include ntifs include ndk ntndk include ntddk include debug define _PA

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#include <ntifs.h>
#include <ndk/ntndk.h>
#include <ntddk.h>
#include <debug.h>
#define _PAGE_SIZE 1024
NTSTATUS
NTAPI
DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath) {
HARDWARE_PTE* PTE_BASE = (HARDWARE_PTE*) 0xC0000000;
ULONG buffer = 64, i, len;
PVOID res = NULL;
NTSTATUS status;
res = ExAllocatePool(NonPagedPool, buffer);
PSYSTEM_PROCESS_INFORMATION hello = (PSYSTEM_PROCESS_INFORMATION)res;
while (!NT_SUCCESS(status = NtQuerySystemInformation(SystemProcessInformation, hello, buffer, &len))) {
ExFreePool(res);
buffer *= 2;
res = ExAllocatePool(NonPagedPool, buffer);
hello = (PSYSTEM_PROCESS_INFORMATION)res;
}
DbgPrint("\n---------\nPopovkin Alexander\n");
while (hello->NextEntryOffset) {
DbgPrint("\nProcess name: %wZ | Process ID: %d | Number of threads %d\n",&(hello->ImageName), hello->UniqueProcessId, hello->NumberOfThreads);
PSYSTEM_THREAD_INFORMATION threads = (PSYSTEM_THREAD_INFORMATION) ((char*)hello + sizeof(SYSTEM_PROCESS_INFORMATION));
DbgPrint("Threads info:\n");
for (i = 0; i < hello->NumberOfThreads; i++) {
DbgPrint("UniqueTread %d ", threads[i].ClientId.UniqueThread);
DbgPrint("UniqueProcces %d\n", threads[i].ClientId.UniqueProcess);
}
hello = (PSYSTEM_PROCESS_INFORMATION)((char*)hello + (hello->NextEntryOffset));
}
if (res) ExFreePool(res);
SIZE_T p1 = _PAGE_SIZE * 10;
SIZE_T p2 = _PAGE_SIZE * 5;
PVOID base = NULL;
status = ZwAllocateVirtualMemory(NtCurrentProcess(), &base, 0, &p1, MEM_RESERVE, PAGE_READWRITE);
if (status == STATUS_SUCCESS) {
DbgPrint("10 pages in virtual memory successfully intitialized\n");
}
status = ZwAllocateVirtualMemory(NtCurrentProcess(), &base, 0, &p2, MEM_COMMIT, PAGE_READWRITE);
if (status == STATUS_SUCCESS) {
DbgPrint("5 pages in physical memory successfully intitialized\n");
}
*((char*) base) = 1;
DbgPrint("Printing PTE's\n\n");
for (i = 0; i < 5; i++) {
HARDWARE_PTE* pte = PTE_BASE + ((ULONG)base >> 12) + i;
DbgPrint(" Page %d \n", i);
DbgPrint("Valid: %d\n", pte->Valid);
DbgPrint("Write: %d\n", pte->Write);
DbgPrint("Owner: %d\n", pte->Owner);
DbgPrint("WriteThrough: %d\n", pte->WriteThrough);
DbgPrint("CacheDisable: %d\n", pte->CacheDisable);
DbgPrint("Accessed: %d\n", pte->Accessed);
DbgPrint("Dirty: %d\n", pte->Dirty);
DbgPrint("LargePage: %d\n", pte->LargePage);
DbgPrint("Global: %d\n", pte->Global);
DbgPrint("CopyOnWrite: %d\n", pte->CopyOnWrite);
DbgPrint("Prototype: %d\n", pte->Prototype);
DbgPrint("reserved: %d\n", pte->reserved);
DbgPrint("PageFrameNumber: 0x%x\n", pte->PageFrameNumber);
DbgPrint("\n");
}
status = ZwFreeVirtualMemory(NtCurrentProcess(), &base, 0, MEM_DECOMMIT);
if (status == STATUS_SUCCESS) {
DbgPrint("10 pages in virtual memory successfully freed\n");
}
status = ZwFreeVirtualMemory(NtCurrentProcess(), &base, 0, MEM_RELEASE);
if (status == STATUS_SUCCESS) {
DbgPrint("5 pages in physical memory successfully freed\n");
}
return STATUS_SUCCESS;
}