forked from Nou4r/KDtour
-
Notifications
You must be signed in to change notification settings - Fork 2
/
utils.h
66 lines (51 loc) · 1.84 KB
/
utils.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
namespace utils
{
auto get_system_information( SYSTEM_INFORMATION_CLASS information_class ) -> void *
{
unsigned long size = 32;
char buffer[32];
ZwQuerySystemInformation( information_class, buffer, size, &size );
void *info = ExAllocatePoolZero( NonPagedPool, size, 'hjjd' );
if ( !info )
return nullptr;
if ( !NT_SUCCESS( ZwQuerySystemInformation( information_class, info, size, &size ) ) )
{
ExFreePool( info );
return nullptr;
}
return info;
}
auto get_kernel_module( const char *name ) -> uintptr_t
{
const auto to_lower = []( char *string ) -> const char *
{
for ( char *pointer = string; *pointer != '\0'; ++pointer )
{
*pointer = ( char )( short )tolower( *pointer );
}
return string;
};
const PRTL_PROCESS_MODULES info = ( PRTL_PROCESS_MODULES )get_system_information( system_module_information );
if ( !info )
{
return 0;
}
for ( size_t i = 0; i < info->number_of_modules; ++i )
{
const auto &mod = info->modules[i];
if ( strcmp( to_lower( ( char * )mod.full_path_name + mod.offset_to_file_name ), name ) == 0 )
{
const void *address = mod.image_base;
ExFreePool( info );
return reinterpret_cast< uintptr_t > ( address );
}
}
ExFreePool( info );
return 0;
}
template <typename t>
auto get_kernel_export( const uintptr_t base, const char* name ) -> t
{
return reinterpret_cast< t >( RtlFindExportedRoutineByName( reinterpret_cast<void*> ( base ), name ) );
}
}