| skipped 62 lines |
| 63 | 63 | | |
| 64 | 64 | | ctx.Rsp = jmp0StackAddr - 0x400; |
| 65 | 65 | | uintptr_t remoteMem = Push(&ctx, 0); |
| 66 | | - | uintptr_t memSize = Push(&ctx, size); |
| | 66 | + | uintptr_t memSize = Push(&ctx, size); |
| 67 | 67 | | |
| 68 | | - | std::printf("triggering NtAllocateVirtualMemory\n"); |
| 69 | | - | if (NT_ERROR(TriggerFunction(NtAllocateVirtualMemory, { static_cast<uintptr_t>(-1), remoteMem, 0, memSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE }))) |
| 70 | | - | return false; |
| | 68 | + | std::printf("triggering NtAllocateVirtualMemory, (RW)\n"); |
| | 69 | + | if (NT_ERROR(TriggerFunction(NtAllocateVirtualMemory, { static_cast<uintptr_t>(-1), remoteMem, 0, memSize, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE }))) |
| | 70 | + | return 0; |
| 71 | 71 | | |
| 72 | 72 | | remoteMem = ReadQword(remoteMem); |
| 73 | 73 | | std::printf("allocated memory at: 0x%llx\n", remoteMem); |
| 74 | 74 | | |
| 75 | 75 | | return remoteMem; |
| | 76 | + | } |
| | 77 | + | |
| | 78 | + | bool GhostWrite::Protect(uintptr_t addr, uint64_t size, uint32_t protect) { |
| | 79 | + | CONTEXT ctx = {}; |
| | 80 | + | thread.GetContext(&ctx, CONTEXT_FULL); |
| | 81 | + | |
| | 82 | + | ctx.Rsp = jmp0StackAddr - 0x400; |
| | 83 | + | uintptr_t remoteMem = Push(&ctx, addr); |
| | 84 | + | uintptr_t memSize = Push(&ctx, size); |
| | 85 | + | uintptr_t oldProtect = Push(&ctx, 0); |
| | 86 | + | |
| | 87 | + | if (NT_ERROR(TriggerFunction(NtProtectVirtualMemory, { static_cast<uintptr_t>(-1), remoteMem, memSize, protect, oldProtect}))) |
| | 88 | + | return false; |
| | 89 | + | |
| | 90 | + | return true; |
| 76 | 91 | | } |
| 77 | 92 | | |
| 78 | 93 | | void GhostWrite::LoadLib(std::string name) { |
| skipped 131 lines |
| 210 | 225 | | WriteQword(ctx->Rsp, 0); |
| 211 | 226 | | ctx->Rsp += 8; |
| 212 | 227 | | } |
| | 228 | + | |
