123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167 |
- #pragma once
- #include "ASM/MgAsmCom.h"
- #include "ASM/MgAsmComDef.h"
- #include <string>
- #define FINDDATATYPE_FINDDATAEX 1
- #define FINDDATATYPE_FINDDOUBLEEX 2
- #define FINDDATATYPE_FINDFLOATEX 3
- #define FINDDATATYPE_FINDINTEX 4
- #define FINDDATATYPE_FINDSTRINGEX 5
- typedef struct _FindDataInfo //线程传参数结构体
- {
- HANDLE hprocess;
- DWORD dwncount; //要找的地址数据个数
- int count;//记录个数
- double double_value_min;
- double double_value_max;
- float float_value_min;
- float float_value_max;
- LONG int_value_min;
- LONG int_value_max;
- BYTE FindIntType;//找0:32位,1:16位,2:8位
- LONG FindDataType;//找数据的类型
- wchar_t Findstring[MAX_PATH];
- DWORD Finddata[MAX_PATH]; //要找的数据字符串
- DWORD dwbegin[MAX_PATH * 10];
- DWORD dwend[MAX_PATH * 10];
- bool bfindindex[MAX_PATH * 10];//做地址标志位,标识多线程要处理的地址
- wchar_t* retstr;
- CRITICAL_SECTION m_mutex;//多线程临界区
- _FindDataInfo()
- {
- hprocess = NULL;
- retstr = NULL;
- dwncount = 0;
- count = 0;
- double_value_min = 0;
- double_value_max = 0;
- float_value_min = 0;
- float_value_max = 0;
- int_value_min = 0;
- int_value_max = 0;
- FindIntType = -1;//找0:32位,1:16位,2:8位
- FindDataType = -1;//找数据的类型
- memset(Finddata, 0, MAX_PATH * sizeof(DWORD));
- memset(Findstring, 0, MAX_PATH);
- memset(dwbegin, 0, MAX_PATH * 10);
- memset(dwend, 0, MAX_PATH * 10);
- memset(bfindindex, 0, MAX_PATH * 10); //模式为false
- }
- }FindDataInfo, * PFindDataInfo;
- typedef struct {
- unsigned short Length;
- unsigned short MaximumLength;
- unsigned short* Buffer;
- } UNICODE_STRING;
- typedef UNICODE_STRING* PUNICODE_STRING;
- typedef struct _CLIENT_ID {
- HANDLE UniqueProcess;
- HANDLE UniqueThread;
- } CLIENT_ID;
- typedef CLIENT_ID* PCLIENT_ID;
- typedef struct _OBJECT_ATTRIBUTES {
- ULONG Length;
- HANDLE RootDirectory;
- PUNICODE_STRING ObjectName;
- ULONG Attributes;
- PVOID SecurityDescriptor;
- PVOID SecurityQualityOfService;
- } OBJECT_ATTRIBUTES, * POBJECT_ATTRIBUTES;
- typedef CONST OBJECT_ATTRIBUTES* PCOBJECT_ATTRIBUTES;
- typedef struct {
- unsigned long AllocationSize;
- unsigned long ActualSize;
- unsigned long Flags;
- unsigned long Unknown1;
- UNICODE_STRING Unknown2;
- void* InputHandle;
- void* OutputHandle;
- void* ErrorHandle;
- UNICODE_STRING CurrentDirectory;
- void* CurrentDirectoryHandle;
- UNICODE_STRING SearchPaths;
- UNICODE_STRING ApplicationName;
- UNICODE_STRING CommandLine;
- void* EnvironmentBlock;
- unsigned long Unknown[9];
- UNICODE_STRING Unknown3;
- UNICODE_STRING Unknown4;
- UNICODE_STRING Unknown5;
- UNICODE_STRING Unknown6;
- } PROCESS_PARAMETERS;
- typedef struct {
- unsigned long AllocationSize;
- unsigned long Unknown1;
- void* ProcessHinstance;
- void* ListDlls;
- PROCESS_PARAMETERS* ProcessParameters;
- unsigned long Unknown2;
- void* Heap;
- } PEB;
- typedef struct {
- unsigned int ExitStatus;
- PEB* PebBaseAddress;
- unsigned int AffinityMask;
- unsigned int BasePriority;
- unsigned long UniqueProcessId;
- unsigned long InheritedFromUniqueProcessId;
- } PROCESS_BASIC_INFORMATION;
- class TSMemoryAPI
- {
- public:
- TSMemoryAPI(void);
- ~TSMemoryAPI(void);
- CMgAsmBase tsasm;
- CMgDisasmBase tsdsm;
- public:
- bool TSValueTypeToData(int type, wchar_t* retstr, double dvalue = NULL, float fvalue = NULL, int ivalue = 0, wchar_t* svalue = NULL, int type1 = 0);
- bool TSFindData(LONG hwnd, wchar_t* addr_range, wchar_t* data, wchar_t* retstr, bool threadtype = false);
- bool TSFindDouble(LONG hwnd, wchar_t* addr_range, wchar_t* retstr, double double_value_min, double double_value_max, bool threadtype = false);
- bool TSFindFloat(LONG hwnd, wchar_t* addr_range, wchar_t* retstr, FLOAT float_value_min, FLOAT float_value_max, bool threadtype = false);
- bool TSFindInt(LONG hwnd, wchar_t* addr_range, wchar_t* retstr, LONG int_value_min, LONG int_value_max, LONG type, bool threadtype = false);
- bool TSFindString(LONG hwnd, wchar_t* addr_range, wchar_t* retstr, wchar_t* string_value, LONG type, bool threadtype = false);
- bool TSReadData(LONG hwnd, wchar_t* addr, wchar_t* retstr, LONG len);
- bool TSReadDouble(LONG hwnd, wchar_t* addr, double& dvalue, float& fvalue, int type = 0); //type0:DOUBLE,1:FLOAT
- bool TSReadInt(LONG hwnd, wchar_t* addr, int& ivalue, short& svalue, BYTE& bvalue, int type);
- bool TSReadString(LONG hwnd, wchar_t* addr, wchar_t* retstr, LONG len, int type);
- bool TSTerminateProcess(LONG pid);
- bool TSVirtualAllocEx(LONG hwnd, LONG& addr, LONG size, LONG type);
- bool TSVirtualFreeEx(LONG hwnd, LONG addr);
- bool TSWriteData(LONG hwnd, wchar_t* addr, wchar_t* data);
- bool TSWriteDouble(LONG hwnd, wchar_t* addr, DOUBLE dvalue = 0, FLOAT fvlaue = 0);
- bool TSWriteInt(LONG hwnd, wchar_t* addr, int ivalue = 0, short svalue = 0, BYTE bvalue = 0);
- bool TSWriteString(LONG hwnd, wchar_t* addr, wchar_t* strvalue, LONG type);
- bool TSGetCmdLine(LONG hwnd, wchar_t* retstr);
- bool TSAsmAdd(wchar_t* asm_ins);
- bool TSAsmCall(LONG hwnd, LONG mode);
- bool TSAsmClear();
- bool TSAsmCode(LONG base_addr, wchar_t* retstr);
- bool TSAssemble(wchar_t* asm_code, LONG base_addr, LONG is_upper, wchar_t* retstr);
- bool TSFreeProcessMemory(LONG hwnd);
- private:
- DWORD nPid;
- int retstringlen;//线程函数返回地址的长度
- CMgAsmBase::t_asmmodel am;
- std::string asmcodearry;//存储AsmAdd的指令
- char Asmcalladdr[MAX_PATH]; //记录保存CALL指令
- LPVOID allocatememory;
- DWORD TSGetFindDataAddr(wchar_t* strs, DWORD pid);//读取要读写的多层级别的地址指针
- bool TSGetaddr_range(wchar_t* strs, LONG& begin, LONG& end, DWORD* addr_range, int& nconut); //读取要找的地址集合
- bool TSGetDataValue(wchar_t* strs, DWORD* Data_range, int& nconut);
- //void FindDataThread(void *para);
- bool GetFindaddr(HANDLE hprocess, PVOID lpbegin, PVOID lpend, DWORD* ibegin, DWORD* ipend, int& ncount);
- DWORD GetCallstartData(DWORD Allocaddr, DWORD* startaddr, char* code = NULL);//获取CALL地址前的汇编指令
- };
|