RC2

Better handling of malformed files, fixes to PH calculation, malformed test files added (including poc from #2 and from sources I don't really remember). Release candidate 2.

Author: hfiref0x

AuthHashCalc.sha256

@@ -1,17 +1,41 @@
-0ff7b4f3f7cdd3c2d0cc85c9318e15a7e70f9cba58b351b10d602c7c7f3a77de *Bin\ahc32.exe
-327b561fed1894cbd2c8c31b3841eb34820af64a445a253f87f6128157950fa1 *Bin\ahc64.exe
+0fe7bced5c26aa798840f43545d275c5f51f3d64f18ff9ffd3750a945edae55a *Bin\ahc32.exe
+c1ad266312d0d6a06e2c8dd89cb32bbb564bb87bcdfd694347cf898bf95725eb *Bin\ahc64.exe
 6dedc0ab11424471d995b569ca779272e9e7f8405abca675863256f42ebd3938 *Screenshots\cli.png
 4787220600043ba0fadc09fa76194ba3a6ead6fc124ea934099b306a8f74fe73 *Screenshots\mainwnd.png
 dcf5ac3479f9a3b519926c29becd2ec88584fffbb4d92235582a35cf10d99593 *Source\ahc.manifest
 636925b3417b667439881cfe81c8091b4f76cfe508065d0c915e50616eb76554 *Source\AuthHashCalc.sln
-0c83859ceee7f409a47ccd41053a67edb15dd35c05d1152538135623d4c2b52e *Source\AuthHashCalc.vcxproj
-fe95abf388ba3edd8452d5c0dd8c3b90b880d74b34926f7ef14152ca27fe0c32 *Source\AuthHashCalc.vcxproj.filters
+bb4198a6f3589e4c2de6fc3d5ef663fe836914788823ae2c4ef8722d095f712d *Source\AuthHashCalc.vcxproj
+393cdbe6beee2cd0c5cd381bde752318afdc8805d29a3f95f51022a55d5c4e5c *Source\AuthHashCalc.vcxproj.filters
 11670e3af4b2d8ab84359947d3b34ae8fc4363e04ead2b545e1d720242b72976 *Source\AuthHashCalc.vcxproj.user
-8adf12b26f52d91a5cd28bbe3473c20d03e103530f55dfe1ba1f31e81ebf28db *Source\global.h
-50eaa19158bb89b28a4e82cc703387f2dd2753ed2a42d03e56d8554568f35ae1 *Source\main.cpp
+99225431ee6da94bb5e740ea388c03e6a1743648f2f934fcc0043e4e96034d97 *Source\global.h
+a671d5c103e1c09f33c6cb7f751e74df4b8d7e14386198f97d37208e146160bd *Source\hash.cpp
+260879bed6f510f3c06a5afede94967e4f17b2aad972e2ffdebcaa408c41b2d9 *Source\hash.h
+088743b7b7a955d17f8769a4b0cb7a261be0df91443171f7def0156a2a6e66ff *Source\main.cpp
 c9bfabccf970e5f0bf7c281625ddde1a02533aee7de73a3d3e5926750bb172d1 *Source\main.ico
 5231ac27b80499f9c54c69ac397009ba29ea3038135cf386e3b44e30090f84cd *Source\ntos.h
 dab312fbef3e1e372092f0d07b29f8288509b0d69cab7fa5e527b3e85c3496d0 *Source\resource.h
-56d5cc7f85d1c1481059b791b1df6124f848d133e93216d58263356f9d48bad9 *Source\resource.rc
-32033f1941c7685694b22ee45e498c9d83de2a5f5bc3bd5ce251c116d6fcc2ff *Source\sup.cpp
-2203c43a517762bf61aae21ca7193fe4205a42eea5ca00b44aedd9109a6bc227 *Source\sup.h
+d21ffa3d21a2e2fdc9913d4c63208950e90566cb3b386358b6bf31b25c04cbbb *Source\resource.rc
+fa9cb66fc7d225c17a3c3417a315421f32b45b279d9b89e027a82006dc12a7ca *Source\sup.cpp
+392d3d4b648a0d12896227c320ae62bd4552d90e0e77296d6ad26c0e05d2d5f1 *Source\sup.h
+212672c8f4767647ad6ac2c52be30ef67375974702fd9899f664fe7489398a04 *Source\tests\BadNtHeaders.exe
+5426632bc809a95ed36bcfae71a53c98d84ffa7ef4593322854f54db067089ea *Source\tests\GLCKIO2_2pages.sys
+609a8c800e44c1216145422ab73f25642976b568266ed475e0454f570bc8d05f *Source\tests\GLCKIO2_invalid1.sys
+609a8c800e44c1216145422ab73f25642976b568266ed475e0454f570bc8d05f *Source\tests\GLCKIO2_invalid2.sys
+046631de6c519a9ee5cf93f8b5af2118ad67ec31a51e46ad11795e0974f4dca4 *Source\tests\32\32.dll
+7aa07b4ca16e46ffc284cbdd27186d5eed4e06042bf622187ab6bbc5ad93a675 *Source\tests\64\64.dll
+2226d24875e40b2457aee99f1b0a3558e0dc85d67072b13b011f0a023d646cb3 *Source\tests\ci\ci0.dll
+01347965f4a60f9a6465a005f581f011459defc1f77dcc4254569c5ec5f67b2c *Source\tests\ci\ci1.dll
+59ce783bd5f6178d02fe6436b295ab70c0558a2278c7294e23c71bcea817998a *Source\tests\ci\ci2.dll
+365cc819ab86e2a9ff85a98a0b8b41991cd64207e74f7883573426138713e134 *Source\tests\misc\aaaaaaaa.dll
+d2309f63de2501e3e7a72cebf9108edfcca42adf7cea269d4d32f8bffdeaa139 *Source\tests\misc\ccccccc.dll
+1a6852fc3f30bdb708678854565b1402cf80e5a66d1d630b1da23344b707f93b *Source\tests\misc\ddddddd.dll
+2226d24875e40b2457aee99f1b0a3558e0dc85d67072b13b011f0a023d646cb3 *Source\tests\misc\dddddddd.dll
+805739eadc35fe43258206e81b0ff7a50d9949d0fe7f7a7ea6603e1d0c8f4197 *Source\tests\misc\eeeeeeee.dll
+c65be88bb4fd4eabc1fe09175ba7eac4e67de44425c42a7a74938ce64dbeecad *Source\tests\misc\fffffffff.dll
+c65be88bb4fd4eabc1fe09175ba7eac4e67de44425c42a7a74938ce64dbeecad *Source\tests\misc\wwwww.dll
+efa923ce37c7b1a77e5952df6b7e03085e7861167a6e0dc1d82b1164705eacbd *Source\tests\misc\xxxxxxxxx.dll
+fe5521ec023d8c03cdba9145417070ffb6db7f5a2d77e150992c8c9c4713def4 *Source\tests\misc\yyyyyy.dll
+94ec28f6a426054c9c99939396e258b0fad2eae0687836c0192853a99e02eef6 *Source\tests\misc\zzzzzzzzzz.dll
+3548228c04849535ba626108306a12460d36aaff36a82c55d4b5fc7326203d4c *Source\tests\reloc\apphelp0.dll
+37ede7f772f13ebd667a0ec021dbb16644f1873cb7c879369eb07c6e8b629eab *Source\tests\reloc\apphelp1.dll
+6e57be1c2bbcd4100d6ba3b66961873505c4c4da8c2d0d60896f0e11e468d4c0 *Source\tests\reloc\apphelp2.dll

Bin/ahc32.exe

@@ -186,11 +186,13 @@
     </Manifest>
   </ItemDefinitionGroup>
   <ItemGroup>
+    <ClCompile Include="hash.cpp" />
     <ClCompile Include="main.cpp" />
     <ClCompile Include="sup.cpp" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="global.h" />
+    <ClInclude Include="hash.h" />
     <ClInclude Include="ntos.h" />
     <ClInclude Include="resource.h" />
     <ClInclude Include="sup.h" />

Bin/ahc64.exe

@@ -21,6 +21,9 @@
     <ClCompile Include="sup.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="hash.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="global.h">
@@ -35,6 +38,9 @@
     <ClInclude Include="ntos.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="hash.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="resource.rc">

Source/AuthHashCalc.vcxproj

@@ -6,7 +6,7 @@
 *
 *  VERSION:     1.03
 *
-*  DATE:        21 Oct 2021
+*  DATE:        26 Oct 2021
 *
 *  Common include header file.
 *
@@ -36,17 +36,38 @@
 #include <VersionHelpers.h>
 #include <ntstatus.h>
 #include "ntos.h"
-#include "sup.h"
 #include "resource.h"
 
+#pragma comment(lib, "Bcrypt.lib")
+#pragma comment(lib, "Comctl32.lib")
+
 typedef struct _CNG_CTX {
     PVOID Hash;
     PVOID HashObject;
     ULONG HashSize;
     ULONG HashObjectSize;
     BCRYPT_ALG_HANDLE AlgHandle;
     BCRYPT_HASH_HANDLE HashHandle;
+    HANDLE HeapHandle;
 } CNG_CTX, * PCNG_CTX;
 
-#pragma comment(lib, "Bcrypt.lib")
-#pragma comment(lib, "Comctl32.lib")
+typedef struct _FILE_EXCLUDE_DATA {
+    ULONG ChecksumOffset;
+    ULONG SecurityOffset;
+    PIMAGE_DATA_DIRECTORY SecurityDirectory;
+} FILE_EXCLUDE_DATA, * PFILE_EXCLUDE_DATA;
+
+typedef struct _FILE_VIEW_INFO {
+    DWORD LastError;
+    LPCWSTR FileName;
+    HANDLE FileHandle;
+    HANDLE SectionHandle;
+    PVOID ViewBase;
+    SIZE_T ViewSize;
+    LARGE_INTEGER FileSize;
+    PIMAGE_NT_HEADERS NtHeaders;
+    FILE_EXCLUDE_DATA ExcludeData;
+} FILE_VIEW_INFO, * PFILE_VIEW_INFO;
+
+#include "sup.h"
+#include "hash.h"