LibProt/example_usage.cpp at main · conspiracyrip/LibProt · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#include <windows.h>
#include <iostream>
#include <fstream>

// toggle whether we use string & include encryption or not.
#define DO_NOT_INCLUDE_STR_CRYPTOR 0
#include "LibProt.h"


// demo of usage :)
int main()
{
    // ========= required - usage ==========

    uintptr_t AppBaseAddr = LibProt::GetMainAppBase();
    printf("LibProt::GetMainAppBase() returned 0x%p!\r\n\r\n", AppBaseAddr);

    bool SetFakeEntryPointInsideModule = false;
    bool CleanExports = true;
    bool CleanTLSCallbacks = true;

    bool InitValue = LibProt::Initialize(AppBaseAddr, SetFakeEntryPointInsideModule, CleanExports, CleanTLSCallbacks);
    printf("bool InitValue = LibProt::Initialize(0x%p)!\r\n\r\ninitvalue = %d\r\n\r\n", AppBaseAddr, InitValue);

    // ========= optional ==========

    // PAGE_NOACCESS the pe, makes crash on access.
    if (!LibProt::PostInit::PostInitMakePENoAccess(AppBaseAddr))
    {
        printf("LibProt::PostInit::PostInitMakePENoAccess(0x%p) failed!\r\n", AppBaseAddr);
    }


    // PAGE_GUARD the pe, makes crash on access and optionally you can handle hte crash.
    if (!LibProt::PostInit::PostInitMakePEGuarded(AppBaseAddr))
    {
        printf("LibProt::PostInit::PostInitMakePEGuarded(0x%p) failed!\r\n", AppBaseAddr);
    }

    // ========= cool & useeful usage ==========

    printf("calling NtQueryInformationProcess directly w/o asm!\r\n");

    LibProt::Definitions::_PROCESS_BASIC_INFORMATION pbi{};
    ULONG ProcessBasicInformation = 0u;
    size_t returnLength = 0;

    NTSTATUS status = LibProt::Syscaller::CallSyscallSafe<NTSTATUS>(
        "NtQueryInformationProcess", // syscall name :>
        (HANDLE)-1, // current process
        ProcessBasicInformation,
        &pbi,
        sizeof(pbi),
        &returnLength
    );

    if (status == 0) // STATUS_SUCCESS
    {
        printf("peb Address: %p\r\n", pbi.PebBaseAddress);
        printf("CurrentPID: %llu\r\n", (unsigned long long)pbi.UniqueProcessId);
    }
    else
    {
        printf("NtQueryInformationProcess failed with status: 0x%X!!!\r\n", status);
    }

    printf("called NtQueryInformationProcess!\r\n");

    // ========= end  ==========

    printf("done with example usage!!\r\n");

    Sleep(25000); // debug so i can read output, sometimes i don't like to manually cmd.exe call it.

    return 0;
}