IDontCode
/
msrexec
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

works good, removed SwitchToThread...

Browse Source
merge-requests/1/head
_xeroxz 4 years ago
parent 447d1c2ba7
commit 8c4acb1ba3
2 changed files with 16 additions and 17 deletions
Show Stats Download Patch File Download Diff File

28
main.cpp
Unescape View File

@ -27,22 +27,20 @@ int __cdecl main(int argc, char** argv)
}; };
vdm::msrexec_ctx msrexec(_write_msr); vdm::msrexec_ctx msrexec(_write_msr);
for(auto idx = 0u; idx < 100; ++idx) msrexec.exec([&](void* krnl_base, get_system_routine_t get_kroutine) -> void
{ {
msrexec.exec([&](void* krnl_base, get_system_routine_t get_kroutine) -> void const auto dbg_print =
{ reinterpret_cast<dbg_print_t>(
const auto dbg_print = get_kroutine(krnl_base, "DbgPrint"));
reinterpret_cast<dbg_print_t>(
get_kroutine(krnl_base, "DbgPrint")); const auto ex_alloc_pool =
reinterpret_cast<ex_alloc_pool_t>(
const auto ex_alloc_pool = get_kroutine(krnl_base, "ExAllocatePool"));
reinterpret_cast<ex_alloc_pool_t>(
get_kroutine(krnl_base, "ExAllocatePool")); dbg_print("> allocated pool -> 0x%p\n", ex_alloc_pool(NULL, 0x1000));
dbg_print("> cr4 -> 0x%p\n", __readcr4());
dbg_print("> allocated pool -> 0x%p\n", ex_alloc_pool(NULL, 0x1000)); dbg_print("> hello world!\n");
dbg_print("> cr4 -> 0x%p\n", __readcr4()); });
});
}
const auto unload_result = const auto unload_result =
vdm::unload_drv(drv_handle, drv_key); vdm::unload_drv(drv_handle, drv_key);

5
msrexec.cpp
Unescape View File

@ -53,7 +53,7 @@ namespace vdm
m_smep_off.flags = cr4_value.flags; m_smep_off.flags = cr4_value.flags;
m_smep_off.smep_enable = false; m_smep_off.smep_enable = false;
m_smep_off.smap_enable = false; // newer spus have this on... m_smep_off.smap_enable = false; // newer cpus have this on...
// WARNING: some virtual machines dont have SMEP... // WARNING: some virtual machines dont have SMEP...
// my VMWare VM doesnt... nor does my Virtual Box VM... // my VMWare VM doesnt... nor does my Virtual Box VM...
@ -140,7 +140,8 @@ namespace vdm
m_kpcr_rsp_offset = *reinterpret_cast<std::uint32_t*>(ki_system_call + 8); m_kpcr_rsp_offset = *reinterpret_cast<std::uint32_t*>(ki_system_call + 8);
m_kpcr_krsp_offset = *reinterpret_cast<std::uint32_t*>(ki_system_call + 17); m_kpcr_krsp_offset = *reinterpret_cast<std::uint32_t*>(ki_system_call + 17);
// handle KVA shadowing... if KVA shadowing is enabled LSTAR will point at KiSystemCall64Shadow... // handle KVA shadowing... if KVA shadowing is
// enabled LSTAR will point at KiSystemCall64Shadow...
SYSTEM_KERNEL_VA_SHADOW_INFORMATION kva_info = { 0 }; SYSTEM_KERNEL_VA_SHADOW_INFORMATION kva_info = { 0 };
// if SystemKernelVaShadowInformation is not a valid class just // if SystemKernelVaShadowInformation is not a valid class just

Write Preview
Loading…
Cancel
Save