#pragma once #include "ASM/MgAsmCom.h" #include "ASM/MgAsmComDef.h" #include #define FINDDATATYPE_FINDDATAEX 1 #define FINDDATATYPE_FINDDOUBLEEX 2 #define FINDDATATYPE_FINDFLOATEX 3 #define FINDDATATYPE_FINDINTEX 4 #define FINDDATATYPE_FINDSTRINGEX 5 typedef struct _FindDataInfo //线程传参数结构体 { HANDLE hprocess; DWORD dwncount; //要找的地址数据个数 int count;//记录个数 double double_value_min; double double_value_max; float float_value_min; float float_value_max; LONG int_value_min; LONG int_value_max; BYTE FindIntType;//找0:32位,1:16位,2:8位 LONG FindDataType;//找数据的类型 wchar_t Findstring[MAX_PATH]; DWORD Finddata[MAX_PATH]; //要找的数据字符串 DWORD dwbegin[MAX_PATH*10]; DWORD dwend[MAX_PATH*10]; bool bfindindex[MAX_PATH*10];//做地址标志位,标识多线程要处理的地址 wchar_t *retstr; CRITICAL_SECTION m_mutex;//多线程临界区 _FindDataInfo() { hprocess=NULL; retstr=NULL; dwncount=0; count=0; double_value_min=0; double_value_max=0; float_value_min=0; float_value_max=0; int_value_min=0; int_value_max=0; FindIntType=-1;//找0:32位,1:16位,2:8位 FindDataType=-1;//找数据的类型 memset(Finddata,0,MAX_PATH*sizeof(DWORD)); memset(Findstring,0,MAX_PATH); memset(dwbegin,0,MAX_PATH*10); memset(dwend,0,MAX_PATH*10); memset(bfindindex,0,MAX_PATH*10); //模式为false } }FindDataInfo, *PFindDataInfo; typedef struct { unsigned short Length; unsigned short MaximumLength; unsigned short *Buffer; } UNICODE_STRING; typedef UNICODE_STRING *PUNICODE_STRING; typedef struct _CLIENT_ID { HANDLE UniqueProcess; HANDLE UniqueThread; } CLIENT_ID; typedef CLIENT_ID *PCLIENT_ID; typedef struct _OBJECT_ATTRIBUTES { ULONG Length; HANDLE RootDirectory; PUNICODE_STRING ObjectName; ULONG Attributes; PVOID SecurityDescriptor; PVOID SecurityQualityOfService; } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; typedef CONST OBJECT_ATTRIBUTES *PCOBJECT_ATTRIBUTES; typedef struct { unsigned long AllocationSize; unsigned long ActualSize; unsigned long Flags; unsigned long Unknown1; UNICODE_STRING Unknown2; void *InputHandle; void *OutputHandle; void *ErrorHandle; UNICODE_STRING CurrentDirectory; void *CurrentDirectoryHandle; UNICODE_STRING SearchPaths; UNICODE_STRING ApplicationName; UNICODE_STRING CommandLine; void *EnvironmentBlock; unsigned long Unknown[9]; UNICODE_STRING Unknown3; UNICODE_STRING Unknown4; UNICODE_STRING Unknown5; UNICODE_STRING Unknown6; } PROCESS_PARAMETERS; typedef struct { unsigned long AllocationSize; unsigned long Unknown1; void *ProcessHinstance; void *ListDlls; PROCESS_PARAMETERS *ProcessParameters; unsigned long Unknown2; void *Heap; } PEB; typedef struct { unsigned int ExitStatus; PEB *PebBaseAddress; unsigned int AffinityMask; unsigned int BasePriority; unsigned long UniqueProcessId; unsigned long InheritedFromUniqueProcessId; } PROCESS_BASIC_INFORMATION; class TSMemoryAPI { public: TSMemoryAPI(void); ~TSMemoryAPI(void); CMgAsmBase tsasm; CMgDisasmBase tsdsm; public: bool TSValueTypeToData(int type,wchar_t *retstr,double dvalue=NULL,float fvalue=NULL,int ivalue=0,wchar_t *svalue=NULL,int type1=0); bool TSFindData(LONG hwnd,wchar_t * addr_range,wchar_t *data,wchar_t *retstr,bool threadtype=false); bool TSFindDouble(LONG hwnd,wchar_t * addr_range,wchar_t *retstr,double double_value_min,double double_value_max,bool threadtype=false); bool TSFindFloat(LONG hwnd,wchar_t * addr_range,wchar_t *retstr,FLOAT float_value_min, FLOAT float_value_max,bool threadtype=false); bool TSFindInt(LONG hwnd,wchar_t * addr_range,wchar_t *retstr,LONG int_value_min, LONG int_value_max,LONG type,bool threadtype=false); bool TSFindString(LONG hwnd,wchar_t * addr_range,wchar_t *retstr,wchar_t*string_value,LONG type,bool threadtype=false); bool TSReadData(LONG hwnd,wchar_t*addr,wchar_t *retstr,LONG len); bool TSReadDouble(LONG hwnd,wchar_t*addr,double &dvalue,float &fvalue,int type=0); //type0:DOUBLE,1:FLOAT bool TSReadInt(LONG hwnd,wchar_t*addr,int &ivalue,short &svalue,BYTE &bvalue,int type); bool TSReadString(LONG hwnd,wchar_t*addr,wchar_t *retstr,LONG len,int type); bool TSTerminateProcess(LONG pid); bool TSVirtualAllocEx(LONG hwnd,LONG &addr,LONG size,LONG type); bool TSVirtualFreeEx(LONG hwnd,LONG addr); bool TSWriteData(LONG hwnd,wchar_t * addr,wchar_t *data); bool TSWriteDouble(LONG hwnd,wchar_t *addr,DOUBLE dvalue=0,FLOAT fvlaue=0); bool TSWriteInt(LONG hwnd,wchar_t *addr,int ivalue=0,short svalue=0,BYTE bvalue=0); bool TSWriteString(LONG hwnd,wchar_t*addr,wchar_t* strvalue,LONG type); bool TSGetCmdLine(LONG hwnd,wchar_t *retstr); bool TSAsmAdd(wchar_t*asm_ins); bool TSAsmCall(LONG hwnd,LONG mode); bool TSAsmClear(); bool TSAsmCode(LONG base_addr,wchar_t *retstr); bool TSAssemble(wchar_t * asm_code,LONG base_addr,LONG is_upper,wchar_t *retstr); bool TSFreeProcessMemory(LONG hwnd); private: DWORD nPid; int retstringlen;//线程函数返回地址的长度 CMgAsmBase::t_asmmodel am; std::string asmcodearry;//存储AsmAdd的指令 char Asmcalladdr[MAX_PATH]; //记录保存CALL指令 LPVOID allocatememory; DWORD TSGetFindDataAddr(wchar_t* strs, DWORD pid);//读取要读写的多层级别的地址指针 bool TSGetaddr_range(wchar_t* strs,LONG &begin,LONG &end,DWORD *addr_range,int &nconut); //读取要找的地址集合 bool TSGetDataValue(wchar_t* strs,DWORD *Data_range,int &nconut); //void FindDataThread(void *para); bool GetFindaddr(HANDLE hprocess,PVOID lpbegin,PVOID lpend,DWORD *ibegin,DWORD *ipend,int &ncount); DWORD GetCallstartData(DWORD Allocaddr,DWORD * startaddr,char *code=NULL);//获取CALL地址前的汇编指令 };