You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
41 lines
946 B
41 lines
946 B
4 years ago
|
#include "Theodosius.h"
|
||
|
4 years ago
|
#include "Types.h"
|
||
|
4 years ago
|
|
||
|
4 years ago
|
// this routine is not obfuscated...
|
||
|
|
void PrintCR3()
|
||
|
|
{
|
||
|
|
ULONG_PTR Cr3Value =
|
||
|
|
*reinterpret_cast<ULONG_PTR*>(
|
||
|
|
IoGetCurrentProcess() + CR3_OFFSET);
|
||
|
|
|
||
|
|
DbgPrint("> Current CR3 = 0x%p\n", Cr3Value);
|
||
|
|
}
|
||
|
|
|
||
|
4 years ago
|
ObfuscateRoutine
|
||
|
4 years ago
|
void LoopDemo(bool* result)
|
||
|
4 years ago
|
{
|
||
|
|
// JCC's work! :)
|
||
|
|
for (auto idx = 0u; idx < 10; ++idx)
|
||
|
|
DbgPrint("> Loop Demo: %d\n", idx);
|
||
|
4 years ago
|
|
||
|
|
*result = true;
|
||
|
4 years ago
|
}
|
||
|
|
|
||
|
|
MutateRoutine extern "C" void DrvEntry()
|
||
|
4 years ago
|
{
|
||
|
4 years ago
|
DbgPrint("> Hello World!\n");
|
||
|
4 years ago
|
|
||
|
|
// non-exported symbols being resolved by jit linker...
|
||
|
4 years ago
|
DbgPrint("> PiDDBCacheTable = 0x%p\n", &PiDDBCacheTable);
|
||
|
|
DbgPrint("> win32kfull!NtUserRegisterShellPTPListener = 0x%p\n", &NtUserRegisterShellPTPListener);
|
||
|
4 years ago
|
|
||
|
|
// example of referencing itself...
|
||
|
|
DbgPrint("> DrvEntry = 0x%p\n", &DrvEntry);
|
||
|
|
|
||
|
|
// example of calling other obfuscated/non obfuscated routines...
|
||
|
|
PrintCR3();
|
||
|
4 years ago
|
|
||
|
|
bool result = false;
|
||
|
|
LoopDemo(&result);
|
||
|
|
DbgPrint("> result = %d\n", result);
|
||
|
4 years ago
|
}
|