#pragma warning(disable: 4100)#include "UnexDriver.h" // includes print() and GetKernelProcAddress()LONGLONG someFunction() { return 10;}typedef NTSTATUS(_stdcall* ZwProtectVirtualMemory_t)(IN HANDLE ProcessHandle, IN PVOID* BaseAddress, IN SIZE_T* NumberOfBytesToProtect, IN ULONG NewAccessProtection, OUT PULONG OldAccessProtection);NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath) { UNREFERENCED_PARAMETER(pRegistryPath); pDriverObject->DriverUnload = UnloadDriver; ZwProtectVirtualMemory_t ZwProtectVirtualMemory = (ZwProtectVirtualMemory_t)GetKernelProcAddress(L"ZwProtectVirtualMemory"); char bytes[] = { 0x48, 0xc7, 0xc0, 0x01, 0x00, 0x00, 0x00, 0xc3}; ULONG cp = 0; SIZE_T sz = sizeof(bytes); PVOID baseAddr = (PVOID)&someFunction; ZwProtectVirtualMemory(NtCurrentProcess(), &baseAddr, &sz, PAGE_EXECUTE_READWRITE, &cp); memcpy((void*)&someFunction, bytes, sizeof(bytes)); ZwProtectVirtualMemory(NtCurrentProcess(), &baseAddr, &sz, cp, &cp); print("%lld", someFunction()); return STATUS_SUCCESS;}NTSTATUS UnloadDriver(PDRIVER_OBJECT pDriverObject) { UNREFERENCED_PARAMETER(pDriverObject); return STATUS_SUCCESS;}I am trying to make a basic hook like that but I always get crash called "ATTEMPT_TO_WRITE_READONLY_MEMORY" so I think there are some problems on changing the protection of memory address. I made a search to find a function to change memory protection on kernel but I couldn't find any. Do anybody know?
