Format code

This commit is contained in:
nganhkhoa 2020-08-01 04:47:59 +07:00
parent e2eac767e0
commit ae679b62be
3 changed files with 23 additions and 22 deletions

View File

@ -39,8 +39,7 @@ fn main() -> Result<(), Box<dyn Error>> {
.iter() .iter()
.enumerate() .enumerate()
{ {
let addr: u64 = let addr: u64 = addr_.as_str().and_then(|x| parse(x).ok()).unwrap_or(0);
addr_.as_str().and_then(|x| parse(x).ok()).unwrap_or(0);
let mut owner = "(??)"; let mut owner = "(??)";
println!("{} {}", addr, get_irp_name(idx)); println!("{} {}", addr, get_irp_name(idx));
for kmod in kmods.iter() { for kmod in kmods.iter() {

View File

@ -45,29 +45,30 @@ fn main() -> Result<(), Box<dyn Error>> {
if *func > base && *func < base + size { if *func > base && *func < base + size {
let module = r["BaseName"].as_str().unwrap(); let module = r["BaseName"].as_str().unwrap();
Some(module) Some(module)
} } else {
else {
None None
} }
}); });
if owner == Some("ntoskrnl.exe") { if owner == Some("ntoskrnl.exe") {
let offset = func - ntosbase.address(); let offset = func - ntosbase.address();
let funcname: String = { let funcname: String = {
driver.pdb_store.symbols.iter().find_map(|(name, o)| { driver
if o.clone() == offset { .pdb_store
Some(name.clone()) .symbols
} .iter()
else { .find_map(|(name, o)| {
None if o.clone() == offset {
} Some(name.clone())
}).unwrap_or("(??)".to_string()) } else {
None
}
})
.unwrap_or("(??)".to_string())
}; };
println!("\towned by nt!{}", funcname); println!("\towned by nt!{}", funcname);
} } else if let Some(owner_) = owner {
else if let Some(owner_) = owner {
println!("\\thooked by {}", owner_); println!("\\thooked by {}", owner_);
} } else {
else {
println!("\tmissing owner"); println!("\tmissing owner");
} }
} }

View File

@ -1,13 +1,11 @@
use serde_json::{json}; use serde_json::json;
use std::error::Error; use std::error::Error;
use std::fs; use std::fs;
use lpus::{ use lpus::{
driver_state::DriverState, scan_eprocess, scan_ethread, traverse_activehead, driver_state::DriverState, scan_driver, scan_eprocess, scan_ethread, scan_kernel_module,
traverse_handletable, traverse_kiprocesslist, scan_driver, scan_kernel_module, ssdt_table, traverse_activehead, traverse_handletable, traverse_kiprocesslist,
traverse_loadedmodulelist, traverse_unloadeddrivers, traverse_loadedmodulelist, traverse_unloadeddrivers,
ssdt_table
}; };
fn main() -> Result<(), Box<dyn Error>> { fn main() -> Result<(), Box<dyn Error>> {
@ -30,7 +28,10 @@ fn main() -> Result<(), Box<dyn Error>> {
let kernel_module_1 = scan_kernel_module(&driver)?; let kernel_module_1 = scan_kernel_module(&driver)?;
let kernel_module_2 = traverse_loadedmodulelist(&driver)?; let kernel_module_2 = traverse_loadedmodulelist(&driver)?;
let unloaded_driver = traverse_unloadeddrivers(&driver)?; let unloaded_driver = traverse_unloadeddrivers(&driver)?;
let ssdt: Vec<String> = ssdt_table(&driver)?.into_iter().map(|x| format!("0x{:x}", x)).collect(); let ssdt: Vec<String> = ssdt_table(&driver)?
.into_iter()
.map(|x| format!("0x{:x}", x))
.collect();
let result = json!({ let result = json!({
"scan_eprocess": eprocess_1, "scan_eprocess": eprocess_1,