forked from IDontCode/Theodosius
parent
541cc3940a
commit
103c2304c8
@ -1,7 +0,0 @@
|
||||
#include "Theodosius.h"
|
||||
|
||||
int drv_entry()
|
||||
{
|
||||
DbgPrint("> hello world! this is a demo!\n");
|
||||
DbgPrint("> current pml4 = 0x%p\n", get_dirbase());
|
||||
}
|
@ -0,0 +1,7 @@
|
||||
#include "Theodosius.h"
|
||||
|
||||
extern "C" int __cdecl drv_entry()
|
||||
{
|
||||
DbgPrint("> hello world! this is a demo!\n");
|
||||
DbgPrint("> current pml4 = 0x%p\n", cppdemo::get_dirbase());
|
||||
}
|
@ -1,17 +0,0 @@
|
||||
#include "Theodosius.h"
|
||||
extern void* PiddbCacheTable;
|
||||
|
||||
ObfuscateRoutine
|
||||
unsigned long long get_dirbase()
|
||||
{
|
||||
cr3 result;
|
||||
result.flags =
|
||||
*(unsigned long long*)(IoGetCurrentProcess() + 0x28);
|
||||
|
||||
result.flags = NULL;
|
||||
if (!result.address_of_page_directory)
|
||||
return -1;
|
||||
|
||||
*(unsigned*)PiddbCacheTable = 0x0;
|
||||
return result.address_of_page_directory << 12 + (unsigned long long) &get_dirbase;
|
||||
}
|
@ -0,0 +1,18 @@
|
||||
#include "Theodosius.h"
|
||||
|
||||
namespace cppdemo
|
||||
{
|
||||
ObfuscateRoutine
|
||||
unsigned long long get_dirbase()
|
||||
{
|
||||
cr3 result;
|
||||
result.flags =
|
||||
*(unsigned long long*)(IoGetCurrentProcess() + 0x28);
|
||||
|
||||
result.flags = NULL;
|
||||
if (!result.address_of_page_directory)
|
||||
return -1;
|
||||
|
||||
return result.address_of_page_directory << 12;
|
||||
}
|
||||
}
|
Loading…
Reference in new issue