|
|
@ -37,6 +37,23 @@ drv::kalloc_t _kalloc = [&](std::size_t size) -> void*
|
|
|
|
};
|
|
|
|
};
|
|
|
|
```
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
###### drv::kmemcpy_t - VDM Example
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
***NOTE:*** The memcpy being called in this example is exported from ntoskrnl.exe and not in usermode.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
```cpp
|
|
|
|
|
|
|
|
drv::kmemcpy_t _kmemcpy =
|
|
|
|
|
|
|
|
[&](void* dest, const void* src, std::size_t size) -> void*
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
static const auto kmemcpy =
|
|
|
|
|
|
|
|
reinterpret_cast<void*>(
|
|
|
|
|
|
|
|
utils::kmodule::get_export(
|
|
|
|
|
|
|
|
"ntoskrnl.exe", "memcpy"));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return vdm.syscall<decltype(&memcpy)>(kmemcpy, dest, src, size);
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
#### MSREXEC Example
|
|
|
|
#### MSREXEC Example
|
|
|
|
|
|
|
|
|
|
|
|
***
|
|
|
|
***
|
|
|
|