-
Notifications
You must be signed in to change notification settings - Fork 23
Expand file tree
/
Copy pathsyscall.cpp
More file actions
69 lines (53 loc) · 2.64 KB
/
syscall.cpp
File metadata and controls
69 lines (53 loc) · 2.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#include <Windows.h>
#include "omni/syscall.hpp"
#include <cstdint>
#include <print>
struct process_basic_information {
void* reserved1{};
void* peb_base_address{};
void* reserved2[2]{};
std::uintptr_t unique_process_id{};
void* reserved3{};
};
using nt_query_info_process_fn = omni::status (*)(HANDLE, ULONG, void*, ULONG, ULONG*);
int main() {
omni::syscaller<nt_query_info_process_fn> query_process{"NtQueryInformationProcess"};
process_basic_information process_info{};
ULONG return_length{};
auto query_status = query_process.try_invoke(::GetCurrentProcess(), 0U, &process_info, sizeof(process_info), &return_length);
if (!query_status) {
std::println("Failed to resolve NtQueryInformationProcess: {}", query_status.error().message());
return 1;
}
process_basic_information shortcut_process_info{};
ULONG shortcut_return_length{};
auto shortcut_status = omni::syscall<nt_query_info_process_fn>("NtQueryInformationProcess",
::GetCurrentProcess(),
0U,
&shortcut_process_info,
sizeof(shortcut_process_info),
&shortcut_return_length);
std::println("Typed syscall wrapper around NtQueryInformationProcess:");
std::println(" status : 0x{:08X}", static_cast<std::uint32_t>(query_status->value));
std::println(" success : {}", query_status->is_success());
std::println(" PEB : {:#x}", reinterpret_cast<std::uintptr_t>(process_info.peb_base_address));
std::println(" process id : {}", process_info.unique_process_id);
std::println(" return length : {}", return_length);
std::println();
std::println("Free overload with a typed function signature:");
std::println(" status : 0x{:08X}", static_cast<std::uint32_t>(shortcut_status.value));
std::println(" same PEB : {}", shortcut_process_info.peb_base_address == process_info.peb_base_address);
std::println(" same process id : {}", shortcut_process_info.unique_process_id == process_info.unique_process_id);
std::println(" return length : {}", shortcut_return_length);
auto yield_status = omni::syscall<omni::status>("NtYieldExecution");
std::println();
std::println("Generic syscall overload:");
std::println(" NtYieldExecution : 0x{:08X}", static_cast<std::uint32_t>(yield_status.value));
std::println(" success : {}", yield_status.is_success());
auto not_a_syscall = omni::syscaller<omni::status>{"RtlGetVersion"}.try_invoke();
if (!not_a_syscall) {
std::println();
std::println("Diagnostics stay explicit when an export is not a syscall stub:");
std::println(" {}", not_a_syscall.error().message());
}
}