22 lines
693 B
Markdown
22 lines
693 B
Markdown
# Revird
|
|
Driver for x64 bit Windows, can read/write memory, get the address of a process/module in a process.<br>
|
|
|
|
## Example usage
|
|
You can find an example usage in the `EdomResu` folder (UserMode backwards).<br>
|
|
|
|
```C++
|
|
int main(void) {
|
|
QWORD proc_addr = GetProcess(L"explorer.exe");
|
|
QWORD mod_addr = GetProcessModule(L"explorer.exe", L"kernel32.dll");
|
|
BYTE mz = RPM<BYTE>(proc_addr);
|
|
|
|
printf("Address of explorer.exe : 0x%p\n", (void*)proc_addr);
|
|
printf("Address of kernel32.dll in explorer.exe : 0x%p\n", (void*)mod_addr);
|
|
printf("Header of explorer.exe : 0x%X\n", mz);
|
|
printf("Unloading driver...");
|
|
DriverUnload();
|
|
printf("ok.\n");
|
|
return 0;
|
|
}
|
|
```
|