nihilist/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt synced 2024-09-20 21:06:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Windows Driver: correctly get KeRestoreExtendedProcessorState function pointer.

Browse Source
This commit is contained in:
Mounir IDRASSI 2017-07-05 07:52:13 +02:00
parent b0827e9b74
commit 384c5cc259
No known key found for this signature in database
GPG Key ID: DD0C382D5FCFB8FC
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/Driver/Ntdriver.c
View File

@ -129,10 +129,11 @@ NTSTATUS DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
// KeSaveExtendedProcessorState/KeRestoreExtendedProcessorState are available starting from Windows 7
if ((OsMajorVersion > 6) || (OsMajorVersion == 6 && OsMinorVersion >= 1))
{
UNICODE_STRING funcName;
RtlInitUnicodeString(&funcName, L"KeSaveExtendedProcessorState");
KeSaveExtendedProcessorStatePtr = (KeSaveExtendedProcessorStateFn) MmGetSystemRoutineAddress(&funcName);
KeRestoreExtendedProcessorStatePtr = (KeRestoreExtendedProcessorStateFn) MmGetSystemRoutineAddress(&funcName);
UNICODE_STRING saveFuncName, restoreFuncName;
RtlInitUnicodeString(&saveFuncName, L"KeSaveExtendedProcessorState");
RtlInitUnicodeString(&restoreFuncName, L"KeRestoreExtendedProcessorState");
KeSaveExtendedProcessorStatePtr = (KeSaveExtendedProcessorStateFn) MmGetSystemRoutineAddress(&saveFuncName);
KeRestoreExtendedProcessorStatePtr = (KeRestoreExtendedProcessorStateFn) MmGetSystemRoutineAddress(&restoreFuncName);
}
// Load dump filter if the main driver is already loaded