fix: dynamically testing for IoCreateDeviceSecure support

Valthrun · Dec 9, 2024 · c770116 · c770116
1 parent f593e8d
commit c770116
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 13 deletions.
diff --git a/utils/imports/src/lib.rs b/utils/imports/src/lib.rs
@@ -7,6 +7,18 @@ use obfstr::obfstr;
 mod utils;
 pub use utils::lookup_image_symbol;
 
+pub fn resolve_system_opt(symbol_name: &str) -> Option<NonNull<()>> {
+    let Some(kernelbase) = utils_kernelbase::get() else {
+        panic!(
+            "{}",
+            obfstr!("can not resolve a system import without a kernel base")
+        );
+    };
+
+    utils::lookup_image_symbol(kernelbase, symbol_name)
+        .map(|v| unsafe { NonNull::new_unchecked(v as *mut _) })
+}
+
 pub fn resolve_system(_module: Option<&str>, symbol_name: &str) -> NonNull<()> {
     let Some(kernelbase) = utils_kernelbase::get() else {
         panic!(

diff --git a/utils/kapi/src/device.rs b/utils/kapi/src/device.rs
@@ -1,6 +1,7 @@
 use alloc::boxed::Box;
 use core::pin::Pin;
 
+use obfstr::obfstr;
 use winapi::{
     km::wdm::{
         IoGetCurrentIrpStackLocation,
@@ -23,6 +24,7 @@ use winapi::{
 
 use crate::{
     imports::{
+        IoCreateDevice,
         IoCreateDeviceSecure,
         IoDeleteDevice,
     },
@@ -52,19 +54,37 @@ impl<T> DeviceHandle<T> {
     ) -> anyhow::Result<Pin<Box<Self>>> {
         let mut device_ptr: PDEVICE_OBJECT = core::ptr::null_mut();
         let result = unsafe {
-            IoCreateDeviceSecure(
-                driver,
-                core::mem::size_of::<*const ()>() as u32,
-                device_name
-                    .map(|name| name as *const _)
-                    .unwrap_or(core::ptr::null()),
-                device_type,
-                characteristics,
-                if exclusive { 1 } else { 0 },
-                sddl,
-                class_guid,
-                &mut device_ptr as *mut PDEVICE_OBJECT,
-            )
+            if utils_imports::resolve_system_opt("IoCreateDeviceSecure").is_some() {
+                IoCreateDeviceSecure(
+                    driver,
+                    core::mem::size_of::<*const ()>() as u32,
+                    device_name
+                        .map(|name| name as *const _)
+                        .unwrap_or(core::ptr::null()),
+                    device_type,
+                    characteristics,
+                    if exclusive { 1 } else { 0 },
+                    sddl,
+                    class_guid,
+                    &mut device_ptr as *mut PDEVICE_OBJECT,
+                )
+            } else {
+                log::debug!(
+                    "{}",
+                    obfstr!("IoCreateDeviceSecure not supported. Using IoCreateDevice.")
+                );
+                IoCreateDevice(
+                    driver,
+                    core::mem::size_of::<*const ()>() as u32,
+                    device_name
+                        .map(|name| name as *const _)
+                        .unwrap_or(core::ptr::null()),
+                    device_type,
+                    characteristics,
+                    if exclusive { 1 } else { 0 },
+                    &mut device_ptr as *mut PDEVICE_OBJECT,
+                )
+            }
         };
 
         if !result.is_ok() {