c++ - How to change the protection of memory address in kernel (Windows)

Question

#pragma warning(disable: 4100)

#include "UnexDriver.h" // includes print() and GetKernelProcAddress()

LONGLONG someFunction() {
    return 10;
}

typedef NTSTATUS(_stdcall* ZwProtectVirtualMemory_t)(IN HANDLE ProcessHandle, IN PVOID* BaseAddress, IN SIZE_T* NumberOfBytesToProtect, IN ULONG NewAccessProtection, OUT PULONG OldAccessProtection);

NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath) {

    UNREFERENCED_PARAMETER(pRegistryPath);

    pDriverObject->DriverUnload = UnloadDriver;
    
    ZwProtectVirtualMemory_t ZwProtectVirtualMemory = (ZwProtectVirtualMemory_t)GetKernelProcAddress(L"ZwProtectVirtualMemory");

    char bytes[] = { 0x48, 0xc7, 0xc0, 0x01, 0x00, 0x00, 0x00, 0xc3};

    ULONG cp = 0;
    SIZE_T sz = sizeof(bytes);
    PVOID baseAddr = (PVOID)&someFunction;

    ZwProtectVirtualMemory(NtCurrentProcess(), &baseAddr, &sz, PAGE_EXECUTE_READWRITE, &cp);
    memcpy((void*)&someFunction, bytes, sizeof(bytes));
    ZwProtectVirtualMemory(NtCurrentProcess(), &baseAddr, &sz, cp, &cp);

    print("%lld", someFunction());

    return STATUS_SUCCESS;
}

NTSTATUS UnloadDriver(PDRIVER_OBJECT pDriverObject) {

    UNREFERENCED_PARAMETER(pDriverObject);
    
    return STATUS_SUCCESS;
}

I am trying to make a basic hook like that but I always get crash called "ATTEMPT_TO_WRITE_READONLY_MEMORY" so I think there are some problems on changing the protection of memory address. I made a search to find a function to change memory protection on kernel but I couldn't find any. Do anybody know?

Answer 1

等待大神答复