SHARE
TWEET

Untitled

a guest Jul 19th, 2019 61 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. void SSDT::GetKeServiceDescriptorTableAddrX64()
  2.     {
  3.         PUCHAR StartSearchAddress = (PUCHAR)__readmsr(0xC0000082); // BSOD here
  4.         return;
  5.         PUCHAR EndSearchAddress = StartSearchAddress + 0x500;
  6.         PUCHAR i = NULL;
  7.         UCHAR b1 = 0, b2 = 0, b3 = 0;
  8.         ULONGLONG templong = 0;
  9.         ULONGLONG addr = 0;
  10.         for (i = StartSearchAddress; i < EndSearchAddress; i++)
  11.         {
  12.             if (MmIsAddressValid(i) && MmIsAddressValid(i + 1) && MmIsAddressValid(i + 2))
  13.             {
  14.                 b1 = *(i);
  15.                 b2 = *(i + 1);
  16.                 b3 = *(i + 2);
  17.                 if (b1 == 0x4c && b2 == 0x8d && b3 == 0x15)
  18.                 {
  19.                     memcpy(&templong, i + 3, 4);
  20.                     addr = (ULONGLONG)templong + (ULONGLONG)i + 7;
  21.                     break;
  22.                 }
  23.             }
  24.         }
  25.         KeServiceDescriptorTable = (PSYSTEM_SERVICE_TABLE)addr;
  26.     }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top