fixed c++ symbol name issues

4 years ago · 103c2304c8
parent 541cc3940a
commit 103c2304c8
8 changed files with 37 additions and 32 deletions
--- a/DemoDrv/DemoDrv.vcxproj
+++ b/DemoDrv/DemoDrv.vcxproj
@ -95,8 +95,8 @@
    <FilesToPackage Include="$(TargetPath)" />
  </ItemGroup>
  <ItemGroup>
-    <ClCompile Include="DriverEntry.c" />
-    <ClCompile Include="ObfuscateDemo.c" />
+    <ClCompile Include="DriverEntry.cpp" />
+    <ClCompile Include="ObfuscateDemo.cpp" />
  </ItemGroup>
  <ItemGroup>
    <ClInclude Include="Theodosius.h" />
--- a/DemoDrv/DemoDrv.vcxproj.filters
+++ b/DemoDrv/DemoDrv.vcxproj.filters
@ -10,10 +10,10 @@
    </Filter>
  </ItemGroup>
  <ItemGroup>
-    <ClCompile Include="DriverEntry.c">
+    <ClCompile Include="DriverEntry.cpp">
      <Filter>Source Files</Filter>
    </ClCompile>
-    <ClCompile Include="ObfuscateDemo.c">
+    <ClCompile Include="ObfuscateDemo.cpp">
      <Filter>Source Files</Filter>
    </ClCompile>
  </ItemGroup>
--- a/DemoDrv/DriverEntry.c
+++ b/DemoDrv/DriverEntry.c
@ -1,7 +0,0 @@
-#include "Theodosius.h"
-
-int drv_entry()
-{
-	DbgPrint("> hello world! this is a demo!\n");
-	DbgPrint("> current pml4 = 0x%p\n", get_dirbase());
-}
--- a/DemoDrv/DriverEntry.cpp
+++ b/DemoDrv/DriverEntry.cpp
@ -0,0 +1,7 @@
+#include "Theodosius.h"
+
+extern "C" int __cdecl drv_entry()
+{
+	DbgPrint("> hello world! this is a demo!\n");
+	DbgPrint("> current pml4 = 0x%p\n", cppdemo::get_dirbase());
+}
--- a/DemoDrv/ObfuscateDemo.c
+++ b/DemoDrv/ObfuscateDemo.c
@ -1,17 +0,0 @@
-#include "Theodosius.h"
-extern void* PiddbCacheTable;
-
-ObfuscateRoutine
-unsigned long long get_dirbase()
-{
-	cr3 result;
-	result.flags =
-		*(unsigned long long*)(IoGetCurrentProcess() + 0x28);
-
-	result.flags = NULL;
-	if (!result.address_of_page_directory)
-		return -1;
-
-	*(unsigned*)PiddbCacheTable = 0x0;
-	return result.address_of_page_directory << 12 + (unsigned long long) &get_dirbase;
-}
--- a/DemoDrv/ObfuscateDemo.cpp
+++ b/DemoDrv/ObfuscateDemo.cpp
@ -0,0 +1,18 @@
+#include "Theodosius.h"
+
+namespace cppdemo
+{
+	ObfuscateRoutine
+	unsigned long long get_dirbase()
+	{
+		cr3 result;
+		result.flags =
+			*(unsigned long long*)(IoGetCurrentProcess() + 0x28);
+
+		result.flags = NULL;
+		if (!result.address_of_page_directory)
+			return -1;
+
+		return result.address_of_page_directory << 12;
+	}
+}
--- a/DemoDrv/Theodosius.h
+++ b/DemoDrv/Theodosius.h
@ -2,9 +2,13 @@
 #include <intrin.h>
 #define ObfuscateRoutine __declspec(code_seg(".theo"))

-unsigned long DbgPrint(const char* format, ...);
-unsigned long long IoGetCurrentProcess();
-unsigned long long get_dirbase();
+extern "C" unsigned long DbgPrint(const char* format, ...);
+extern "C" unsigned long long IoGetCurrentProcess();
+
+namespace cppdemo
+{
+    unsigned long long get_dirbase();
+}

 typedef union
 {
--- a/Theodosius/hmdm_ctx.cpp
+++ b/Theodosius/hmdm_ctx.cpp
@ -338,7 +338,7 @@ namespace drv
 								mapped_symbols[next_instruction_symbol];

 						std::printf("	> next instruction symbol = %s, address = 0x%p\n", 
-							next_instruction_symbol, *reinterpret_cast<std::uintptr_t*>(
+							next_instruction_symbol.c_str(), *reinterpret_cast<std::uintptr_t*>(
 								&final_instruction[instruction.length + JMP_RIP_ADDR_IDX]));

 						const auto instruc_alloc =