added rkm/wkm non-templated option

master
_xeroxz 4 years ago
parent c38649db56
commit e403343c2a

@ -47,6 +47,24 @@ namespace vdm
this->write_phys = write_func; this->write_phys = write_func;
} }
void vdm_ctx::rkm(void* dst, void* src, std::size_t size)
{
static const auto ntoskrnl_memcpy =
util::get_kmodule_export("ntoskrnl.exe", "memcpy");
this->syscall<decltype(&memcpy)>(
ntoskrnl_memcpy, dst, src, size);
}
void vdm_ctx::wkm(void* dst, void* src, std::size_t size)
{
static const auto ntoskrnl_memcpy =
util::get_kmodule_export("ntoskrnl.exe", "memcpy");
this->syscall<decltype(&memcpy)>(
ntoskrnl_memcpy, dst, src, size);
}
void vdm_ctx::locate_syscall(std::uintptr_t address, std::uintptr_t length) const void vdm_ctx::locate_syscall(std::uintptr_t address, std::uintptr_t length) const
{ {
const auto page_data = const auto page_data =

@ -12,10 +12,8 @@ namespace vdm
{ {
// change this to whatever you want :^) // change this to whatever you want :^)
constexpr std::pair<const char*, const char*> syscall_hook = { "NtShutdownSystem", "ntdll.dll" }; constexpr std::pair<const char*, const char*> syscall_hook = { "NtShutdownSystem", "ntdll.dll" };
inline std::atomic<bool> is_page_found = false; inline std::atomic<bool> is_page_found = false;
inline std::atomic<void*> syscall_address = nullptr; inline std::atomic<void*> syscall_address = nullptr;
inline std::uint16_t nt_page_offset; inline std::uint16_t nt_page_offset;
inline std::uint32_t nt_rva; inline std::uint32_t nt_rva;
inline std::uint8_t* ntoskrnl; inline std::uint8_t* ntoskrnl;
@ -26,9 +24,11 @@ namespace vdm
class vdm_ctx class vdm_ctx
{ {
public: public:
vdm_ctx(read_phys_t& read_func, write_phys_t& write_func); explicit vdm_ctx(read_phys_t& read_func, write_phys_t& write_func);
void set_read(read_phys_t& read_func); void set_read(read_phys_t& read_func);
void set_write(write_phys_t& write_func); void set_write(write_phys_t& write_func);
void rkm(void* dst, void* src, std::size_t size);
void wkm(void* dst, void* src, std::size_t size);
template <class T, class ... Ts> template <class T, class ... Ts>
__forceinline std::invoke_result_t<T, Ts...> syscall(void* addr, Ts ... args) const __forceinline std::invoke_result_t<T, Ts...> syscall(void* addr, Ts ... args) const
@ -67,24 +67,15 @@ namespace vdm
template <class T> template <class T>
__forceinline auto rkm(std::uintptr_t addr) -> T __forceinline auto rkm(std::uintptr_t addr) -> T
{ {
static const auto ntoskrnl_memcpy =
util::get_kmodule_export("ntoskrnl.exe", "memcpy");
T buffer; T buffer;
this->syscall<decltype(&memcpy)>( rkm((void*)&buffer, (void*)addr, sizeof T);
ntoskrnl_memcpy, &buffer, (void*)addr, sizeof T);
return buffer; return buffer;
} }
template <class T> template <class T>
__forceinline void wkm(std::uintptr_t addr, const T& value) __forceinline void wkm(std::uintptr_t addr, const T& value)
{ {
static const auto ntoskrnl_memcpy = wkm((void*)addr, (void*)&value, sizeof T);
util::get_kmodule_export("ntoskrnl.exe", "memcpy");
this->syscall<decltype(&memcpy)>(
ntoskrnl_memcpy, (void*)addr, &value, sizeof T);
} }
__forceinline auto get_peprocess(std::uint32_t pid) -> PEPROCESS __forceinline auto get_peprocess(std::uint32_t pid) -> PEPROCESS

Loading…
Cancel
Save