Update README.md

merge-requests/1/merge
xerox 4 years ago
parent bd6e4b598e
commit 6a482669ab

@ -14,32 +14,24 @@ Link to write up can be found [here](https://back.engineering/post/virtual-memor
# example # example
```cpp ```cpp
#include <iostream> // only time driver needs to be loaded is to init physmeme/kernel_ctx...
#include "kernel_ctx/kernel_ctx.h" nasa::load_drv();
#include "mem_ctx/mem_ctx.hpp" nasa::kernel_ctx kernel;
if (kernel.clear_piddb_cache(nasa::drv_key, util::get_file_header((void*)raw_driver)->TimeDateStamp))
int __cdecl main(int argc, char** argv) std::cout << "[+] flushed PIDDB Cache for physmeme driver..." << std::endl;
{ nasa::unload_drv();
// only time driver needs to be loaded is to init physmeme/kernel_ctx...
nasa::load_drv(); const std::pair<unsigned, virt_addr_t> my_proc_data = { GetCurrentProcessId(), virt_addr_t{ GetModuleHandle(NULL) } };
nasa::kernel_ctx kernel; std::cout << "[+] my pid: " << std::hex << my_proc_data.first << std::endl;
if (kernel.clear_piddb_cache(nasa::drv_key, util::get_file_header((void*)raw_driver)->TimeDateStamp)) std::cout << "[+] my base: " << std::showbase << std::hex << my_proc_data.second.value << std::endl;
std::cout << "[+] flushed PIDDB Cache for physmeme driver..." << std::endl;
nasa::unload_drv(); nasa::mem_ctx my_proc(kernel, my_proc_data.first);
const auto module_base = my_proc_data.second;
const std::pair<unsigned, virt_addr_t> my_proc_data = { GetCurrentProcessId(), virt_addr_t{ GetModuleHandle(NULL) } };
std::cout << "[+] my pid: " << std::hex << my_proc_data.first << std::endl; std::cout << "[+] base address pml4e: " << std::hex << my_proc[module_base.pml4_index].value << std::endl;
std::cout << "[+] my base: " << std::showbase << std::hex << my_proc_data.second.value << std::endl; std::cout << "[+] base address pdpte: " << std::hex << my_proc[{module_base.pml4_index, module_base.pdpt_index}].value << std::endl;
std::cout << "[+] base address pde: " << std::hex << my_proc[{module_base.pml4_index, module_base.pdpt_index, module_base.pd_index}].value << std::endl;
nasa::mem_ctx my_proc(kernel, my_proc_data.first); std::cout << "[+] base address pte: " << std::hex << my_proc[{module_base.pml4_index, module_base.pdpt_index, module_base.pd_index, module_base.pt_index}].value << std::endl;
const auto module_base = my_proc_data.second;
std::cout << "[+] base address pml4e: " << std::hex << my_proc[module_base.pml4_index].value << std::endl;
std::cout << "[+] base address pdpte: " << std::hex << my_proc[{module_base.pml4_index, module_base.pdpt_index}].value << std::endl;
std::cout << "[+] base address pde: " << std::hex << my_proc[{module_base.pml4_index, module_base.pdpt_index, module_base.pd_index}].value << std::endl;
std::cout << "[+] base address pte: " << std::hex << my_proc[{module_base.pml4_index, module_base.pdpt_index, module_base.pd_index, module_base.pt_index}].value << std::endl;
std::cin.get();
}
``` ```
result: result:

Loading…
Cancel
Save