Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- do
- {
- ms_exc.registration.TryLevel = 0;
- AllocationSize = v9;
- ntsStatus = NtAllocateVirtualMemory((HANDLE)0xFFFFFFFF, v10, 0, &AllocationSize, 0x1000u, 4u);// current process v10 = allocation address allocationsize = v9 MEM_COMMIT PAGE_READWRITE
- ms_exc.registration.TryLevel = -2;
- if ( ntsStatus < 0 ) // if function failed
- break;
- ReturnLength = AllocationSize;
- ntsStatus = NtQuerySystemInformation(SystemProcessesAndThreadsInformation, *v10, AllocationSize, &ReturnLength);
- if ( ntsStatus == 0xC0000004 ) // STATUS_INFO_LENGTH_MISMATCH
- {
- // this should fail
- NtFreeVirtualMemory((HANDLE)0xFFFFFFFF, v10, &AllocationSize, 0x8000u);// MEM_RELEASE
- *v10 = 0;
- v9 = (ReturnLength + 0x1FFF) & 0xFFFFE000;// v9 = returnlength aligned to two page boundaries
- ReturnLength = (ReturnLength + 0x1FFF) & 0xFFFFE000;// returnlength = returnlength aligned up by two page boundaries
- }
- else
- {
- v9 = ReturnLength;
- }
- }
- while ( ntsStatus == 0xC0000004 );
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
