看流星社区

 找回密码
 注册账号
查看: 2175|回复: 0

【原创】获取指定index的 OBJECTTYPE

[复制链接]

该用户从未签到

发表于 2017-6-3 11:03:27 | 显示全部楼层 |阅读模式
ULONG64 onlythisfile_SreachFunctionAddress(ULONG64 uAddress, UCHAR *Signature,
ULONG addopcodelength, ULONG addopcodedatasize)
{
ULONG64
index = 0;
UCHAR *p = 0;
ULONG64
uRetAddress = 0;
ULONG32 temp64 = 0;
if (uAddress == 0){ return 0; }


p = (UCHAR*)uAddress;
for (index = 0; index<0x3000; index++)
{


if (*p == Signature[0] &amp;&amp;
*(p + 1) == Signature[1] &amp;&amp;
*(p + 2) == Signature[2] &amp;&amp;
*(p + 3) == Signature[3] &amp;&amp;
*(p + 4) == Signature[4])
{


uRetAddress = p+4;










temp64 = (ULONG32)(*(ULONG32*)(uRetAddress + addopcodelength));
;

uRetAddress = temp64 + uRetAddress + addopcodedatasize;


uRetAddress &amp;= 0xfffffff0ffffffff;


return uRetAddress;
}
p++;


DbgPrint("++ %p ", p);


}
return 0;
}

externPVOID64__fastcallGetObjectByindex(ULONG64index,ULONG64ObTypeIndexTable);
voidinitgetobjectbbyindex(){
UCHARopcodethis[]={0x0f,0xb6,0x41,0xe8,0x48};
PVOIDdebugobject=0;
ObTypeIndexTable=(PVOID)onlythisfile_SreachFunctionAddress(FUCKGetFunctionAddr(L"ObGetObjectType"),opcodethis,3,7);
DbgPrint("ObTypeIndexTable%pxx:%p",ObTypeIndexTable,FUCKGetFunctionAddr(L"ObGetObjectType"));

debugobject=GetObjectByindex(0xb,ObTypeIndexTable);
DbgPrint("debugobject%p",debugobject);
}
.asm文件

.CODE

GetObjectByindexPROC

movrax,rcx
movrcx,rdx
movrax,[rcx+rax*8]
ret
GetObjectByindexENDP
END
点击按钮快速添加回复内容: 支持 高兴 激动 给力 加油 苦寻 生气 回帖 路过 感恩
您需要登录后才可以回帖 登录 | 注册账号

本版积分规则

小黑屋|手机版|Archiver|看流星社区 |网站地图

GMT+8, 2024-3-19 18:43

Powered by Kanliuxing X3.4

© 2010-2019 kanliuxing.com

快速回复 返回顶部 返回列表