forked from exotikcheat/Kernel_VADInjector
-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathmain.cpp
61 lines (44 loc) · 1.36 KB
/
main.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#include <ntifs.h>
#include <ntddk.h>
#include <ntimage.h>
#include "Logs.h"
#include "Util.h"
#include "Comm.h"
#include "hide.h"
PVOID pPoolBase = NULL;
VOID MyUnloadDriver(PDRIVER_OBJECT DriverObject) {
}
#define RELATIVE_ADDR(addr, size) ((PVOID)((PBYTE)(addr) + *(PINT)((PBYTE)(addr) + ((size) - (INT)sizeof(INT))) + (size)))
VOID NTAPI Main() {
UNICODE_STRING DriverName;
RtlInitUnicodeString(&DriverName, L"MyDriver");
if (NT_SUCCESS(Hide::HideEverything(DriverName))) {
Log::Success(skCrypt("Hid everything!\n"));
}
else {
Log::Error(skCrypt("Failed to hide stuff\n"));
}
NTSTATUS Status = Memory::InitializeFuncs();
if (NT_SUCCESS(Status)) {
Log::Success(skCrypt("great found addresses needed!\n"));
}
else {
Log::Error(skCrypt(" didnt find func addresses.\n"));
}
if (!NT_SUCCESS(Comm::Initialize())) {
Log::Debug(skCrypt("failed to initalize communication\n\n"));
}
else {
Log::Success(skCrypt("try to communicate now\n\n"));
}
PsTerminateSystemThread(STATUS_SUCCESS);
}
extern "C"
NTSTATUS DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath) {
UNREFERENCED_PARAMETER(DriverObject);
UNREFERENCED_PARAMETER(RegistryPath);
HANDLE ThreadHandle = NULL;
PsCreateSystemThread(&ThreadHandle, THREAD_ALL_ACCESS, NULL, NULL, NULL, (PKSTART_ROUTINE)Main, NULL);
ZwClose(ThreadHandle);
return STATUS_SUCCESS;
}