IDontCode
/
Theodosius
2
1
Fork 2
Code Issues Pull Requests Projects Releases Wiki Activity

fixed c++ symbol name issues

Browse Source
2.0
_xeroxz 4 years ago
parent 541cc3940a
commit 103c2304c8
8 changed files with 37 additions and 32 deletions
Show Stats Download Patch File Download Diff File

4
DemoDrv/DemoDrv.vcxproj
Unescape View File

@ -95,8 +95,8 @@
<FilesToPackage Include="$(TargetPath)" /> <FilesToPackage Include="$(TargetPath)" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClCompile Include="DriverEntry.c" /> <ClCompile Include="DriverEntry.cpp" />
<ClCompile Include="ObfuscateDemo.c" /> <ClCompile Include="ObfuscateDemo.cpp" />
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClInclude Include="Theodosius.h" /> <ClInclude Include="Theodosius.h" />

4
DemoDrv/DemoDrv.vcxproj.filters
Unescape View File

@ -10,10 +10,10 @@
</Filter> </Filter>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClCompile Include="DriverEntry.c"> <ClCompile Include="DriverEntry.cpp">
<Filter>Source Files</Filter> <Filter>Source Files</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="ObfuscateDemo.c"> <ClCompile Include="ObfuscateDemo.cpp">
<Filter>Source Files</Filter> <Filter>Source Files</Filter>
</ClCompile> </ClCompile>
</ItemGroup> </ItemGroup>

7
DemoDrv/DriverEntry.c
Unescape View File

@ -1,7 +0,0 @@
#include "Theodosius.h"
int drv_entry()
{
DbgPrint("> hello world! this is a demo!\n");
DbgPrint("> current pml4 = 0x%p\n", get_dirbase());
}

7
DemoDrv/DriverEntry.cpp
Unescape View File

@ -0,0 +1,7 @@
#include "Theodosius.h"
extern "C" int __cdecl drv_entry()
{
DbgPrint("> hello world! this is a demo!\n");
DbgPrint("> current pml4 = 0x%p\n", cppdemo::get_dirbase());
}

17
DemoDrv/ObfuscateDemo.c
Unescape View File

@ -1,17 +0,0 @@
#include "Theodosius.h"
extern void* PiddbCacheTable;
ObfuscateRoutine
unsigned long long get_dirbase()
{
cr3 result;
result.flags =
*(unsigned long long*)(IoGetCurrentProcess() + 0x28);
result.flags = NULL;
if (!result.address_of_page_directory)
return -1;
*(unsigned*)PiddbCacheTable = 0x0;
return result.address_of_page_directory << 12 + (unsigned long long) &get_dirbase;
}

18
DemoDrv/ObfuscateDemo.cpp
Unescape View File

@ -0,0 +1,18 @@
#include "Theodosius.h"
namespace cppdemo
{
ObfuscateRoutine
unsigned long long get_dirbase()
{
cr3 result;
result.flags =
*(unsigned long long*)(IoGetCurrentProcess() + 0x28);
result.flags = NULL;
if (!result.address_of_page_directory)
return -1;
return result.address_of_page_directory << 12;
}
}

10
DemoDrv/Theodosius.h
Unescape View File

@ -2,9 +2,13 @@
#include <intrin.h> #include <intrin.h>
#define ObfuscateRoutine __declspec(code_seg(".theo")) #define ObfuscateRoutine __declspec(code_seg(".theo"))
unsigned long DbgPrint(const char* format, ...); extern "C" unsigned long DbgPrint(const char* format, ...);
unsigned long long IoGetCurrentProcess(); extern "C" unsigned long long IoGetCurrentProcess();
unsigned long long get_dirbase();
namespace cppdemo
{
unsigned long long get_dirbase();
}
typedef union typedef union
{ {

2
Theodosius/hmdm_ctx.cpp
Unescape View File

@ -338,7 +338,7 @@ namespace drv
mapped_symbols[next_instruction_symbol]; mapped_symbols[next_instruction_symbol];
std::printf(" > next instruction symbol = %s, address = 0x%p\n", std::printf(" > next instruction symbol = %s, address = 0x%p\n",
next_instruction_symbol, *reinterpret_cast<std::uintptr_t*>( next_instruction_symbol.c_str(), *reinterpret_cast<std::uintptr_t*>(
&final_instruction[instruction.length + JMP_RIP_ADDR_IDX])); &final_instruction[instruction.length + JMP_RIP_ADDR_IDX]));
const auto instruc_alloc = const auto instruc_alloc =

Write Preview
Loading…
Cancel
Save