You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 lines
909 B
38 lines
909 B
#include "Theodosius.h"
|
|
#include "Types.h"
|
|
|
|
|
|
// this routine is not obfuscated...
|
|
void PrintCR3()
|
|
{
|
|
ULONG_PTR Cr3Value =
|
|
*reinterpret_cast<ULONG_PTR*>(
|
|
IoGetCurrentProcess() + CR3_OFFSET);
|
|
|
|
DbgPrint("> Current CR3 = 0x%p\n", Cr3Value);
|
|
}
|
|
|
|
ObfuscateRoutine
|
|
void LoopDemo()
|
|
{
|
|
// JCC's work! :)
|
|
for (auto idx = 0u; idx < 10; ++idx)
|
|
DbgPrint("> Loop Demo: %d\n", idx);
|
|
}
|
|
|
|
// entry point must be named "DrvEntry" for this example...
|
|
MutateRoutine extern "C" void DrvEntry()
|
|
{
|
|
DbgPrint("> Hello World!\n");
|
|
|
|
// non-exported symbols being resolved by jit linker...
|
|
DbgPrint("> PiDDBCacheTable = 0x%p\n", &PiDDBCacheTable);
|
|
DbgPrint("> win32kfull!NtUserRegisterShellPTPListener = 0x%p\n", &NtUserRegisterShellPTPListener);
|
|
|
|
// example of referencing itself...
|
|
DbgPrint("> DrvEntry = 0x%p\n", &DrvEntry);
|
|
|
|
// example of calling other obfuscated/non obfuscated routines...
|
|
PrintCR3();
|
|
LoopDemo();
|
|
} |