|
|
|
@ -67,17 +67,19 @@ int __cdecl main(int argc, char** argv)
|
|
|
|
const auto [drv_base, drv_entry] = drv_mapper.map_module(drv_buffer);
|
|
|
|
const auto [drv_base, drv_entry] = drv_mapper.map_module(drv_buffer);
|
|
|
|
std::printf("> driver base -> 0x%p, driver entry -> 0x%p\n", drv_base, drv_entry);
|
|
|
|
std::printf("> driver base -> 0x%p, driver entry -> 0x%p\n", drv_base, drv_entry);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (!drv_base || !drv_entry)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
std::printf("> failed to map driver...\n");
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// call driver entry... its up to you to do this using whatever method...
|
|
|
|
// call driver entry... its up to you to do this using whatever method...
|
|
|
|
// with VDM you can syscall into it... with msrexec you will use msrexec::exec...
|
|
|
|
// with VDM you can syscall into it... with msrexec you will use msrexec::exec...
|
|
|
|
const auto entry_result = vdm.syscall<NTSTATUS(*)(std::uintptr_t)>(
|
|
|
|
const auto entry_result = vdm.syscall<NTSTATUS(*)(std::uintptr_t)>(
|
|
|
|
reinterpret_cast<void*>(drv_entry), drv_base);
|
|
|
|
reinterpret_cast<void*>(drv_entry), drv_base);
|
|
|
|
|
|
|
|
|
|
|
|
std::printf("> entry result -> 0x%p\n", entry_result);
|
|
|
|
std::printf("> entry result -> 0x%p\n", entry_result);
|
|
|
|
if (!drv_base || !drv_entry)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
std::printf("> failed to map driver...\n");
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
const auto unload_status = vdm::unload_drv(drv_handle, drv_key);
|
|
|
|
const auto unload_status = vdm::unload_drv(drv_handle, drv_key);
|
|
|
|
if (unload_status != STATUS_SUCCESS)
|
|
|
|
if (unload_status != STATUS_SUCCESS)
|
|
|
|
|
_xeroxz
3 years ago