BOOL GetNtInformation( ULONG_PTR* ntBase, ULONG_PTR* ntSize ) { if (!ntBase || !ntSize) return false; LARGE_INTEGER ntTemp = { 0 }; PIMAGE_NT_HEADERS pNt = nullptr; PIMAGE_DOS_HEADER pDos = nullptr; auto pFind0 = (ULONG_PTR)MmGetSystemRoutineAddress; auto pFind = (PUCHAR)pFind0; for (unsigned int i = 0; i < 0x30; i++) { if (pFind[i] == 0x48 && pFind[i + 1] == 0x8B && pFind[i + 2] == 0x0D) { ntTemp.QuadPart = (ULONG_PTR)&pFind[i + 7]; ntTemp.LowPart += *(LONG*)&pFind[i + 3]; break; } } if (!ntTemp.QuadPart) return false; pDos = (PIMAGE_DOS_HEADER)(*(ULONG_PTR*)ntTemp.QuadPart); if (!pDos) return false; pNt = (PIMAGE_NT_HEADERS)((ULONG_PTR)pDos + pDos->e_lfanew); if (!pNt || pNt->Signature != IMAGE_NT_SIGNATURE) return false; __try { *ntBase = (ULONG_PTR)pDos; *ntSize = pNt->OptionalHeader.SizeOfImage; } __except (EXCEPTION_EXECUTE_HANDLER) { return false; } return true; }
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。