From cf9a9d4fd2cf95a5c534302a3eb776f74d5dd6cf Mon Sep 17 00:00:00 2001
From: boris <wzn@moneybot.cc>
Date: Wed, 28 Nov 2018 20:34:17 +1300
Subject: scuffed syscalls

they worked on windows 10 but fuck up on 8.1
now this is epic
---
 loader/client/syscall.hpp | 51 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 loader/client/syscall.hpp

(limited to 'loader/client/syscall.hpp')

diff --git a/loader/client/syscall.hpp b/loader/client/syscall.hpp
new file mode 100644
index 0000000..55135ca
--- /dev/null
+++ b/loader/client/syscall.hpp
@@ -0,0 +1,51 @@
+#pragma once
+
+#include <windows.h>
+#include <winternl.h>
+
+#include <map>
+#include "fnv.hpp"
+#include "strings.hpp"
+
+namespace syscall {
+	//stub for calling the syscalls
+	class c_syscall_stub {
+		uint8_t m_stub[11] = {
+			0x4c, 0x8b, 0xd1,				// mov r10, rcx
+			0xb8, 0x00, 0x00, 0x00, 0x00,	// mov eax, 0h
+			0x0f, 0x05,						// syscall
+			0xc3							// retn
+		};
+
+	public:
+		void set_index(uint32_t index) {
+			unsigned long old;
+			if (VirtualProtect(m_stub, sizeof m_stub, PAGE_EXECUTE_READWRITE, &old)) {
+				//okay now this is epic
+				*(uint32_t*)(&m_stub[4]) = index;
+			}
+		}
+
+		__forceinline bool validate() {
+			return *(uint32_t*)(&m_stub[4]) != 0;
+		}
+
+		uintptr_t operator()() {
+			return (uintptr_t)m_stub;
+		}
+	};
+
+	//syscaller
+	class c_syscall_mgr {
+		std::map< hash_t, c_syscall_stub > m_syscalls;
+	
+		uint8_t *load_ntdll();
+	public:
+		bool start();
+
+		template <typename T>
+		T get(hash_t hash) {
+			return (T)(m_syscalls[hash]());
+		}
+	};
+}
\ No newline at end of file
-- 
cgit v1.2.3