Create README.md

2025-05-28 19:21:22 -06:00
parent 7c13035673
commit e1958457fb
1 changed files with 15 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,15 @@
+simple method.
+
+__int64 NtCompareSigningLevels()
+{
+  int v0; // eax
+
+  v0 = 0;
+  if ( function_pointer )
+    v0 = ((__int64 (*)(void))function_pointer)();
+  return v0 == 0 ? 0xC0000428 : 0;
+}
+
+this loads a qword into r9 from a var.
+
+we use pdfwkrnl's memcpy vulnerable function to swap this pointer to our kernel function.