Skip to content

Commit

Permalink
partial fix #15
Browse files Browse the repository at this point in the history
  • Loading branch information
@VoidSec
VoidSec committed Apr 25, 2022
1 parent 8a442b0 commit 96be3fa
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions DriverBuddyReloaded.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,8 +214,8 @@ def find_all_ioctls():
if idc.print_insn_mnem(instr) in ['cmp', 'sub', 'mov'] and idc.get_operand_type(instr, 1) == 5:
value = get_operand_value(instr)
digits = utils.check_digits(value)
# value has 10 digits and is not a known NTSTATUS value
if digits == 10 and value not in NTSTATUS.ntstatus_values:
# value has more than 2 digits (lower false positives) and is not a known NTSTATUS value
if digits > 2 and value not in NTSTATUS.ntstatus_values:
ioctls.append((instr, value))
ioctl_tracker.add_ioctl(instr, value)
return ioctls
Expand Down Expand Up @@ -260,7 +260,8 @@ def get_position_and_translate():

value = get_operand_value(pos)
digits = utils.check_digits(value)
if digits == 10 and value not in NTSTATUS.ntstatus_values:
# value has more than 2 digits (lower false positives) and is not a known NTSTATUS value
if digits > 2 and value not in NTSTATUS.ntstatus_values:
ioctl_tracker.add_ioctl(pos, value)
define = ioctl_decoder.get_define(value)
make_comment(pos, define)
Expand Down

0 comments on commit 96be3fa

Please sign in to comment.