diff --git a/PSKDM/PSKDM.vcxproj b/PSKDM/PSKDM.vcxproj
index 3e5dc91..be51ac8 100644
--- a/PSKDM/PSKDM.vcxproj
+++ b/PSKDM/PSKDM.vcxproj
@@ -200,16 +200,16 @@
-
+
-
+
diff --git a/PSKDM/PSKDM.vcxproj.filters b/PSKDM/PSKDM.vcxproj.filters
index 818bb07..75cb702 100644
--- a/PSKDM/PSKDM.vcxproj.filters
+++ b/PSKDM/PSKDM.vcxproj.filters
@@ -26,15 +26,15 @@
Source Files
-
- Source Files
-
Source Files
Source Files
+
+ Source Files
+
@@ -52,9 +52,6 @@
Header Files\util
-
- Header Files
-
Header Files
@@ -73,5 +70,8 @@
Header Files
+
+ Header Files
+
\ No newline at end of file
diff --git a/PSKDM/map_driver.cpp b/PSKDM/map_driver.cpp
index 92537c9..0e82c79 100644
--- a/PSKDM/map_driver.cpp
+++ b/PSKDM/map_driver.cpp
@@ -34,8 +34,8 @@ namespace mapper
};
vdm::vdm_ctx v_ctx(_read_phys, _write_phys);
- nasa::mem_ctx desired_ctx(&v_ctx, GetCurrentProcessId());
- nasa::mem_ctx zombie_ctx(&v_ctx, context_pid);
+ ptm::ptm_ctx desired_ctx(&v_ctx, GetCurrentProcessId());
+ ptm::ptm_ctx zombie_ctx(&v_ctx, context_pid);
nasa::mapper_ctx mapper(&desired_ctx, &zombie_ctx);
// disable the working set manager thread
@@ -61,6 +61,10 @@ namespace mapper
if (!drv_base || !drv_entry)
return { mapper_error::init_failed, nullptr };
+ std::printf("[+] driver base -> 0x%p\n", drv_base);
+ std::printf("[+] driver entry -> 0x%p\n", drv_entry);
+ std::getchar();
+
mapper.call_entry(drv_entry, entry_data);
if (!vdm::unload_drv(drv_handle, drv_key))
return { mapper_error::unload_error, nullptr };
diff --git a/PSKDM/mapper_ctx/mapper_ctx.cpp b/PSKDM/mapper_ctx/mapper_ctx.cpp
index d6784f3..6c684de 100644
--- a/PSKDM/mapper_ctx/mapper_ctx.cpp
+++ b/PSKDM/mapper_ctx/mapper_ctx.cpp
@@ -4,8 +4,8 @@ namespace nasa
{
mapper_ctx::mapper_ctx
(
- nasa::mem_ctx* map_into,
- nasa::mem_ctx* map_from
+ ptm::ptm_ctx* map_into,
+ ptm::ptm_ctx* map_from
)
:
map_into(map_into),
@@ -17,7 +17,7 @@ namespace nasa
map_into->set_page(map_into->dirbase));
// look for an empty pml4e...
- for (auto idx = 100u; idx < 255; ++idx)
+ for (auto idx = 255u; idx < 511; ++idx)
{
if (!map_into_pml4[idx].value)
{
@@ -33,21 +33,26 @@ namespace nasa
auto [drv_ppml4e, drv_pml4e] = map_from->get_pml4e(drv_alloc);
make_kernel_access(drv_alloc);
- while (!map_from->set_pml4e(drv_ppml4e, pml4e{ NULL }))
- continue;
+ map_from->set_pml4e(drv_ppml4e, pml4e{ NULL });
+ drv_pml4e.present = true;
drv_pml4e.nx = false;
drv_pml4e.user_supervisor = false;
drv_pml4e.write = true;
- // ensure we insert the pml4e...
- while (!map_into->write_phys(
+ const auto map_into_pml4 =
reinterpret_cast(
- map_into->dirbase) + this->pml4_idx, drv_pml4e))
- continue;
+ map_into->set_page(map_into->dirbase));
+
+ map_into_pml4[this->pml4_idx] = drv_pml4e;
+ virt_addr_t old_addr = { reinterpret_cast(drv_alloc) };
+ virt_addr_t new_addr = { reinterpret_cast(MAXULONG64) };
- virt_addr_t new_addr = { reinterpret_cast(drv_alloc) };
new_addr.pml4_index = this->pml4_idx;
+ new_addr.pdpt_index = old_addr.pdpt_index;
+ new_addr.pd_index = old_addr.pd_index;
+ new_addr.pt_index = old_addr.pt_index;
+ new_addr.offset = old_addr.offset;
return { new_addr.value, drv_entry_addr };
}
@@ -93,8 +98,15 @@ namespace nasa
if (!drv_alloc_base)
return { {}, {} };
- virt_addr_t new_addr = { reinterpret_cast(drv_alloc_base) };
+ virt_addr_t old_addr = { reinterpret_cast(drv_alloc_base) };
+ virt_addr_t new_addr = { reinterpret_cast(MAXULONG64) };
+
new_addr.pml4_index = this->pml4_idx;
+ new_addr.pdpt_index = old_addr.pdpt_index;
+ new_addr.pd_index = old_addr.pd_index;
+ new_addr.pt_index = old_addr.pt_index;
+ new_addr.offset = old_addr.offset;
+
drv_image.relocate(reinterpret_cast(new_addr.value));
// dont write nt headers...
diff --git a/PSKDM/mapper_ctx/mapper_ctx.hpp b/PSKDM/mapper_ctx/mapper_ctx.hpp
index 4f7f2ec..0c73da4 100644
--- a/PSKDM/mapper_ctx/mapper_ctx.hpp
+++ b/PSKDM/mapper_ctx/mapper_ctx.hpp
@@ -1,4 +1,4 @@
-#include "../mem_ctx/mem_ctx.hpp"
+#include "../ptm_ctx/ptm_ctx.hpp"
#include "../pe_image/pe_image.h"
namespace nasa
@@ -6,7 +6,7 @@ namespace nasa
class mapper_ctx
{
public:
- explicit mapper_ctx(nasa::mem_ctx* map_into, nasa::mem_ctx* map_from);
+ explicit mapper_ctx(ptm::ptm_ctx* map_into, ptm::ptm_ctx* map_from);
auto map(std::vector& raw_image) -> std::pair;
void call_entry(void* drv_entry, void** hook_handler) const;
@@ -14,6 +14,6 @@ namespace nasa
std::uint16_t pml4_idx;
auto allocate_driver(std::vector& raw_image) -> std::pair;
void make_kernel_access(void* drv_base);
- nasa::mem_ctx* map_into, *map_from;
+ ptm::ptm_ctx* map_into, *map_from;
};
}
\ No newline at end of file
diff --git a/PSKDM/mem_ctx/mem_ctx.cpp b/PSKDM/ptm_ctx/ptm_ctx.cpp
similarity index 90%
rename from PSKDM/mem_ctx/mem_ctx.cpp
rename to PSKDM/ptm_ctx/ptm_ctx.cpp
index 89fe3b2..5e9ac8b 100644
--- a/PSKDM/mem_ctx/mem_ctx.cpp
+++ b/PSKDM/ptm_ctx/ptm_ctx.cpp
@@ -1,8 +1,8 @@
-#include "mem_ctx.hpp"
+#include "ptm_ctx.hpp"
-namespace nasa
+namespace ptm
{
- mem_ctx::mem_ctx(vdm::vdm_ctx* v_ctx, std::uint32_t pid)
+ ptm_ctx::ptm_ctx(vdm::vdm_ctx* v_ctx, std::uint32_t pid)
:
v_ctx(v_ctx),
dirbase(get_dirbase(*v_ctx, pid)),
@@ -89,14 +89,14 @@ namespace nasa
new_pt_entries.pt.second.pfn << 12);
}
- mem_ctx::~mem_ctx()
+ ptm_ctx::~ptm_ctx()
{
const auto pml4 =
reinterpret_cast(
set_page(dirbase))[pml4e_index] = pml4e{ NULL };
}
- void* mem_ctx::set_page(void* addr)
+ void* ptm_ctx::set_page(void* addr)
{
++pte_index;
if (pte_index > 511)
@@ -146,7 +146,7 @@ namespace nasa
return get_page();
}
- void* mem_ctx::get_page() const
+ void* ptm_ctx::get_page() const
{
// builds a new address given the state of all table indexes
virt_addr_t new_addr;
@@ -180,7 +180,7 @@ namespace nasa
return new_addr.value;
}
- void* mem_ctx::get_dirbase(vdm::vdm_ctx& v_ctx, DWORD pid)
+ void* ptm_ctx::get_dirbase(vdm::vdm_ctx& v_ctx, DWORD pid)
{
const auto peproc =
reinterpret_cast(
@@ -190,7 +190,7 @@ namespace nasa
v_ctx.rkm(peproc + 0x28).pfn << 12);
}
- bool mem_ctx::hyperspace_entries(pt_entries& entries, void* addr)
+ bool ptm_ctx::hyperspace_entries(pt_entries& entries, void* addr)
{
if (!addr || !dirbase)
return false;
@@ -232,7 +232,7 @@ namespace nasa
return true;
}
- auto mem_ctx::get_pte(void* addr, bool use_hyperspace) -> std::pair
+ auto ptm_ctx::get_pte(void* addr, bool use_hyperspace) -> std::pair
{
if (!dirbase || !addr)
return { {}, {} };
@@ -244,7 +244,7 @@ namespace nasa
return { {}, {} };
}
- bool mem_ctx::set_pte(void* addr, const ::pte& pte, bool use_hyperspace)
+ bool ptm_ctx::set_pte(void* addr, const ::pte& pte, bool use_hyperspace)
{
if (!dirbase || !addr)
return false;
@@ -257,7 +257,7 @@ namespace nasa
return write_phys(addr, pte);
}
- auto mem_ctx::get_pde(void* addr, bool use_hyperspace) -> std::pair
+ auto ptm_ctx::get_pde(void* addr, bool use_hyperspace) -> std::pair
{
if (!dirbase || !addr)
return { {}, {} };
@@ -268,7 +268,7 @@ namespace nasa
return { {}, {} };
}
- bool mem_ctx::set_pde(void* addr, const ::pde& pde, bool use_hyperspace)
+ bool ptm_ctx::set_pde(void* addr, const ::pde& pde, bool use_hyperspace)
{
if (!dirbase || !addr)
return false;
@@ -281,7 +281,7 @@ namespace nasa
return write_phys(addr, pde);
}
- auto mem_ctx::get_pdpte(void* addr, bool use_hyperspace) -> std::pair
+ auto ptm_ctx::get_pdpte(void* addr, bool use_hyperspace) -> std::pair
{
if (!dirbase || !addr)
return { {}, {} };
@@ -293,7 +293,7 @@ namespace nasa
return { {}, {} };
}
- bool mem_ctx::set_pdpte(void* addr, const ::pdpte& pdpte, bool use_hyperspace)
+ bool ptm_ctx::set_pdpte(void* addr, const ::pdpte& pdpte, bool use_hyperspace)
{
if (!dirbase || !addr)
return false;
@@ -306,7 +306,7 @@ namespace nasa
return write_phys(addr, pdpte);
}
- auto mem_ctx::get_pml4e(void* addr, bool use_hyperspace) -> std::pair
+ auto ptm_ctx::get_pml4e(void* addr, bool use_hyperspace) -> std::pair
{
if (!dirbase || !addr)
return { {}, {} };
@@ -318,7 +318,7 @@ namespace nasa
return { {}, {} };
}
- bool mem_ctx::set_pml4e(void* addr, const ::pml4e& pml4e, bool use_hyperspace)
+ bool ptm_ctx::set_pml4e(void* addr, const ::pml4e& pml4e, bool use_hyperspace)
{
if (!dirbase || !addr)
return false;
@@ -331,7 +331,7 @@ namespace nasa
return write_phys(addr, pml4e);
}
- auto mem_ctx::read_virtual(void* buffer, void* addr, std::size_t size) -> std::pair
+ auto ptm_ctx::read_virtual(void* buffer, void* addr, std::size_t size) -> std::pair
{
if (!buffer || !addr || !size || !dirbase)
return {};
@@ -373,7 +373,7 @@ namespace nasa
}
}
- auto mem_ctx::write_virtual(void* buffer, void* addr, std::size_t size) -> std::pair
+ auto ptm_ctx::write_virtual(void* buffer, void* addr, std::size_t size) -> std::pair
{
if (!buffer || !addr || !size || !dirbase)
return {};
@@ -415,7 +415,7 @@ namespace nasa
}
}
- bool mem_ctx::read_phys(void* buffer, void* addr, std::size_t size)
+ bool ptm_ctx::read_phys(void* buffer, void* addr, std::size_t size)
{
if (!buffer || !addr || !size)
return false;
@@ -432,7 +432,7 @@ namespace nasa
return true;
}
- bool mem_ctx::write_phys(void* buffer, void* addr, std::size_t size)
+ bool ptm_ctx::write_phys(void* buffer, void* addr, std::size_t size)
{
if (!buffer || !addr || !size)
return false;
@@ -449,7 +449,7 @@ namespace nasa
return true;
}
- void* mem_ctx::virt_to_phys(pt_entries& entries, void* addr)
+ void* ptm_ctx::virt_to_phys(pt_entries& entries, void* addr)
{
if (!addr || !dirbase)
return {};
diff --git a/PSKDM/mem_ctx/mem_ctx.hpp b/PSKDM/ptm_ctx/ptm_ctx.hpp
similarity index 95%
rename from PSKDM/mem_ctx/mem_ctx.hpp
rename to PSKDM/ptm_ctx/ptm_ctx.hpp
index d0f555f..2ac89e8 100644
--- a/PSKDM/mem_ctx/mem_ctx.hpp
+++ b/PSKDM/ptm_ctx/ptm_ctx.hpp
@@ -2,13 +2,13 @@
#include "../util/nt.hpp"
#include "../vdm_ctx/vdm_ctx.hpp"
-namespace nasa
+namespace ptm
{
- class mem_ctx
+ class ptm_ctx
{
public:
- explicit mem_ctx(vdm::vdm_ctx* v_ctx, std::uint32_t pid = GetCurrentProcessId());
- ~mem_ctx();
+ explicit ptm_ctx(vdm::vdm_ctx* v_ctx, std::uint32_t pid = GetCurrentProcessId());
+ ~ptm_ctx();
auto get_pte(void* addr, bool use_hyperspace = false) -> std::pair;
bool set_pte(void* addr, const ::pte& pte, bool use_hyperspace = false);
diff --git a/um-example/PSKDM.lib b/um-example/PSKDM.lib
index fdae025..8a7e77b 100644
Binary files a/um-example/PSKDM.lib and b/um-example/PSKDM.lib differ
diff --git a/um-example/main.cpp b/um-example/main.cpp
index c7c792f..18e2924 100644
--- a/um-example/main.cpp
+++ b/um-example/main.cpp
@@ -26,6 +26,6 @@ int __cdecl main(int argc, char** argv)
);
std::printf("[+] driver mapping result -> 0x%x (0 == mapper_error::error_success)\n", result);
- std::printf("[+] driver base address (usermode) -> 0x%p\n", driver_base);
+ std::printf("[+] driver base address -> 0x%p\n", driver_base);
std::getchar();
}
\ No newline at end of file