switched back to NtShutdownSystem

master
xerox 4 years ago
parent d19a27279b
commit b233ec7a04

@ -15,14 +15,13 @@ namespace vdm
if (vdm::syscall_address.load())
return;
LoadLibraryA("user32.dll"); // required for win32u.dll...
vdm::dxgkrnl_buffer = reinterpret_cast<std::uint8_t*>(
LoadLibraryExA("drivers\\dxgkrnl.sys", NULL,
vdm::ntoskrnl = reinterpret_cast<std::uint8_t*>(
LoadLibraryExA("ntoskrnl.exe", NULL,
DONT_RESOLVE_DLL_REFERENCES));
nt_rva = reinterpret_cast<std::uint32_t>(
util::get_kmodule_export(
"dxgkrnl.sys",
"ntoskrnl.exe",
syscall_hook.first,
true
));
@ -72,7 +71,7 @@ namespace vdm
// check the first 32 bytes of the syscall, if its the same, test that its the correct
// occurrence of these bytes (since dxgkrnl is loaded into physical memory at least 2 times now)...
if (!memcmp(page_data + nt_page_offset, dxgkrnl_buffer + nt_rva, 32))
if (!memcmp(page_data + nt_page_offset, ntoskrnl + nt_rva, 32))
if (valid_syscall(reinterpret_cast<void*>(address + page + nt_page_offset)))
syscall_address.store(
reinterpret_cast<void*>(

@ -11,14 +11,14 @@
namespace vdm
{
// change this to whatever you want :^)
constexpr std::pair<const char*, const char*> syscall_hook = { "NtGdiDdDDICreateContext", "win32u.dll" };
constexpr std::pair<const char*, const char*> syscall_hook = { "NtShutdownSystem", "ntdll.dll" };
inline std::atomic<bool> is_page_found = false;
inline std::atomic<void*> syscall_address = nullptr;
inline std::uint16_t nt_page_offset;
inline std::uint32_t nt_rva;
inline std::uint8_t* dxgkrnl_buffer;
inline std::uint8_t* ntoskrnl;
using read_phys_t = std::function<decltype(vdm::read_phys)>;
using write_phys_t = std::function<decltype(vdm::write_phys)>;

Loading…
Cancel
Save