_xeroxz
/
msrexec
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

works good, removed SwitchToThread...

Browse Source
merge-requests/1/head
_xeroxz 3 years ago
parent 447d1c2ba7
commit 8c4acb1ba3
2 changed files with 16 additions and 17 deletions
Show Stats Download Patch File Download Diff File

28
main.cpp
Unescape View File

@ -27,22 +27,20 @@ int __cdecl main(int argc, char** argv)
};
vdm::msrexec_ctx msrexec(_write_msr);
for(auto idx = 0u; idx < 100; ++idx)
msrexec.exec([&](void* krnl_base, get_system_routine_t get_kroutine) -> void
{
msrexec.exec([&](void* krnl_base, get_system_routine_t get_kroutine) -> void
{
const auto dbg_print =
reinterpret_cast<dbg_print_t>(
get_kroutine(krnl_base, "DbgPrint"));
const auto ex_alloc_pool =
reinterpret_cast<ex_alloc_pool_t>(
get_kroutine(krnl_base, "ExAllocatePool"));
dbg_print("> allocated pool -> 0x%p\n", ex_alloc_pool(NULL, 0x1000));
dbg_print("> cr4 -> 0x%p\n", __readcr4());
});
}
const auto dbg_print =
reinterpret_cast<dbg_print_t>(
get_kroutine(krnl_base, "DbgPrint"));
const auto ex_alloc_pool =
reinterpret_cast<ex_alloc_pool_t>(
get_kroutine(krnl_base, "ExAllocatePool"));
dbg_print("> allocated pool -> 0x%p\n", ex_alloc_pool(NULL, 0x1000));
dbg_print("> cr4 -> 0x%p\n", __readcr4());
dbg_print("> hello world!\n");
});
const auto unload_result =
vdm::unload_drv(drv_handle, drv_key);

5
msrexec.cpp
Unescape View File

@ -53,7 +53,7 @@ namespace vdm
m_smep_off.flags = cr4_value.flags;
m_smep_off.smep_enable = false;
m_smep_off.smap_enable = false; // newer spus have this on...
m_smep_off.smap_enable = false; // newer cpus have this on...
// WARNING: some virtual machines dont have SMEP...
// my VMWare VM doesnt... nor does my Virtual Box VM...
@ -140,7 +140,8 @@ namespace vdm
m_kpcr_rsp_offset = *reinterpret_cast<std::uint32_t*>(ki_system_call + 8);
m_kpcr_krsp_offset = *reinterpret_cast<std::uint32_t*>(ki_system_call + 17);
// handle KVA shadowing... if KVA shadowing is enabled LSTAR will point at KiSystemCall64Shadow...
// handle KVA shadowing... if KVA shadowing is
// enabled LSTAR will point at KiSystemCall64Shadow...
SYSTEM_KERNEL_VA_SHADOW_INFORMATION kva_info = { 0 };
// if SystemKernelVaShadowInformation is not a valid class just

Write Preview
Loading…
Cancel
Save