From c4a6681b2796b9ea6bbd15e6a9870f1d3b10c5c2 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Thu, 27 Jun 2019 21:07:21 +0200 Subject: MemDriverLib + MemDriverWeb skeletons --- MemDriverLib/KInterface.h | 120 ---------------------------------------------- 1 file changed, 120 deletions(-) delete mode 100644 MemDriverLib/KInterface.h (limited to 'MemDriverLib/KInterface.h') diff --git a/MemDriverLib/KInterface.h b/MemDriverLib/KInterface.h deleted file mode 100644 index a8a7ee2..0000000 --- a/MemDriverLib/KInterface.h +++ /dev/null @@ -1,120 +0,0 @@ -#pragma once - -#include "Driver.h" - -#include -#include - -#define DEFAULT_TIMEOUT 2500 -#define INVALID_NTSTATUS (UINT32)-1 - -typedef enum SendRecvReturn { - SRR_INVALID = 0, SRR_SIGNALED, SRR_TIMEOUT, SRR_ERR_UEVENT, SRR_ERR_KEVENT, SRR_ERR_HEADER -} SendRecvReturn; - -class KInterface -{ -public: - static KInterface& getInstance() - { - static KInterface instance; - return instance; - } - KInterface(); - KInterface(KInterface const&) = delete; - void operator=(KInterface const&) = delete; - - bool Init(); - bool Handshake(); - bool Ping(); - bool Pages(HANDLE targetPID, - std::vector& dest, - PVOID start_address = NULL); - bool Modules(HANDLE targetPID, - std::vector& dest); - bool Exit(); - bool RPM(HANDLE targetPID, PVOID address, BYTE *buf, SIZE_T size, - PKERNEL_READ_REQUEST result); - bool WPM(HANDLE targetPID, PVOID address, BYTE *buf, SIZE_T size, - PKERNEL_WRITE_REQUEST result); - - PVOID getBuffer(); - HANDLE getKHandle(); - HANDLE getUHandle(); - UINT32 getLastPingValue(); - UINT32 getLastNtStatus(); - SendRecvReturn RecvWait(DWORD timeout = DEFAULT_TIMEOUT); - -private: - SendRecvReturn SendRecvWait(UINT32 type, DWORD timeout = DEFAULT_TIMEOUT); - - PVOID m_shmem = NULL; - HANDLE m_kevent = NULL, m_uevent = NULL; - - UINT32 m_last_ping_value = 0; - UINT32 m_last_ntstatus = INVALID_NTSTATUS; -}; - -class KMemory -{ -public: - template - static T Rpm(HANDLE targetPID, PVOID address) { - T buf; - if (!KInterface::getInstance().RPM(targetPID, address, (BYTE*)&buf, sizeof buf, NULL)) - throw std::runtime_error("KMemory RPM failed"); - return buf; - } - template - static void Wpm(HANDLE targetPID, PVOID address, T *buf) { - if (!KInterface::getInstance().WPM(targetPID, address, (BYTE*)buf, sizeof *buf, NULL)) - throw std::runtime_error("KMemory WPM failed"); - } -}; - -class KMemoryBuf -{ -public: - template - static SSIZE_T Rpm(HANDLE targetPID, PVOID address, BYTE *dest) { - KERNEL_READ_REQUEST rr = { 0 }; - if (!KInterface::getInstance().RPM(targetPID, address, &dest[0], SIZE, &rr)) - return -1; - return rr.SizeRes; - } - template - static SSIZE_T Wpm(HANDLE targetPID, PVOID address, BYTE *dest) { - KERNEL_WRITE_REQUEST wr = { 0 }; - if (!KInterface::getInstance().WPM(targetPID, address, &dest[0], SIZE, &wr)) - return -1; - return wr.SizeRes; - } -}; - -template -struct Diff { - BYTE current_buffer[SIZE]; - BYTE old_buffer[SIZE]; - std::vector> diffs; -}; - -class KScan -{ -public: - template - static SSIZE_T ScanSimple(HANDLE targetPID, PVOID start_address, SIZE_T max_scansize, T(&a)[SIZE]) - { - return KScanSimple(targetPID, start_address, max_scansize, a, sizeof T * SIZE); - } - template - static SSIZE_T BinDiffSimple(HANDLE targetPID, PVOID start_address, Diff *diff) - { - return KBinDiffSimple(targetPID, start_address, diff->current_buffer, - diff->old_buffer, SIZE, &diff->diffs); - } -private: - static SSIZE_T KScanSimple(HANDLE targetPID, PVOID start_address, SIZE_T max_scansize, - PVOID scanbuf, SIZE_T scanbuf_size); - static SSIZE_T KBinDiffSimple(HANDLE targetPid, PVOID start_address, - BYTE *curbuf, BYTE *oldbuf, SIZE_T siz, std::vector> *diffs); -}; \ No newline at end of file -- cgit v1.2.3