-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmain.cpp
More file actions
58 lines (49 loc) · 1.39 KB
/
main.cpp
File metadata and controls
58 lines (49 loc) · 1.39 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#include <Windows.h>
#include <stdio.h>
using pfnNtQueryInformationProcess = NTSTATUS(NTAPI *)(
HANDLE ProcessHandle, /*PROCESSINFOCLASS*/ ULONG ProcessInformationClass,
PVOID ProcessInformation, ULONG ProcessInformationLength,
PULONG ReturnLength);
int QueryProcessUserShadowStack(HANDLE hProcess) {
int ret = 0;
do {
auto ntdll = GetModuleHandleA("ntdll.dll");
if (!ntdll) {
printf("ntdll null\n");
ret = -1;
break;
}
auto pNtQueryInformationProcess =
(pfnNtQueryInformationProcess)GetProcAddress(
ntdll, "NtQueryInformationProcess");
if (!pNtQueryInformationProcess) {
printf("NtQueryInformationProcess null\n");
ret = -2;
break;
}
PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY pmussp = {0};
ULONG uReturnLength = 0;
auto ns =
pNtQueryInformationProcess(hProcess, ProcessUserShadowStackPolicy,
&pmussp, sizeof(pmussp), &uReturnLength);
if (ns < 0) {
printf("not support\n");
ret = -3;
break;
}
if (pmussp.EnableUserShadowStack) {
printf("EnableUserShadowStack\n");
ret = 1;
} else {
printf("not EnableUserShadowStack\n");
ret = 2;
}
} while (0);
return ret;
}
int main() {
int ret = QueryProcessUserShadowStack(GetCurrentProcess());
printf("ret=%d\n", ret);
system("pause");
return 0;
}