Update README.md

4 years ago · ab4458ca34
parent 7f7ffe7d40
commit ab4458ca34
1 changed files with 42 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -172,7 +172,49 @@ theo::memcpy_t _memcpy =

 ### theo::malloc_t - allocate executable memory

+This lambda is used to allocate executable memory. Any method will do as long as the memcpy lambda can write to the allocated memory. An MSREXEC example for this lambda is defined below.

+```cpp
+theo::malloc_t _kalloc = [&](std::size_t size) -> void*
+{
+	void* alloc_base;
+	msrexec.exec
+	(
+		[&](void* krnl_base, get_system_routine_t get_kroutine) -> void
+		{
+			using ex_alloc_pool_t =
+				void* (*)(std::uint32_t, std::size_t);
+
+			const auto ex_alloc_pool =
+				reinterpret_cast<ex_alloc_pool_t>(
+					get_kroutine(krnl_base, "ExAllocatePool"));
+
+			alloc_base = ex_alloc_pool(NULL, size);
+		}
+	);
+	return alloc_base;
+};
+```
+
+This lambda uses MSREXEC to allocate kernel memory via ExAllocatePool. However this is completely open ended on how you want to do it, you can allocate your memory into discarded
+sections, you can allocate your memory in another address space, etc... Its extremely modular.
+
+
+Another, yet simple, usermode example for this lambda is defined below.
+
+```cpp
+theo::malloc_t _alloc = [&](std::size_t size) -> void*
+{
+	return VirtualAllocEx
+	(
+		phandle,
+		nullptr,
+		size,
+		MEM_COMMIT | MEM_RESERVE,
+		PAGE_EXECUTE_READWRITE
+	);
+};
+```

 # Obfuscation