Merge pull request #99 from hfiref0x/dev142-dsefix

v 1.4.2

Source/Hamakaze/KDU.vcxproj.user

@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <LocalDebuggerCommandArguments>-test</LocalDebuggerCommandArguments>
+    <LocalDebuggerCommandArguments>-dse 0</LocalDebuggerCommandArguments>
     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">

Source/Hamakaze/dsefix.cpp

@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2014 - 2023
+*  (C) COPYRIGHT AUTHORS, 2014 - 2024
 *
 *  TITLE:       DSEFIX.CPP
 *
-*  VERSION:     1.32
+*  VERSION:     1.42
 *
-*  DATE:        20 May 2023
+*  DATE:        23 Sep 2024
 *
 *  CI DSE corruption related routines.
 *  Based on DSEFix v1.3
@@ -50,11 +50,9 @@ ULONG KDUpCheckInstructionBlock(
     RtlSecureZeroMemory(&hs, sizeof(hs));
 
     hde64_disasm(&Code[offset], &hs);
-    if (hs.flags & F_ERROR)
-        return 0;
-
-    if (hs.len != 3)
+    if ((hs.flags & F_ERROR) || (hs.len != 3)) {
         return 0;
+    }
 
     //
     // mov     r9, rbx
@@ -68,16 +66,19 @@ ULONG KDUpCheckInstructionBlock(
     offset += hs.len;
 
     hde64_disasm(&Code[offset], &hs);
-    if (hs.flags & F_ERROR)
-        return 0;
-
-    if (hs.len != 3)
+    if ((hs.flags & F_ERROR) || (hs.len != 3)) {
         return 0;
+    }
 
     //
-    // mov     r8, rdi
+    // mov     r8, rdi 
+    // 
+    // or 
     //
-    if (Code[offset] != 0x4C ||
+    // mov     r8d, edi
+    //
+    if (Code[offset] != 0x4C && 
+        Code[offset] != 0x44 &&
         Code[offset + 1] != 0x8B)
     {
         return 0;
@@ -88,26 +89,53 @@ ULONG KDUpCheckInstructionBlock(
     hde64_disasm(&Code[offset], &hs);
     if (hs.flags & F_ERROR)
         return 0;
-    if (hs.len != 3)
-        return 0;
 
-    //
-    // mov     rdx, rsi
-    //
-    if (Code[offset] != 0x48 ||
-        Code[offset + 1] != 0x8B)
+    if (hs.len == 3) {
+
+        //
+        // mov     rdx, rsi
+        //
+        if (Code[offset] != 0x48 ||
+            Code[offset + 1] != 0x8B)
+        {
+            return 0;
+        }
+    }
+    else if (hs.len == 5)
     {
+        //
+        // mov[rsp + 38h + 28h], rax
+        //
+        if (Code[offset] != 0x48 ||
+            Code[offset + 1] != 0x89)
+        {
+            return 0;
+        }
+
+        offset += hs.len;
+        hde64_disasm(&Code[offset], &hs);
+        if (hs.flags & F_ERROR || hs.len != 3) {
+            return 0;
+        }
+        //
+        // mov     rdx, rsi
+        //
+        if (Code[offset] != 0x48 ||
+            Code[offset + 1] != 0x8B)
+        {
+            return 0;
+        }
+    }
+    else {
         return 0;
     }
 
     offset += hs.len;
 
     hde64_disasm(&Code[offset], &hs);
-    if (hs.flags & F_ERROR)
-        return 0;
-
-    if (hs.len != 2)
+    if ((hs.flags & F_ERROR) || (hs.len != 2)) {
         return 0;
+    }
 
     //
     // mov     ecx, ebp

Source/Hamakaze/resource.rc

@@ -51,8 +51,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 1,4,2,2404
- PRODUCTVERSION 1,4,2,2404
+ FILEVERSION 1,4,2,2409
+ PRODUCTVERSION 1,4,2,2409
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -69,12 +69,12 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "UG North"
             VALUE "FileDescription", "Kernel Driver Utility"
-            VALUE "FileVersion", "1.4.2.2404"
+            VALUE "FileVersion", "1.4.2.2409"
             VALUE "InternalName", "Hamakaze.exe"
             VALUE "LegalCopyright", "Copyright (C) 2020 - 2024 KDU Project"
             VALUE "OriginalFilename", "Hamakaze.exe"
             VALUE "ProductName", "KDU"
-            VALUE "ProductVersion", "1.4.2.2404"
+            VALUE "ProductVersion", "1.4.2.2409"
         END
     END
     BLOCK "VarFileInfo"

Source/Shared/consts.h

@@ -6,7 +6,7 @@
 *
 *  VERSION:     1.42
 *
-*  DATE:        01 Apr 2024
+*  DATE:        23 Sep 2024
 *
 *  Global consts.
 *
@@ -22,15 +22,15 @@
 #define KDU_VERSION_MAJOR       1
 #define KDU_VERSION_MINOR       4
 #define KDU_VERSION_REVISION    2
-#define KDU_VERSION_BUILD       2404
+#define KDU_VERSION_BUILD       2409
 #define KDU_COPYRIGHT_YEAR      2024
 
 #define KDU_MIN_NTBUILDNUMBER   0x1DB1      //Windows 7 SP1
 #define KDU_MAX_NTBUILDNUMBER   0xFFFFFFFF  //Undefined
 
 #define IPC_GET_HANDLE          0x1337
 
-#define KDU_SYNC_MUTANT         0x2404
+#define KDU_SYNC_MUTANT         0x2409
 
 #define NT_REG_PREP             L"\\Registry\\Machine"
 #define DRIVER_REGKEY           L"%wS\\System\\CurrentControlSet\\Services\\%wS"

Source/Shared/ntos/ntbuilds.h

@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2021 - 2023
+*  (C) COPYRIGHT AUTHORS, 2021 - 2024
 *
 *  TITLE:       NTBUILDS.H
 *
-*  VERSION:     1.20
+*  VERSION:     1.26
 *
-*  DATE:        01 Nov 2023
+*  DATE:        15 Sep 2024
 *
 *  Windows NT builds definition file.
 *
@@ -89,5 +89,5 @@
 #define NT_WIN11_23H2           22631
 
 // Windows 11 Active Development Branch
-#define NT_WIN11_DEV            23575
-#define NT_WIN11_24H2           25982 //canary (24H2)
+#define NT_WIN11_24H2           26100 //canary (24H2)
+#define NT_WIN11_25H2           27695 //canary (25H2)