IDontCode
/
PSKP
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '62bf985dc9'
${ noResults }
PSKP/nasa-patch/main.cpp

39 lines
1.2 KiB
Raw Normal View History Unescape

init commit
4 years ago
#include <iostream>
#include "kernel_ctx/kernel_ctx.h"
#include "mem_ctx/mem_ctx.hpp"
#include "patch_ctx/patch_ctx.hpp"
int __cdecl main(int argc, char** argv)
{
if (!nasa::load_drv())
return NULL;
nasa::kernel_ctx kernel;
if (!nasa::unload_drv())
return NULL;
if (!kernel.clear_piddb_cache(nasa::drv_key, util::get_file_header((void*)raw_driver)->TimeDateStamp))
{
std::cerr << "[+] failed to clear piddb cache" << std::endl;
return -1;
}
nasa::mem_ctx my_proc(kernel, GetCurrentProcessId());
nasa::patch_ctx kernel_patch(&my_proc);
const auto function_addr =
reinterpret_cast<void*>(
util::get_module_export("win32kbase.sys", "NtDCompositionRetireFrame"));
const auto new_patch_page = kernel_patch.patch(function_addr);
std::cout << "[+] new_patch_page: " << new_patch_page << std::endl;
*(short*)new_patch_page = 0xDEAD;
std::cout << "[+] kernel MZ (before patch): " << std::hex << kernel.rkm<short>(function_addr) << std::endl;
kernel_patch.enable();
std::cout << "[+] kernel MZ (patch enabled): " << std::hex << kernel.rkm<short>(function_addr) << std::endl;
kernel_patch.disable();
std::cout << "[+] kernel MZ (patch disabled): " << std::hex << kernel.rkm<short>(function_addr) << std::endl;
std::cin.get();
}