我尝试使用系统调用指令调用 NtAllocateVirtualMemory,但它返回错误 STATUS_ACCESS_VIOLATION
我尝试以管理员身份运行它,但它给了我同样的错误。我期待它在随机基地址分配内存。
我的cpp代码:
#include <Windows.h>
#include <iostream>
#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
extern "C" NTSTATUS SysNtAllocateVirtualMemory(HANDLE ProcessHandle, PVOID * BaseAddress, ULONG ZeroBits, PULONG RegionSize, ULONG AllocationType, ULONG Protect);
int main()
{
PVOID buffer = nullptr;
printf("[+] Calling NtAlocateVirtualMemory.\n");
NTSTATUS status = SysNtAllocateVirtualMemory(GetCurrentProcess(), &buffer, 0, (PULONG)0x1000, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READ);
if (!NT_SUCCESS(status))
{
printf("[!] Unable to allocate memory: %x\n", status);
return -1;
}
printf("Memory: %p\n", buffer);
printf("[+] Call successful.\n");
}
我的asm代码:
.code
SysNtAllocateVirtualMemory PROC
mov r10, rcx
mov eax, 00000018
syscall
ret
SysNtAllocateVirtualMemory ENDP
END
我的系统 ID 号错误,它应该是 18h,而不是 00000018