Ceiridge · April 28, 2022 21:45
diff --git a/PagefileCreator.cpp b/PagefileCreator.cpp
 #include <iostream>
 #include <string>
 #include <Windows.h>
 #include <winternl.h>

 typedef NTSTATUS(NTAPI* NtCreatePagingFile)(
 	IN PUNICODE_STRING      PageFileName,
 	IN PLARGE_INTEGER       MinimumSize,
 	IN PLARGE_INTEGER       MaximumSize,
 	OUT PLARGE_INTEGER      ActualSize OPTIONAL);

 bool AddPagefilePrivilege() {
 	HANDLE hToken = nullptr;
 	LUID luid;

 	OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken);
 	LookupPrivilegeValue(L"", SE_CREATE_PAGEFILE_NAME, &luid);

 	TOKEN_PRIVILEGES tp;
 	tp.PrivilegeCount = 1;
 	tp.Privileges[0].Luid = luid;
 	tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

 	return AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), nullptr, nullptr);
 }

 int wmain(int argc, wchar_t* argv[]) {
 	if (argc <= 2) {
 		std::cout << "Not enough arguments. Creator.exe <PagefilePath> <SizeMultipleOf16MB>" << std::endl;
 		return 1;
 	}

 	const std::wstring pageFilePathStr = std::wstring(L"\\??\\") + argv[1];
 	const wchar_t* pageFilePath = pageFilePathStr.c_str();
 	const long long pageFileSizeMultiple = _wtoll(argv[2]);
 	const long long pageFileSize = pageFileSizeMultiple * 0x1000000LL; // 0x1000000 = ~16 MB (minimum)

 	std::wcout << "Creating pagefile at " << pageFilePathStr << " with size " << pageFileSize << " bytes" << std::endl;
 	std::cout << "Pagefile privilege result: " << AddPagefilePrivilege() << std::endl;

 	const HMODULE ntdllModule = LoadLibrary(TEXT("ntdll.dll"));
 	if (!ntdllModule) {
 		std::cout << "Ntdll not loaded" << std::endl;
 		return 1;
 	}

 	const NtCreatePagingFile createFunction = (NtCreatePagingFile) GetProcAddress(ntdllModule, "NtCreatePagingFile");
 	if (!createFunction) {
 		std::cout << "Function not found" << std::endl;
 		return 1;
 	}

 	UNICODE_STRING pathString{};
 	RtlInitUnicodeString(&pathString, pageFilePath);

 	LARGE_INTEGER sizeMin{}, sizeMax{}, actualSize{};
 	sizeMin.QuadPart = pageFileSize;
 	sizeMax.QuadPart = pageFileSize;
 	
 	const NTSTATUS status = createFunction(&pathString, &sizeMin, &sizeMax, nullptr);
 	std::cout << "Status: " << std::hex << status << ". Size: " << std::dec << sizeMin.QuadPart << std::endl;

 	return 0;
 }
	#include <iostream>
	#include <string>
	#include <Windows.h>
	#include <winternl.h>

	typedef NTSTATUS(NTAPI* NtCreatePagingFile)(
	IN PUNICODE_STRING PageFileName,
	IN PLARGE_INTEGER MinimumSize,
	IN PLARGE_INTEGER MaximumSize,
	OUT PLARGE_INTEGER ActualSize OPTIONAL);

	bool AddPagefilePrivilege() {
	HANDLE hToken = nullptr;
	LUID luid;

	OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken);
	LookupPrivilegeValue(L"", SE_CREATE_PAGEFILE_NAME, &luid);

	TOKEN_PRIVILEGES tp;
	tp.PrivilegeCount = 1;
	tp.Privileges[0].Luid = luid;
	tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

	return AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), nullptr, nullptr);
	}

	int wmain(int argc, wchar_t* argv[]) {
	if (argc <= 2) {
	std::cout << "Not enough arguments. Creator.exe <PagefilePath> <SizeMultipleOf16MB>" << std::endl;
	return 1;
	}

	const std::wstring pageFilePathStr = std::wstring(L"\\??\\") + argv[1];
	const wchar_t* pageFilePath = pageFilePathStr.c_str();
	const long long pageFileSizeMultiple = _wtoll(argv[2]);
	const long long pageFileSize = pageFileSizeMultiple * 0x1000000LL; // 0x1000000 = ~16 MB (minimum)

	std::wcout << "Creating pagefile at " << pageFilePathStr << " with size " << pageFileSize << " bytes" << std::endl;
	std::cout << "Pagefile privilege result: " << AddPagefilePrivilege() << std::endl;

	const HMODULE ntdllModule = LoadLibrary(TEXT("ntdll.dll"));
	if (!ntdllModule) {
	std::cout << "Ntdll not loaded" << std::endl;
	return 1;
	}

	const NtCreatePagingFile createFunction = (NtCreatePagingFile) GetProcAddress(ntdllModule, "NtCreatePagingFile");
	if (!createFunction) {
	std::cout << "Function not found" << std::endl;
	return 1;
	}

	UNICODE_STRING pathString{};
	RtlInitUnicodeString(&pathString, pageFilePath);

	LARGE_INTEGER sizeMin{}, sizeMax{}, actualSize{};
	sizeMin.QuadPart = pageFileSize;
	sizeMax.QuadPart = pageFileSize;

	const NTSTATUS status = createFunction(&pathString, &sizeMin, &sizeMax, nullptr);
	std::cout << "Status: " << std::hex << status << ". Size: " << std::dec << sizeMin.QuadPart << std::endl;

	return 0;
	}