README.md

simple method.

__int64 NtCompareSigningLevels()
{
  int v0; // eax

  v0 = 0;
  if ( function_pointer )
    v0 = ((__int64 (*)(void))function_pointer)();
  return v0 == 0 ? 0xC0000428 : 0;
}

this loads a qword into r9 from a var.

we use pdfwkrnl's memcpy vulnerable function to swap this pointer to our kernel function.
Create README.md 2025-05-28 19:21:22 -06:00			`simple method.`

			`__int64 NtCompareSigningLevels()`
			`{`
			`int v0; // eax`

			`v0 = 0;`
			`if ( function_pointer )`
			`v0 = ((__int64 (*)(void))function_pointer)();`
			`return v0 == 0 ? 0xC0000428 : 0;`
			`}`

			`this loads a qword into r9 from a var.`

			`we use pdfwkrnl's memcpy vulnerable function to swap this pointer to our kernel function.`