// MmSlfDel.cpp : Defines the entry point for the console application.
//
// Coder Jozu
#include "stdafx.h"
#include
int main(int argc, char* argv[])
{
unsigned char* p = NULL, *pHeap;
unsigned char pMem[] =
{
0xE8, 0x00, 0x00, 0x00, 0x00, // call $ + 5
0x5B, // pop ebx
0x83, 0xEB, 0x05, // sub ebx, offset next - offset start
0x8B, 0xC3, // mov eax, ebx
0x81, 0xEB, 0x00, 0x10, 0x40, 0x00, // sub ebx, offset start
0x89, 0x83, 0x35, 0x10, 0x40, 0x00, // mov dword ptr [ebx + membase], eax
0x58, // pop eax
0x68, 0x00, 0x80, 0x00, 0x00, // push 8000h
0xFF, 0xB3, 0x39, 0x10, 0x40, 0x00, // push dword ptr [ebx + memsize]
0xFF, 0xB3, 0x35, 0x10, 0x40, 0x00, // push dword ptr [ebx + membase]
0x50, // push eax
0xFF, 0xB3, 0x31, 0x10, 0x40, 0x00, // push dword ptr [ebx + fnVadFree]
0xC3 // ret
};
p = (unsigned char*)VirtualAlloc(NULL, 0x1000, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if(!p)
{
printf("memalloc error.\n");
return 1;
}
__try
{
*p = 0;
}
__except(puts("in filter1"), 1)
{
puts("in except1");
}
memcpy(p, pMem, sizeof(pMem));
pHeap = p + sizeof(pMem);
*(ULONG*)&pHeap[0] = (ULONG)VirtualFree;
*(ULONG*)&pHeap[8] = 0x00000000;
((FARPROC)p)();
__try
{
*p = 0;
}
__except(puts("in filter1"), 1)
{
puts("in except2");
}
return 0;
}
--------------------next---------------------
阅读(188) | 评论(0) | 转发(0) |
