|
|
@ -2,6 +2,9 @@
|
|
|
|
#include "vdm.hpp"
|
|
|
|
#include "vdm.hpp"
|
|
|
|
#include <iostream>
|
|
|
|
#include <iostream>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
using ex_alloc_pool_t = void* (*)(std::uint32_t, std::size_t);
|
|
|
|
|
|
|
|
using dbg_print_t = void(*)(const char*, ...);
|
|
|
|
|
|
|
|
|
|
|
|
int __cdecl main(int argc, char** argv)
|
|
|
|
int __cdecl main(int argc, char** argv)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
const auto [drv_handle, drv_key, drv_status] = vdm::load_drv();
|
|
|
|
const auto [drv_handle, drv_key, drv_status] = vdm::load_drv();
|
|
|
@ -11,20 +14,40 @@ int __cdecl main(int argc, char** argv)
|
|
|
|
return {};
|
|
|
|
return {};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
std::printf("drv handle -> 0x%x, drv key -> %s, drv status -> 0x%x\n",
|
|
|
|
std::printf("drv handle -> 0x%x, drv key -> %s, drv status -> 0x%x\n", drv_handle, drv_key.c_str(), drv_status);
|
|
|
|
drv_handle, drv_key.c_str(), drv_status);
|
|
|
|
|
|
|
|
std::getchar();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
std::printf("ntoskrnl base address -> 0x%p\n", utils::kmodule::get_base("ntoskrnl.exe"));
|
|
|
|
std::printf("ntoskrnl base address -> 0x%p\n", utils::kmodule::get_base("ntoskrnl.exe"));
|
|
|
|
std::printf("NtShutdownSystem -> 0x%p\n", utils::kmodule::get_export("ntoskrnl.exe", "NtShutdownSystem"));
|
|
|
|
std::printf("NtShutdownSystem -> 0x%p\n", utils::kmodule::get_export("ntoskrnl.exe", "NtShutdownSystem"));
|
|
|
|
|
|
|
|
|
|
|
|
vdm::writemsr_t _write_msr =
|
|
|
|
writemsr_t _write_msr =
|
|
|
|
[&](std::uint32_t reg, std::uintptr_t value) -> void
|
|
|
|
[&](std::uint32_t reg, std::uintptr_t value) -> void
|
|
|
|
{ vdm::writemsr(reg, value); };
|
|
|
|
{
|
|
|
|
|
|
|
|
// put your code here to write MSR....
|
|
|
|
|
|
|
|
// the code is defined in vdm::writemsr for me...
|
|
|
|
|
|
|
|
vdm::writemsr(reg, value);
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
const auto ex_alloc_pool =
|
|
|
|
|
|
|
|
reinterpret_cast<ex_alloc_pool_t>(
|
|
|
|
|
|
|
|
utils::kmodule::get_export(
|
|
|
|
|
|
|
|
"ntoskrnl.exe", "ExAllocatePool"));
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
const auto dbg_print =
|
|
|
|
|
|
|
|
reinterpret_cast<dbg_print_t>(
|
|
|
|
|
|
|
|
utils::kmodule::get_export(
|
|
|
|
|
|
|
|
"ntoskrnl.exe", "DbgPrint"));
|
|
|
|
|
|
|
|
|
|
|
|
sizeof write_msr_t;
|
|
|
|
|
|
|
|
vdm::msrexec_ctx msrexec(_write_msr);
|
|
|
|
vdm::msrexec_ctx msrexec(_write_msr);
|
|
|
|
msrexec.exec([&]() -> void { int a = 10; });
|
|
|
|
std::printf("press enter to run 100 syscall tests...\n");
|
|
|
|
|
|
|
|
std::getchar();
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
for (auto idx = 0u; idx < 100; ++idx)
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
msrexec.exec([&ex_alloc_pool, &dbg_print]() -> void
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
dbg_print("> allocated pool -> 0x%p\n",
|
|
|
|
|
|
|
|
ex_alloc_pool(NULL, 0x1000));
|
|
|
|
|
|
|
|
});
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
const auto unload_result =
|
|
|
|
const auto unload_result =
|
|
|
|
vdm::unload_drv(drv_handle, drv_key);
|
|
|
|
vdm::unload_drv(drv_handle, drv_key);
|
|
|
@ -34,4 +57,7 @@ int __cdecl main(int argc, char** argv)
|
|
|
|
std::printf("> unable to unload driver... reason -> 0x%x\n", unload_result);
|
|
|
|
std::printf("> unable to unload driver... reason -> 0x%x\n", unload_result);
|
|
|
|
return {};
|
|
|
|
return {};
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
std::printf("completed tests...\n");
|
|
|
|
|
|
|
|
std::getchar();
|
|
|
|
}
|
|
|
|
}
|