aboutsummaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/KInterface.h28
-rw-r--r--include/PatternScanner.h56
2 files changed, 56 insertions, 28 deletions
diff --git a/include/KInterface.h b/include/KInterface.h
index 1149fd3..e990f6c 100644
--- a/include/KInterface.h
+++ b/include/KInterface.h
@@ -92,32 +92,4 @@ public:
return -1;
return wr.SizeRes;
}
-};
-
-template <SIZE_T SIZE>
-struct Diff {
- BYTE current_buffer[SIZE];
- BYTE old_buffer[SIZE];
- std::vector<std::pair<SIZE_T, SIZE_T>> diffs;
-};
-
-class KScan
-{
-public:
- template <typename T, SIZE_T SIZE>
- static SSIZE_T ScanSimple(HANDLE targetPID, PVOID start_address, SIZE_T max_scansize, T(&a)[SIZE])
- {
- return KScanSimple(targetPID, start_address, max_scansize, a, sizeof T * SIZE);
- }
- template <SIZE_T SIZE>
- static SSIZE_T BinDiffSimple(HANDLE targetPID, PVOID start_address, Diff<SIZE> *diff)
- {
- return KBinDiffSimple(targetPID, start_address, diff->current_buffer,
- diff->old_buffer, SIZE, &diff->diffs);
- }
-private:
- static SSIZE_T KScanSimple(HANDLE targetPID, PVOID start_address, SIZE_T max_scansize,
- PVOID scanbuf, SIZE_T scanbuf_size);
- static SSIZE_T KBinDiffSimple(HANDLE targetPid, PVOID start_address,
- BYTE *curbuf, BYTE *oldbuf, SIZE_T siz, std::vector<std::pair<SIZE_T, SIZE_T>> *diffs);
}; \ No newline at end of file
diff --git a/include/PatternScanner.h b/include/PatternScanner.h
new file mode 100644
index 0000000..c2f1980
--- /dev/null
+++ b/include/PatternScanner.h
@@ -0,0 +1,56 @@
+#pragma once
+
+#include "KMemDriver.h"
+
+#include <string>
+#include <vector>
+
+
+typedef bool(*map_file_cb)(IN MODULE_DATA&, OUT PVOID * const,
+ OUT SIZE_T * const, IN PVOID const);
+typedef bool(*map_file_cleanup_cb)(IN MODULE_DATA&,
+ IN PVOID, IN PVOID const);
+
+struct map_file_data {
+ map_file_cb map_file;
+ map_file_cleanup_cb map_file_cleanup;
+ bool in_memory_module;
+};
+
+struct loadlib_user_data {
+ std::vector<std::string> additionalDllSearchDirectories;
+};
+bool map_file_loadlib(MODULE_DATA& module, PVOID * const buffer,
+ SIZE_T * const size, PVOID const user_ptr);
+bool map_file_loadlib_cleanup(MODULE_DATA& module, PVOID buffer,
+ PVOID const user_ptr);
+bool map_file_kmem(MODULE_DATA& module, PVOID * const buffer,
+ SIZE_T * const size, PVOID const user_ptr);
+bool map_file_kmem_cleanup(MODULE_DATA& module, PVOID buffer,
+ PVOID const user_ptr);
+
+extern const struct map_file_data loadlib_data;
+extern const struct map_file_data kmem_data;
+
+class PatternScanner
+{
+public:
+ explicit PatternScanner(struct map_file_data const * const mfd = &loadlib_data, PVOID map_file_user_data = NULL);
+ ~PatternScanner();
+ void SetScanLowAddress(UINT64 startAddress) {
+ m_LowAddress = startAddress;
+ }
+ void SetScanAddress(UINT64 startAddress) {
+ m_LowAddress = startAddress;
+ }
+ bool Scan(MODULE_DATA& module, const char * const pattern);
+private:
+ bool checkPattern(MODULE_DATA& module, const char * const pattern, std::string& result);
+ bool doScan(UINT8 *buf, SIZE_T size, std::vector<UINT64>& foundOffsets);
+
+ struct map_file_data const * const mfd;
+ UINT64 m_LowAddress = 0x0;
+ UINT64 m_HighAddress = ((UINT64)-1);
+ PVOID map_file_user_data;
+};
+
Powered by cgit, Themed by Ted Yin.