- Регистрация
- 30.11.2023
- Сообщения
- 47
- Репутация
Почему не получается алоцировать память через NTAPI , что я делаю не так , ошибка 0xC0000005
C++:
#include <Windows.h>
#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
unsigned char payload[] = {
0x90, // NOP
0x90, // NOP
0xcc, // INT3
0xc3 // RET
};
unsigned int payload_len = 4;
typedef NTSTATUS(NTAPI* pNtAllocateVirtualMemory)(
HANDLE ProcessHandle,
PVOID* BaseAddress,
ULONG ZeroBits,
PULONG RegionSize,
ULONG AllocationType,
ULONG Protect
);
typedef NTSTATUS(NTAPI* pNtWriteVirtualMemory)(
HANDLE ProcessHandle,
PVOID BaseAddress,
PVOID Buffer,
SIZE_T BufferSize,
PSIZE_T NumberOfBytesWritten
);
int main()
{
PVOID exec_mem;
BOOL rv;
HANDLE rt;
pNtAllocateVirtualMemory ntAllocateVirtualMemory =
(pNtAllocateVirtualMemory)GetProcAddress(GetModuleHandleA("ntdll"), "NtAllocateVirtualMemory");
NTSTATUS status = ntAllocateVirtualMemory(
GetCurrentProcess(),
&exec_mem,
0,
(PULONG)&payload_len,
MEM_COMMIT | MEM_RESERVE,
PAGE_READWRITE
);
if (!NT_SUCCESS(status)) {
return -1;
}
pNtWriteVirtualMemory ntWriteVirtualMemory =
(pNtWriteVirtualMemory)GetProcAddress(GetModuleHandleA("ntdll"), "NtWriteVirtualMemory");
SIZE_T bytesWritten;
status = ntWriteVirtualMemory(
GetCurrentProcess(),
exec_mem,
payload,
payload_len,
&bytesWritten
);
rt = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)exec_mem, 0, 0, 0);
WaitForSingleObject(rt, -1);
return 0;
}
