-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathkernelbase.c
More file actions
102 lines (77 loc) · 3.32 KB
/
Copy pathkernelbase.c
File metadata and controls
102 lines (77 loc) · 3.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#pragma message("[kernelbase] v1.1.0.0")
#include "ntdll.h"
#include "kernelbase.h"
#include "intrinsics.h"
// ░░░ Initialization + State ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
Handle KernelbaseBaseAddress = null;
struct KernelbaseFunctions Kernelbase = { 0 };
boolean_t InitializeKernelbase()
{
if (NtDll.LdrLoadDll == null || NtDll.LdrGetProcedureAddressEx == null) return false;
UNICODE_STRING moduleName;
moduleName.Buffer = u"kernelbase";
moduleName.Length = 20;
moduleName.MaximumLength = 22;
return !LdrLoadDll(null, null, &moduleName, &KernelbaseBaseAddress);
}
// ░░░ Runtime Loaders ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
boolean_t LoadGetConsoleMode()
{
if (KernelbaseBaseAddress == null) return false;
if (Kernelbase.GetConsoleMode != null) return true;
STRING functionName;
functionName.Buffer = "GetConsoleMode";
functionName.Length = 14;
functionName.MaximumLength = 15;
return !LdrGetProcedureAddressEx(KernelbaseBaseAddress, &functionName, null, (void **)&Kernelbase.GetConsoleMode, null);
}
boolean_t LoadSetConsoleMode()
{
if (KernelbaseBaseAddress == null) return false;
if (Kernelbase.SetConsoleMode != null) return true;
STRING functionName;
functionName.Buffer = "SetConsoleMode";
functionName.Length = 14;
functionName.MaximumLength = 15;
return !LdrGetProcedureAddressEx(KernelbaseBaseAddress, &functionName, null, (void **)&Kernelbase.SetConsoleMode, null);
}
boolean_t LoadSetConsoleOutputCP()
{
if (KernelbaseBaseAddress == null) return false;
if (Kernelbase.SetConsoleOutputCP != null) return true;
STRING functionName;
functionName.Buffer = "SetConsoleOutputCP";
functionName.Length = 18;
functionName.MaximumLength = 19;
return !LdrGetProcedureAddressEx(KernelbaseBaseAddress, &functionName, null, (void **)&Kernelbase.SetConsoleOutputCP, null);
}
boolean_t LoadSetConsoleCP()
{
if (KernelbaseBaseAddress == null) return false;
if (Kernelbase.SetConsoleOutputCP != null) return true;
STRING functionName;
functionName.Buffer = "SetConsoleCP";
functionName.Length = 12;
functionName.MaximumLength = 13;
return !LdrGetProcedureAddressEx(KernelbaseBaseAddress, &functionName, null, (void **)&Kernelbase.SetConsoleCP, null);
}
boolean_t LoadWriteConsoleA()
{
if (KernelbaseBaseAddress == null) return false;
if (Kernelbase.WriteConsoleA != null) return true;
STRING functionName;
functionName.Buffer = "WriteConsoleA";
functionName.Length = 13;
functionName.MaximumLength = 14;
return !LdrGetProcedureAddressEx(KernelbaseBaseAddress, &functionName, null, (void **)&Kernelbase.WriteConsoleA, null);
}
boolean_t LoadWriteConsoleW()
{
if (KernelbaseBaseAddress == null) return false;
if (Kernelbase.WriteConsoleW != null) return true;
STRING functionName;
functionName.Buffer = "WriteConsoleW";
functionName.Length = 13;
functionName.MaximumLength = 14;
return !LdrGetProcedureAddressEx(KernelbaseBaseAddress, &functionName, null, (void **)&Kernelbase.WriteConsoleW, null);
}