search

9176324 / Shark

Turn off PatchGuard in real time for win7 (7600) ~ later
MIT License
984 stars 303 forks source link

resolved - DRIVER_IQRL_NOT_LESS_OR_EQUAL for windows 10 10586 #19

Closed YangKi1902 closed 5 years ago

YangKi1902 commented 5 years ago

i got DRIVER_IQRL_NOT_LESS_OR_EQUAL in windows 10 10586, resolved by replace this code for SpaceAMD64.c :

#define MiGetPxeAddress(va)   \
    ((PMMPTE)PXE_BASE + MiGetPxeOffset(va))

#define MiGetPpeAddress(va)   \
    ((PMMPTE)(((((ULONG_PTR)(va) & VIRTUAL_ADDRESS_MASK) >> PPI_SHIFT) << PTE_SHIFT) + PPE_BASE))

#define MiGetPdeAddress(va) \
    ((PMMPTE)(((((ULONG_PTR)(va) & VIRTUAL_ADDRESS_MASK) >> PDI_SHIFT) << PTE_SHIFT) + PDE_BASE))

#define MiGetPteAddress(va) \
    ((PMMPTE)(((((ULONG_PTR)(va) & VIRTUAL_ADDRESS_MASK) >> PTI_SHIFT) << PTE_SHIFT) + PTE_BASE))
#define MiGetVirtualAddressMappedByPte(PTE) \
    ((PVOID)((LONG_PTR)(((LONG_PTR)(PTE) - PTE_BASE) << (PAGE_SHIFT + VA_SHIFT - PTE_SHIFT)) >> VA_SHIFT))
PMMPTE
NTAPI
GetPxeAddress(
    __in PVOID VirtualAddress
)
{
    return MiGetPxeAddress(VirtualAddress);
}

PMMPTE
NTAPI
GetPpeAddress(
    __in PVOID VirtualAddress
)
{
    return MiGetPpeAddress(VirtualAddress);
}

PMMPTE
NTAPI
GetPdeAddress(
    __in PVOID VirtualAddress
)
{
    return MiGetPdeAddress(VirtualAddress);
}

PMMPTE
NTAPI
GetPteAddress(
    __in PVOID VirtualAddress
)
{
    return MiGetPteAddress(VirtualAddress);
}

PVOID
NTAPI
GetVirtualAddressMappedByPte(
    __in PMMPTE Pte
)
{
    return MiGetVirtualAddressMappedByPte(Pte);
}
YangKi1902 commented 5 years ago

well sorry ptebase for 10586 is different, this issue is not resolved

YangKi1902 commented 5 years ago

i changed if (Block->BuildNumber >= 10586) to if (Block->BuildNumber >= 14393) seem work

9176324 commented 5 years ago

低版本 很少人用 没有测试 小问题