CallStack-Spoofer icon indicating copy to clipboard operation
CallStack-Spoofer copied to clipboard

Published 20 hours ago verified publisher icon Barracudach

Update CallStack-Spoofer.h

Open xo1337 opened this issue 2 years ago • 1 comments

You had this code:

#define SPOOF_CALL(name) (CallSpoofer::SafeCall<(name))

You just had a simple mistake by accidently placing a '<' character.

Just changed to this instead: #define SPOOF_CALL(name) (CallSpoofer::SafeCall(name))

xo1337 avatar Sep 10 '22 03:09 xo1337

i want to use ZwQuerySystemInformation in kermel how to ?
PVOID moduleBase = NULL; ULONG info = 0; NTSTATUS status = ZwQuerySystemInformation(SystemModuleInformation, 0, info, &info);

	if (!info) {
		return moduleBase;
	}

	PRTL_PROCESS_MODULES modules = (PRTL_PROCESS_MODULES)ExAllocatePoolWithTag(NonPagedPool, info, 'esdf');

	status = ZwQuerySystemInformation(SystemModuleInformation, modules, info, &info);

	if (!NT_SUCCESS(status)) {
		return moduleBase;
	}

	PRTL_PROCESS_MODULE_INFORMATION module = modules->Modules;


	if (modules->NumberOfModules > 0) {

		if (!moduleName) {
			moduleBase = modules->Modules[0].ImageBase;
		}
		else {

			for (auto i = 0; i < modules->NumberOfModules; i++) {

				if (!strcmp((CHAR*)module[i].FullPathName, moduleName)) {
					moduleBase = module[i].ImageBase;
				}
			}
		}
	}

	if (modules) {
		ExFreePoolWithTag(modules, 'esdf');
	}

	return moduleBase;

xkp95175333 avatar Sep 11 '22 07:09 xkp95175333