Memory mapping kernel32.dll


SUBMITTED BY: Guest

DATE: June 9, 2013, 7:22 p.m.

FORMAT: Text only

SIZE: 948 Bytes

HITS: 1006

  1. int main(int argc, CHAR* argv[])
  2. {
  3. char dllpath[MAX_PATH] = "\\\\.\\C:\\Windows\\System32\\kernel32.dll";
  4. printf("%s\n",dllpath);
  5. HANDLE file = CreateFile(dllpath,GENERIC_READ|GENERIC_EXECUTE,FILE_SHARE_READ,NULL,OPEN_EXISTING,0,0);
  6. HANDLE mappedfile = CreateFileMapping(file,NULL,PAGE_EXECUTE_READ|SEC_IMAGE,0,0,NULL);
  7. void *dlladdress = MapViewOfFile(mappedfile,FILE_MAP_READ|FILE_MAP_EXECUTE,0,0,0);
  8. void *kerneladdr = GetModuleHandle("kernel32.dll");
  9. mappedTerminateProcess termaddress = (myTerminateProcess)((DWORD)dlladdress + ((DWORD)&TerminateProcess - (DWORD)kerneladdr));
  10. mappedOpenProcess openprocaddress = (myOpenProcess)((DWORD)dlladdress + ((DWORD)&OpenProcess - (DWORD)kerneladdr));
  11. DWORD pid = getPid("notepad.exe");
  12. HANDLE h = openprocaddress(PROCESS_TERMINATE,false,pid); //Program crashes here
  13. termaddress(h,0)
  14. return 0;
  15. }

comments powered by Disqus