kuh4it/PoC_Stripped.cpp

## PoC_Stripped.cpp
// you can hook syscalls without triggering KPP or PG, that's just a project for fun
		PVOID DisgustingPatchGuard = Utils::FindPatternImage( KBase, "\x40\x53\x48\x83\xEC\x30\x8B\x41\x18" );
		if ( !DisgustingPatchGuard )
		{
			Utils::ThrowException( _( "C4GE: FAILED TO FIND PATCHGUARD INITIALIZATION CONTEXT" ) );
			return STATUS_INVALID_ADDRESS;
		}

		DisgustingPatchGuard = RVA( DisgustingPatchGuard, 7 );
		if ( !DisgustingPatchGuard )
		{
			Utils::ThrowException( _( "C4GE: FAILED TO CALCULATE RVA FOR PATCHGUARD INITIALIZATION CONTEXT" ) );
			return STATUS_INVALID_ADDRESS;
		}

		Cagevisor::Core::PlaceNPTHook<PVOID>( DisgustingPatchGuard, Hooks::ExtendedFrame );
		if ( !Globals::ExtendedFramePtr )
		{
			Utils::ThrowException( _( "C4GE: FRAME INVALID. KPP ENABLED?" ) );
			return STATUS_INVALID_ADDRESS;
		}

		//
		// Hardcoded using WinDbg, find your own shit buddy ;)
		//
		Utils::AllocLocally( Core::FindFrameSize( 0xffffffff`7ff4c3aa`a810c89 ) );
		if ( !Utils::IsBadReadPtr( Globals::GetLastIndependentPageAllocation( ) ) || !Globals::ExtendedFramePtr )
		{
			Utils::ThrowException( _( "C4GE: CANNOT FIND EXTENDED PAGE FRAME." ) );
			return STATUS_INVALID_ADDRESS;
		}

		BYTE JmpStub[] = { 0xFF, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00 }; // no need to use that since we NOP and not JMP anymore lmfao idk why i kept this:skull:
		Cagevisor::Core::OverlapMemory( FileAllocationInformation::IndependentPages, Globals::ExtendedFramePtr );
		Cagevisor::Core::SetLastMode( AddressRanges::KPPLess_CTX_test /* 0x0 */, false, false, true, 8 /* BitSet max page enumeration index */ );
		Cagevisor::Core::ExecuteCPL0Function<BOOLEAN>( MmSetAddressRangeModified, IA32_APERF /* Clock Counter */ )( Globals::ExtendedFramePtr, Globals::ExtendedFramePtrLength );

		for(INT32 FunctionLength = 0; FunctionLength <= Globals::ExtendedFramePtrLength; i++ )
			*( PVOID* ) ( Globals::ExtendedFramePtr + FunctionLength ) = Cagevisor::Routines::PlaceNOPWithoutKPPTrigger( );
	// you can hook syscalls without triggering KPP or PG, that's just a project for fun
	PVOID DisgustingPatchGuard = Utils::FindPatternImage( KBase, "\x40\x53\x48\x83\xEC\x30\x8B\x41\x18" );
	if ( !DisgustingPatchGuard )
	{
	Utils::ThrowException( _( "C4GE: FAILED TO FIND PATCHGUARD INITIALIZATION CONTEXT" ) );
	return STATUS_INVALID_ADDRESS;
	}

	DisgustingPatchGuard = RVA( DisgustingPatchGuard, 7 );
	if ( !DisgustingPatchGuard )
	{
	Utils::ThrowException( _( "C4GE: FAILED TO CALCULATE RVA FOR PATCHGUARD INITIALIZATION CONTEXT" ) );
	return STATUS_INVALID_ADDRESS;
	}

	Cagevisor::Core::PlaceNPTHook<PVOID>( DisgustingPatchGuard, Hooks::ExtendedFrame );
	if ( !Globals::ExtendedFramePtr )
	{
	Utils::ThrowException( _( "C4GE: FRAME INVALID. KPP ENABLED?" ) );
	return STATUS_INVALID_ADDRESS;
	}

	//
	// Hardcoded using WinDbg, find your own shit buddy ;)
	//
	Utils::AllocLocally( Core::FindFrameSize( 0xffffffff`7ff4c3aa`a810c89 ) );
	if ( !Utils::IsBadReadPtr( Globals::GetLastIndependentPageAllocation( ) ) \|\| !Globals::ExtendedFramePtr )
	{
	Utils::ThrowException( _( "C4GE: CANNOT FIND EXTENDED PAGE FRAME." ) );
	return STATUS_INVALID_ADDRESS;
	}

	BYTE JmpStub[] = { 0xFF, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00 }; // no need to use that since we NOP and not JMP anymore lmfao idk why i kept this:skull:
	Cagevisor::Core::OverlapMemory( FileAllocationInformation::IndependentPages, Globals::ExtendedFramePtr );
	Cagevisor::Core::SetLastMode( AddressRanges::KPPLess_CTX_test /* 0x0 /, false, false, true, 8 / BitSet max page enumeration index */ );
	Cagevisor::Core::ExecuteCPL0Function<BOOLEAN>( MmSetAddressRangeModified, IA32_APERF /* Clock Counter */ )( Globals::ExtendedFramePtr, Globals::ExtendedFramePtrLength );

	for(INT32 FunctionLength = 0; FunctionLength <= Globals::ExtendedFramePtrLength; i++ )
	( PVOID ) ( Globals::ExtendedFramePtr + FunctionLength ) = Cagevisor::Routines::PlaceNOPWithoutKPPTrigger( );