-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathx86Core.h
More file actions
58 lines (49 loc) · 1.88 KB
/
x86Core.h
File metadata and controls
58 lines (49 loc) · 1.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#ifndef _RTSCHECKER_X86CORE_H_
#define _RTSCHECKER_X86CORE_H_
#include <ntddk.h>
#define GLOBAL
#define STATIC static
#define PACK_PUSH __pragma(pack(push, 1))
#define PACK_POP __pragma(pack(pop))
#define FORCEINLINE __forceinline
#define VOLATILE volatile
typedef UINT16 WORD, WORD16, *LPWORD16;
typedef UINT64 QWORD, QWORD64, *LPQWORD;
typedef VOID* LPVOID, *LPPVOID;
typedef CONST VOID* LPCVOID;
typedef unsigned char BYTE, *LPBYTE;
typedef CONST BYTE* LPCBYTE;
/// Get/SetWakeupTime are using internal implementation `HalpAcpiPmRegisterWrite`.
/// The UEFI implementation remains in physical memory, usually close to `(PHYSMEM) SetTime()`.
PACK_PUSH
typedef struct _HAL_EFI_RUNTIME_SERVICES_TABLE {
LPVOID GetTime; // 0x00
LPVOID SetTime; // 0x08
LPVOID ResetSystem; // 0x10
LPVOID GetVariable; // 0x18
LPVOID GetNextVariableName; // 0x20
LPVOID SetVariable; // 0x28
LPVOID UpdateCapsule; // 0x30
LPVOID QueryCapsuleCapabilities; // 0x38
LPVOID QueryVariableInfo; // 0x40
} HAL_EFI_RUNTIME_SERVICES_TABLE, *PHAL_EFI_RUNTIME_SERVICES_TABLE;
PACK_POP
// currently dont know how to reliably get gRT address without hibernation to verify RTS pointer validity
// SIGNATURE_64 ('R', 'U', 'N', 'T', 'S', 'E', 'R', 'V') (in 'Hdr' field)
#define EFI_RUNTIME_SERVICES_SIGNATURE 'RUNTSERV'
typedef NTSTATUS (__fastcall *HalEfiSetEnvironmentVariable_t)(
QWORD qwArg1
);
STATIC FORCEINLINE QWORD VirtualToPhysical(
QWORD qwVirtualAddress
) {
return (QWORD) MmGetPhysicalAddress((PVOID) qwVirtualAddress).QuadPart;
}
// AnalyzeRtsAddresses
// - prints per-address analysis & per-address risk
// - returns aggregated risk score (sum of per-address scores)
DWORD32 AnalyzeRtsAddresses(
_In_reads_opt_(nCount) CONST QWORD64* aVirtAddrs64,
_In_ SIZE_T nCount
);
#endif // _RTSCHECKER_X86CORE_H_