You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36 lines
907 B
36 lines
907 B
4 years ago
|
#include "Theodosius.h"
|
||
4 years ago
|
#include "Types.h"
|
||
4 years ago
|
|
||
4 years ago
|
// this routine is not obfuscated...
|
||
|
void PrintCR3()
|
||
|
{
|
||
|
ULONG_PTR Cr3Value =
|
||
|
*reinterpret_cast<ULONG_PTR*>(
|
||
|
IoGetCurrentProcess() + CR3_OFFSET);
|
||
|
|
||
|
DbgPrint("> Current CR3 = 0x%p\n", Cr3Value);
|
||
|
}
|
||
|
|
||
|
ObfuscateRoutine void LoopDemo()
|
||
|
{
|
||
|
// JCC's work! :)
|
||
|
for (auto idx = 0u; idx < 10; ++idx)
|
||
|
DbgPrint("> Loop Demo: %d\n", idx);
|
||
|
}
|
||
|
|
||
|
// entry point must be named "DrvEntry" for this example...
|
||
|
MutateRoutine extern "C" void DrvEntry()
|
||
4 years ago
|
{
|
||
4 years ago
|
DbgPrint("> Hello World!\n");
|
||
4 years ago
|
|
||
|
// non-exported symbols being resolved by jit linker...
|
||
4 years ago
|
DbgPrint("> PiDDBCacheTable = 0x%p\n", &PiDDBCacheTable);
|
||
|
DbgPrint("> win32kfull!NtUserRegisterShellPTPListener = 0x%p\n", &NtUserRegisterShellPTPListener);
|
||
4 years ago
|
|
||
|
// example of referencing itself...
|
||
|
DbgPrint("> DrvEntry = 0x%p\n", &DrvEntry);
|
||
|
|
||
|
// example of calling other obfuscated/non obfuscated routines...
|
||
|
PrintCR3();
|
||
|
LoopDemo();
|
||
4 years ago
|
}
|