push offset LibFileName ; "ntdll"
call ds:LoadLibraryA
mov edi, eax
push offset ProcName ; "RtlAdjustPrivilege"
push edi ; "ntdll"
call ds:GetProcAddress
push offset aNtraiseharderr ; "NtRaiseHardError"
push edi ; "ntdll"
call ds:GetProcAddress
push ....
push ....
push ....
push ....
call ....
--------------
As referenced here
https://undocumented.ntinternals.net/
NtRaiseHardError( IN NTSTATUS ErrorStatus, IN ULONG NumberOfParameters, IN PUNICODE_STRING UnicodeStringParameterMask OPTIONAL, IN PVOID *Parameters, IN HARDERROR_RESPONSE_OPTION ResponseOption, OUT PHARDERROR_RESPONSE Response );
------FYI this just me learning and documenting from the great Malware Hunter and his youtube video , none of this is my ownhttps://www.youtube.com/watch?v=b0WQwCQGjv4
No comments:
Post a Comment