|x| format!("0x{:x}", x))
|
||||||
|
.collect();
|
||||||
|
|
||||||
let result = json!({
|
let result = json!({
|
||||||
"scan_eprocess": eprocess_1,
|
"scan_eprocess": eprocess_1,
|
||||||
|
Loading…
Reference in New Issue
Block a user