diff options
| author | boris <wzn@moneybot.cc> | 2018-11-28 20:34:17 +1300 |
|---|---|---|
| committer | boris <wzn@moneybot.cc> | 2018-11-28 20:34:17 +1300 |
| commit | cf9a9d4fd2cf95a5c534302a3eb776f74d5dd6cf (patch) | |
| tree | 834c13577f16429d699767aeaf89d82ea9cfde2d /loader/client/syscall.hpp | |
| parent | 61c2c13eba885e38b71379e1400ead6057ea9f2d (diff) | |
scuffed syscalls
they worked on windows 10 but fuck up on 8.1
now this is epic
Diffstat (limited to 'loader/client/syscall.hpp')
| -rw-r--r-- | loader/client/syscall.hpp | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/loader/client/syscall.hpp b/loader/client/syscall.hpp new file mode 100644 index 0000000..55135ca --- /dev/null +++ b/loader/client/syscall.hpp @@ -0,0 +1,51 @@ +#pragma once
+
+#include <windows.h>
+#include <winternl.h>
+
+#include <map>
+#include "fnv.hpp"
+#include "strings.hpp"
+
+namespace syscall {
+ //stub for calling the syscalls
+ class c_syscall_stub {
+ uint8_t m_stub[11] = {
+ 0x4c, 0x8b, 0xd1, // mov r10, rcx
+ 0xb8, 0x00, 0x00, 0x00, 0x00, // mov eax, 0h
+ 0x0f, 0x05, // syscall
+ 0xc3 // retn
+ };
+
+ public:
+ void set_index(uint32_t index) {
+ unsigned long old;
+ if (VirtualProtect(m_stub, sizeof m_stub, PAGE_EXECUTE_READWRITE, &old)) {
+ //okay now this is epic
+ *(uint32_t*)(&m_stub[4]) = index;
+ }
+ }
+
+ __forceinline bool validate() {
+ return *(uint32_t*)(&m_stub[4]) != 0;
+ }
+
+ uintptr_t operator()() {
+ return (uintptr_t)m_stub;
+ }
+ };
+
+ //syscaller
+ class c_syscall_mgr {
+ std::map< hash_t, c_syscall_stub > m_syscalls;
+
+ uint8_t *load_ntdll();
+ public:
+ bool start();
+
+ template <typename T>
+ T get(hash_t hash) {
+ return (T)(m_syscalls[hash]());
+ }
+ };
+}
\ No newline at end of file |