Converted ZwQuerySystemInformation to dynamic call

2023-07-04 17:17:57 +02:00
parent 22a09441ab
commit 302d8e2f72
2 changed files with 36 additions and 27 deletions
@@ -1,15 +1,15 @@
-/*  ___     _                     _   _                     
+/*  ___     _                     _   _
 * |_ _|_ _| |_ ___ _ _ _ _  __ _| | | |_ _  _ _ __  ___ ___
 *  | || ' \  _/ -_) '_| ' \/ _` | | |  _| || | '_ \/ -_|_-<
 * |___|_||_\__\___|_| |_||_\__,_|_|  \__|\_, | .__/\___/__/
- *                                        |__/|_|           
+ *                                        |__/|_|
 */

 #pragma once

-//
-// SDK/WDK
-// 
+ //
+ // SDK/WDK
+ // 
 #include <ntifs.h>
 #include <ntintsafe.h>
 #include <ntimage.h>
@@ -21,11 +21,11 @@
 #include "Domito.h"


-/*  _  _ _   ___  _ _       _        
- * | \| | |_|   \| | |  ___| |_ __   
- * | .` |  _| |) | | | / -_)  _/ _|_ 
+/*  _  _ _   ___  _ _       _
+ * | \| | |_|   \| | |  ___| |_ __
+ * | .` |  _| |) | | | / -_)  _/ _|_
 * |_|\_|\__|___/|_|_| \___|\__\__(_)
- *                                   
+ *
 */

 // Structure representing a loaded module
@@ -50,14 +50,6 @@ typedef struct _SYSTEM_MODULE_INFORMATION
    SYSTEM_MODULE_INFORMATION_ENTRY Module[ANYSIZE_ARRAY];
 } SYSTEM_MODULE_INFORMATION, * PSYSTEM_MODULE_INFORMATION;

-// Function prototype for ZwQuerySystemInformation
-EXTERN_C NTSYSAPI NTSTATUS NTAPI ZwQuerySystemInformation(
-    _In_ ULONG SystemInformationClass,
-    _Inout_ PVOID SystemInformation,
-    _In_ ULONG SystemInformationLength,
-    _Out_opt_ PULONG ReturnLength
-);
-
 typedef struct _LDR_DATA_TABLE_ENTRY
 {
    LIST_ENTRY64 InLoadOrderLinks;
@@ -97,6 +89,13 @@ typedef NTSTATUS(NTAPI* t_ZwQueryInformationProcess) (
    __out_opt PULONG ReturnLength
    );

+typedef NTSTATUS(NTAPI* t_ZwQuerySystemInformation)(
+    _In_ ULONG SystemInformationClass,
+    _Inout_ PVOID SystemInformation,
+    _In_ ULONG SystemInformationLength,
+    _Out_opt_ PULONG ReturnLength
+    );
+
 /*   ___
 *  / __|___ _ __  _ __  ___ _ _
 * | (__/ _ \ '  \| '  \/ _ \ ' \
@@ -109,22 +108,24 @@ typedef struct
    t_RtlImageDirectoryEntryToData RtlImageDirectoryEntryToData;

    t_ZwQueryInformationProcess ZwQueryInformationProcess;
-    
+
+    t_ZwQuerySystemInformation ZwQuerySystemInformation;
+
 } DOMITO_COMMON;

 extern DOMITO_COMMON G_Common;


-/*  __  __                          __  __                                       _   
- * |  \/  |___ _ __  ___ _ _ _  _  |  \/  |__ _ _ _  __ _ __ _ ___ _ __  ___ _ _| |_ 
+/*  __  __                          __  __                                       _
+ * |  \/  |___ _ __  ___ _ _ _  _  |  \/  |__ _ _ _  __ _ __ _ ___ _ __  ___ _ _| |_
 * | |\/| / -_) '  \/ _ \ '_| || | | |\/| / _` | ' \/ _` / _` / -_) '  \/ -_) ' \  _|
 * |_|  |_\___|_|_|_\___/_|  \_, | |_|  |_\__,_|_||_\__,_\__, \___|_|_|_\___|_||_\__|
- *                           |__/                        |___/                       
+ *                           |__/                        |___/
 */

-//
-// Default pool tag
-// 
+ //
+ // Default pool tag
+ // 
 #define DOMITO_POOL_TAG     'imoD'

 //