Ceiridge/PagefileCreator.cpp

## PagefileCreator.cpp
#include <iostream>
#include <string>
#include <Windows.h>
#include <winternl.h>

typedef NTSTATUS(NTAPI* NtCreatePagingFile)(
	IN PUNICODE_STRING      PageFileName,
	IN PLARGE_INTEGER       MinimumSize,
	IN PLARGE_INTEGER       MaximumSize,
	OUT PLARGE_INTEGER      ActualSize OPTIONAL);

bool AddPagefilePrivilege() {
	HANDLE hToken = nullptr;
	LUID luid;

	OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken);
	LookupPrivilegeValue(L"", SE_CREATE_PAGEFILE_NAME, &luid);

	TOKEN_PRIVILEGES tp;
	tp.PrivilegeCount = 1;
	tp.Privileges[0].Luid = luid;
	tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

	return AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), nullptr, nullptr);
}

int wmain(int argc, wchar_t* argv[]) {
	if (argc <= 2) {
		std::cout << "Not enough arguments. Creator.exe <PagefilePath> <SizeMultipleOf16MB>" << std::endl;
		return 1;
	}

	const std::wstring pageFilePathStr = std::wstring(L"\\??\\") + argv[1];
	const wchar_t* pageFilePath = pageFilePathStr.c_str();
	const long long pageFileSizeMultiple = _wtoll(argv[2]);
	const long long pageFileSize = pageFileSizeMultiple * 0x1000000LL; // 0x1000000 = ~16 MB (minimum)

	std::wcout << "Creating pagefile at " << pageFilePathStr << " with size " << pageFileSize << " bytes" << std::endl;
	std::cout << "Pagefile privilege result: " << AddPagefilePrivilege() << std::endl;

	const HMODULE ntdllModule = LoadLibrary(TEXT("ntdll.dll"));
	if (!ntdllModule) {
		std::cout << "Ntdll not loaded" << std::endl;
		return 1;
	}

	const NtCreatePagingFile createFunction = (NtCreatePagingFile) GetProcAddress(ntdllModule, "NtCreatePagingFile");
	if (!createFunction) {
		std::cout << "Function not found" << std::endl;
		return 1;
	}

	UNICODE_STRING pathString{};
	RtlInitUnicodeString(&pathString, pageFilePath);

	LARGE_INTEGER sizeMin{}, sizeMax{}, actualSize{};
	sizeMin.QuadPart = pageFileSize;
	sizeMax.QuadPart = pageFileSize;

	const NTSTATUS status = createFunction(&pathString, &sizeMin, &sizeMax, nullptr);
	std::cout << "Status: " << std::hex << status << ". Size: " << std::dec << sizeMin.QuadPart << std::endl;

	return 0;
}
	#include <iostream>
	#include <string>
	#include <Windows.h>
	#include <winternl.h>

	typedef NTSTATUS(NTAPI* NtCreatePagingFile)(
	IN PUNICODE_STRING PageFileName,
	IN PLARGE_INTEGER MinimumSize,
	IN PLARGE_INTEGER MaximumSize,
	OUT PLARGE_INTEGER ActualSize OPTIONAL);

	bool AddPagefilePrivilege() {
	HANDLE hToken = nullptr;
	LUID luid;

	OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken);
	LookupPrivilegeValue(L"", SE_CREATE_PAGEFILE_NAME, &luid);

	TOKEN_PRIVILEGES tp;
	tp.PrivilegeCount = 1;
	tp.Privileges[0].Luid = luid;
	tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

	return AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), nullptr, nullptr);
	}

	int wmain(int argc, wchar_t* argv[]) {
	if (argc <= 2) {
	std::cout << "Not enough arguments. Creator.exe <PagefilePath> <SizeMultipleOf16MB>" << std::endl;
	return 1;
	}

	const std::wstring pageFilePathStr = std::wstring(L"\\??\\") + argv[1];
	const wchar_t* pageFilePath = pageFilePathStr.c_str();
	const long long pageFileSizeMultiple = _wtoll(argv[2]);
	const long long pageFileSize = pageFileSizeMultiple * 0x1000000LL; // 0x1000000 = ~16 MB (minimum)

	std::wcout << "Creating pagefile at " << pageFilePathStr << " with size " << pageFileSize << " bytes" << std::endl;
	std::cout << "Pagefile privilege result: " << AddPagefilePrivilege() << std::endl;

	const HMODULE ntdllModule = LoadLibrary(TEXT("ntdll.dll"));
	if (!ntdllModule) {
	std::cout << "Ntdll not loaded" << std::endl;
	return 1;
	}

	const NtCreatePagingFile createFunction = (NtCreatePagingFile) GetProcAddress(ntdllModule, "NtCreatePagingFile");
	if (!createFunction) {
	std::cout << "Function not found" << std::endl;
	return 1;
	}

	UNICODE_STRING pathString{};
	RtlInitUnicodeString(&pathString, pageFilePath);

	LARGE_INTEGER sizeMin{}, sizeMax{}, actualSize{};
	sizeMin.QuadPart = pageFileSize;
	sizeMax.QuadPart = pageFileSize;

	const NTSTATUS status = createFunction(&pathString, &sizeMin, &sizeMax, nullptr);
	std::cout << "Status: " << std::hex << status << ". Size: " << std::dec << sizeMin.QuadPart << std::endl;

	return 0;
	}