|
|
|
#1
11-10-2008, 03:39 AM
|
||||
|
||||
Delphi to C++ laughs =P
Here's the code so I can find out how bad I did: Code:
typedef struct {
DWORD dwServiceNumber;
LPVOID dwServiceEntryPoint;
} _KSERVICE_PTR;
typedef _KSERVICE_PTR KSERVICE_PTR;
typedef _KSERVICE_PTR* PKSERVICE_PTR
typedef struct {
unsigned long modulescount;
SYSTEM_MODULE_INFORMATION moduleinfo;
} infobuffer;
typedef struct {
PVOID* ServiceTableBase;
PVOID* ServiceCounterTableBase;
DWORD NumberOfServices;
unsigned char * ParamTableBase;
} SERVICE_DESCRIPTOR_ENTRY
bool UnHook(DWORD ServiceNumber, BOOL uHall);
{
BOOL Result = FALSE;
DWORD BytesIO;
DWORD C;
KSERVICE_PTR sp1;
DWORD DriverHandle;
infobuffer kmodule;
SERVICE_DESCRIPTOR_ENTRY sdt1;
char* CurrentTable;
char* OrigTable;
ZwQuerySystemInformation(SystemModuleInformation,&kmodule,sizeof(kmodule),&bytesIO);
DeviceIOControl(DriverHandle,IOPORT_GET_KERNEL_SDT_INFO,NULL,0,&sdt1,sizeof(SERVICE_DESCRIPTOR_ENTRY),bytesIO,NULL);
CurrentTable = VirtualAlloc(NULL,sdt1.NumberOfServices * sizeof(PVOID),MEM_COMMIT,PAGE_READWRITE);
OrigTable = VirtualAlloc(NULL,sdt1.NumberOfServices * sizeof(PVOID),MEM_COMMIT,PAGE_READWRITE);
DumpOrigDT();
DeviceIOControl(DriverHandle,IOPORT_READ_KERNEL_SDT,NULL,0,CurrentTable,sdt1.NumberOfServices * sizeof(PVOID),bytesIO,NULL);
DumpExports(ntdll);
for(c=0,c<sdt1.NumberOfServices,c++)
{
CurrentTable[c] -= DWORD(kmodule.modultinfo.base);
}
if(uhall)
{
for(c=0,c<sdt1.NumberOfServices,c++)
{
if(CurrentTable[c] != OrigTable[c])
{
sp1.dwServiceNumber = c;
sp1.dwServiceEntryPoint = LPVOID(OrigTable[c] + DWORD(kmodule.moduleinfo.Base));
Result = DeviceIOControl(DriverHandle,IOPORT_WRITE_KERNEL_SDT,&sp1,sizeof(KSERVICE_PTR),NULL,0,bytesIO,NULL);
}
}
}
else
{
for(c=0,c<sdt1.NumberOfServices,c++)
{
if((CurrentTable[c] != OrigTable[c]) && (c == ServiceNumber))
{
sp1.dwServiceNumber = c;
sp1.dwServiceEntryPoint = LPVOID(OrigTable[c] + DWORD(kmodule.moduleinfo.Base));
Result = DeviceIOControl(DriverHandle,IOPORT_WRITE_KERNEL_SDT,&sp1,sizeof(KSERVICE_PTR),NULL,0,bytesIO,NULL);
}
}
}
VirtualFree(CurrentTable,0,MEM_RELEASE);
VirtualFree(OrigTable,0,MEM_RELEASE);
}
__________________
 "Do or do not, there is no try." - Yoda "Put off today what you can do tomorrow." - Anon "The secret to creativity is knowing how to hide your sources." - Einstein 
|
|
#2
11-14-2008, 08:27 AM
|
||||
|
||||
|
Looks okay to me :/ For loops use ";"s instead of ","s though.
|
|
#3
11-14-2008, 12:26 PM
|
||||
|
||||
|
Ah thats right, forgot about that.
__________________
"Do or do not, there is no try." - Yoda "Put off today what you can do tomorrow." - Anon "The secret to creativity is knowing how to hide your sources." - Einstein
|
 |
|
|
|||
|
|||
|
|
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
