Justas Masiulis JustasMasiulis

🙃

little bit of everything

Solving life problems with templates

JustasMasiulis / goofy_map_image.cpp

Last active January 27, 2026 01:52

	IO_STATUS_BLOCK iosb;
	UNICODE_STRING path = RTL_CONSTANT_STRING(L"\\SystemRoot\\System32\\ntdll.dll");
	OBJECT_ATTRIBUTES attr = RTL_CONSTANT_OBJECT_ATTRIBUTES(&path, 0);
	HANDLE file, section;

	// only FILE_EXECUTE
	NTSTATUS status = NtCreateFile(&file, FILE_EXECUTE, &attr, &iosb, nullptr, 0, 0, FILE_OPEN, 0, nullptr, 0);
	printf("NtCreateFile %lx\n", status);

	// request PAGE_EXECUTE when creating - the only permission compatible with FILE_EXECUTE.

JustasMasiulis / PspSystemDlls.h

Created April 15, 2022 15:04


	typedef struct _PSP_SYSTEM_DLL {
	EX_FAST_REF DllSection;
	EX_PUSH_LOCK DllLock;
	} PSP_SYSTEM_DLL;

	typedef struct _PS_SYSTEM_DLL_INFO
	{
	union
	{

JustasMasiulis / PPL.cpp

Last active September 21, 2024 01:46

	struct RTL_PROTECTED_ACCESS {
	DWORD DominateMask;
	DWORD DeniedProcessAccess;
	DWORD DeniedThreadAccess;
	};

	bool RtlTestProtectedAccess(_PS_PROTECTION Requester, _PS_PROTECTION Target)
	{
	if ( Target.Type == 0 )
	return true;

JustasMasiulis / MiInitializePageColorBase.c

Created April 17, 2019 11:14

	struct MI_PAGE_COLOR_BASE { // I thought this one up. No idea if anything like it exists in symbols
	PULONG Color;
	WORD ColorMask;
	WORD NodeShiftedColor;
	};

	void __fastcall MiInitializePageColorBase(_MMSUPPORT_INSTANCE instance, int node, MI_PAGE_COLOR_BASE colorBase) {
	_KPRCB* prcb;
	if(node) {
	prcb = KeGetCurrentPrcb();

JustasMasiulis / MiChangePageAttribute.c

Last active April 17, 2019 11:01

	#define MI_PFN_ELEMENT_TO_INDEX(_Pfn) ((PFN_NUMBER)(((ULONG_PTR)(_Pfn) - (ULONG_PTR)MmPfnDatabase) / sizeof (MMPFN)))

	void MiChangePageAttribute(_MMPFN *pfn, MI_PFN_CACHE_ATTRIBUTE cacheAtrribute, bool pfnLocked) {
	KIRQL irql;
	if(pfnLocked \|\| someThreadPointer == KeGetCurrentThread()) // no idea what it is
	irql = 17;
	else
	irql = MiLockPageInline(pfn);

	currCacheAttribute = pfn->u3.e1.CacheAttribute;

JustasMasiulis / MiLockPageInline.c

Created April 3, 2019 10:28

	uint64_t MiLockPageInline(_MMPFN *pfn)
	{
	auto oldIrql = KeRaiseIrqlToDpcLevel();
	uint32_t spinCount = 0;
	while(_interlockedbittestandset64(&pfn->u2.Lock, 63ui64)) // set pfn->u2.LockBit
	{
	do
	KeYieldProcessorEx(&spinCount);
	while(pfn->u2.LockBit);
	}

JustasMasiulis / MiSetPfnTbFlushStamp.c

Created April 3, 2019 10:06

	int64_t MiSetPfnTbFlushStamp(_MMPFN *pfn, char flushStamp, BOOL pfnLocked)
	{
	if(pfnLocked)
	pfn->u2.TbFlushStamp = flushStamp;
	else // CAS loop
	while(true) {
	auto old = pfn->u2;
	auto new = old;
	new.TbFlushStamp = flushStamp;
	if(_InterlockedCompareExchange(&pfn->u2.Lock, new.EntireField, old.EntireField) == old.EntireField)

JustasMasiulis / MiFinalizePageAttribute.c

Last active April 4, 2019 12:27

	void MiFinalizePageAttribute(_MMPFN *pfn, MI_PFN_CACHE_ATTRIBUTE cacheAttribute, unsigned int pfnLocked)
	{
	if(pfn->u3.e1.CacheAttribute != cacheAttribute)
	MiChangePageAttribute(pfn, cacheAttribute, pfnLocked);
	MiSetPfnTbFlushStamp(pfn, 0i64, pfnLocked);
	}

JustasMasiulis / MiProtectionToCacheAttribute.c

Last active April 4, 2019 12:26

	MI_PFN_CACHE_ATTRIBUTE MiProtectionToCacheAttribute(uint32_t protection) {
	if(protection != 0x1F) // all flags combined
	{
	if(protection >> 3 == 3) // MM_WRITECOMBINE
	{
	if(protection & 7) // check if it has any actual access
	return MiWriteCombined;
	}
	else if (protection >> 3 == 1) // MM_NOCACHE
	return MiNonCached;

JustasMasiulis / stack_string.hpp

Created June 21, 2018 08:48

	#ifndef JM_STACK_STRING_HPP
	#define JM_STACK_STRING_HPP

	#include <cstdint>
	#include <cstddef>
	#include <type_traits>

	#define STACK_STRING(name, str) \
	alignas(8) std::decay_t<decltype(*str)> \
	name[sizeof(str) / sizeof(std::decay_t<decltype(*str)>)]; \