-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathmain.cpp
37 lines (28 loc) · 1.15 KB
/
main.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
#include "stdafx.h"
int main(int argc, char *argv[]) {
BOOL success = true;
// Initialize the Memory Manager object
Memory* MemoryManager = new Memory();
// Tests getting the base address of ntoskrnl.exe
DWORD64 ntoskrnlBaseAddress = MemoryManager->GetKernelBase("ntoskrnl.exe");
// Tests grabbing an EPROCESS struct of a process
std::string processName = "explorer.exe";
DWORD64 peprocess = MemoryManager->GetEPROCESSPointer(ntoskrnlBaseAddress, processName);
if (peprocess == NULL) {
Logger::Info("Failed to get EPROCESS of process!");
Logger::ShowKeyPress();
exit(1);
}
Logger::InfoHex("EPROCESS Address", peprocess);
// Tests reading a value from the EPROCESS struct
DWORD64 tableBase{};
MemoryManager->VirtualRead(peprocess + EPROCESS_DIRECTORYTABLEBASE, &tableBase, sizeof(DWORD64));
Logger::InfoHex("Table Base Address", tableBase);
// Tests physical reads at address 0
DWORD64 testPhysAddress{ 0 };
DWORD64 testPhysRead{};
MemoryManager->PhysicalRead(tableBase, &testPhysRead, sizeof(DWORD64));
Logger::InfoHex("Test Phys Read", testPhysRead);
// Pause to see info, lets me launch the exe outside the terminal
Logger::ShowKeyPress();
}