-
Notifications
You must be signed in to change notification settings - Fork 3
/
GetProcessDEPPolicy_bug.cpp
45 lines (41 loc) · 1.1 KB
/
GetProcessDEPPolicy_bug.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#ifndef _M_IX86
#error x86 inline asm required.
#endif
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
void PrintDEPPolicy(HANDLE process)
{
DWORD flags = 0;
BOOL permanent = FALSE;
BOOL result = FALSE;
__asm {
lea edx, permanent
push edx
lea eax, flags
push eax
push process
mov cl, 42h
call GetProcessDEPPolicy
mov result, eax
}
if (result == TRUE)
printf("%02x\n", permanent);
else
puts("!GetProcessDEPPolicy");
}
int __cdecl main(int argc, PSTR argv[])
{
HANDLE process = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, argc < 2 ? GetCurrentProcessId() : strtoul(argv[1], NULL, 10));
PrintDEPPolicy(process);
const BYTE mov_edi_edi[2] = { 0x8B, 0xFF };
const BYTE xor_ecx_ecx[2] = { 0x33, 0xC9 };
if (memcmp(GetProcessDEPPolicy, mov_edi_edi, sizeof(mov_edi_edi)) == 0)
{
WriteProcessMemory(GetCurrentProcess(), GetProcessDEPPolicy, xor_ecx_ecx, sizeof(xor_ecx_ecx), NULL);
FlushInstructionCache(GetCurrentProcess(), GetProcessDEPPolicy, sizeof(xor_ecx_ecx));
}
else
fputs("GetProcessDEPPolicy() entry point is not \"MOV EDI, EDI\"\n", stderr);
PrintDEPPolicy(process);
}