mirror of
https://github.com/x64dbg/x64dbg.git
synced 2025-02-22 22:11:55 +00:00
- updated TitanEngine
- added DbgMemWrite bridge export - removed bpfixmemory (now uses MemoryReadSafe & MemoryWriteSafe)
This commit is contained in:
Mr. eXoDia
parent
193e6db55d
commit
e591ecc353
@ -12,6 +12,7 @@ GUISENDMESSAGE _gui_sendmessage;
|
||||
DBGDBGINIT _dbg_dbginit;
|
||||
DBGMEMFINDBASEADDR _dbg_memfindbaseaddr;
|
||||
DBGMEMREAD _dbg_memread;
|
||||
DBGMEMWRITE _dbg_memwrite;
|
||||
DBGDBGCMDEXEC _dbg_dbgcmdexec;
|
||||
DBGMEMMAP _dbg_memmap;
|
||||
DBGDBGEXITSIGNAL _dbg_dbgexitsignal;
|
||||
|
||||
@ -20,6 +20,7 @@ extern GUISENDMESSAGE _gui_sendmessage;
|
||||
typedef const char* (*DBGDBGINIT)();
|
||||
typedef duint (*DBGMEMFINDBASEADDR)(duint addr, duint* size);
|
||||
typedef bool (*DBGMEMREAD)(duint addr, unsigned char* dest, duint size, duint* read);
|
||||
typedef bool (*DBGMEMWRITE)(duint addr, const unsigned char* src, duint size, duint* written);
|
||||
typedef bool (*DBGDBGCMDEXEC)(const char* cmd);
|
||||
typedef bool (*DBGMEMMAP)(MEMMAP* memmap);
|
||||
typedef void (*DBGDBGEXITSIGNAL)();
|
||||
@ -42,6 +43,7 @@ typedef duint (*DBGSENDMESSAGE)(DBGMSG type, void* param1, void* param2);
|
||||
extern DBGDBGINIT _dbg_dbginit;
|
||||
extern DBGMEMFINDBASEADDR _dbg_memfindbaseaddr;
|
||||
extern DBGMEMREAD _dbg_memread;
|
||||
extern DBGMEMWRITE _dbg_memwrite;
|
||||
extern DBGDBGCMDEXEC _dbg_dbgcmdexec;
|
||||
extern DBGMEMMAP _dbg_memmap;
|
||||
extern DBGDBGEXITSIGNAL _dbg_dbgexitsignal;
|
||||
|
||||
@ -52,10 +52,14 @@ BRIDGE_IMPEXP const char* BridgeInit()
|
||||
_dbg_memfindbaseaddr=(DBGMEMFINDBASEADDR)GetProcAddress(hInstDbg, "_dbg_memfindbaseaddr");
|
||||
if(!_dbg_memfindbaseaddr)
|
||||
return "Export \"_dbg_memfindbaseaddr\" could not be found!";
|
||||
//_dbg_memfindbaseaddr
|
||||
//_dbg_memread
|
||||
_dbg_memread=(DBGMEMREAD)GetProcAddress(hInstDbg, "_dbg_memread");
|
||||
if(!_dbg_memread)
|
||||
return "Export \"_dbg_memread\" could not be found!";
|
||||
//_dbg_memwrite
|
||||
_dbg_memwrite=(DBGMEMWRITE)GetProcAddress(hInstDbg, "_dbg_memwrite");
|
||||
if(!_dbg_memwrite)
|
||||
return "Export \"_dbg_memwrite\" could not be found!";
|
||||
//_dbg_dbgcmdexec
|
||||
_dbg_dbgcmdexec=(DBGDBGCMDEXEC)GetProcAddress(hInstDbg, "_dbg_dbgcmdexec");
|
||||
if(!_dbg_dbgcmdexec)
|
||||
@ -204,10 +208,17 @@ BRIDGE_IMPEXP bool BridgeSettingSetUint(const char* section, const char* key, du
|
||||
}
|
||||
|
||||
//Debugger
|
||||
BRIDGE_IMPEXP void DbgMemRead(duint va, unsigned char* dest, duint size)
|
||||
BRIDGE_IMPEXP bool DbgMemRead(duint va, unsigned char* dest, duint size)
|
||||
{
|
||||
if(!_dbg_memread(va, dest, size, 0))
|
||||
bool ret=_dbg_memread(va, dest, size, 0);
|
||||
if(!ret)
|
||||
memset(dest, 0x90, size);
|
||||
return ret;
|
||||
}
|
||||
|
||||
BRIDGE_IMPEXP bool DbgMemWrite(duint va, const unsigned char* src, duint size)
|
||||
{
|
||||
return _dbg_memwrite(va, src, size, 0);
|
||||
}
|
||||
|
||||
BRIDGE_IMPEXP duint DbgMemGetPageSize(duint base)
|
||||
|
||||
@ -297,7 +297,8 @@ struct STACK_COMMENT
|
||||
|
||||
//Debugger functions
|
||||
BRIDGE_IMPEXP const char* DbgInit();
|
||||
BRIDGE_IMPEXP void DbgMemRead(duint va, unsigned char* dest, duint size);
|
||||
BRIDGE_IMPEXP bool DbgMemRead(duint va, unsigned char* dest, duint size);
|
||||
BRIDGE_IMPEXP bool DbgMemWrite(duint va, const unsigned char* src, duint size);
|
||||
BRIDGE_IMPEXP duint DbgMemGetPageSize(duint base);
|
||||
BRIDGE_IMPEXP duint DbgMemFindBaseAddr(duint addr, duint* size);
|
||||
BRIDGE_IMPEXP bool DbgCmdExec(const char* cmd);
|
||||
|
||||
@ -13,6 +13,20 @@
|
||||
|
||||
// Global.Constant.Structure.Declaration:
|
||||
// Engine.External:
|
||||
#define UE_STRUCT_PE32STRUCT 1
|
||||
#define UE_STRUCT_PE64STRUCT 2
|
||||
#define UE_STRUCT_PESTRUCT 3
|
||||
#define UE_STRUCT_IMPORTENUMDATA 4
|
||||
#define UE_STRUCT_THREAD_ITEM_DATA 5
|
||||
#define UE_STRUCT_LIBRARY_ITEM_DATA 6
|
||||
#define UE_STRUCT_LIBRARY_ITEM_DATAW 7
|
||||
#define UE_STRUCT_PROCESS_ITEM_DATA 8
|
||||
#define UE_STRUCT_HANDLERARRAY 9
|
||||
#define UE_STRUCT_PLUGININFORMATION 10
|
||||
#define UE_STRUCT_HOOK_ENTRY 11
|
||||
#define UE_STRUCT_FILE_STATUS_INFO 12
|
||||
#define UE_STRUCT_FILE_FIX_INFO 13
|
||||
|
||||
#define UE_ACCESS_READ 0
|
||||
#define UE_ACCESS_WRITE 1
|
||||
#define UE_ACCESS_ALL 2
|
||||
@ -23,6 +37,7 @@
|
||||
#define UE_PLUGIN_CALL_REASON_PREDEBUG 1
|
||||
#define UE_PLUGIN_CALL_REASON_EXCEPTION 2
|
||||
#define UE_PLUGIN_CALL_REASON_POSTDEBUG 3
|
||||
#define UE_PLUGIN_CALL_REASON_UNHANDLEDEXCEPTION 4
|
||||
|
||||
#define TEE_HOOK_NRM_JUMP 1
|
||||
#define TEE_HOOK_NRM_CALL 3
|
||||
@ -189,21 +204,6 @@
|
||||
#define UE_PARAMETER_STRING 8
|
||||
#define UE_PARAMETER_UNICODE 9
|
||||
|
||||
#define UE_CMP_NOCONDITION 0
|
||||
#define UE_CMP_EQUAL 1
|
||||
#define UE_CMP_NOTEQUAL 2
|
||||
#define UE_CMP_GREATER 3
|
||||
#define UE_CMP_GREATEROREQUAL 4
|
||||
#define UE_CMP_LOWER 5
|
||||
#define UE_CMP_LOWEROREQUAL 6
|
||||
#define UE_CMP_REG_EQUAL 7
|
||||
#define UE_CMP_REG_NOTEQUAL 8
|
||||
#define UE_CMP_REG_GREATER 9
|
||||
#define UE_CMP_REG_GREATEROREQUAL 10
|
||||
#define UE_CMP_REG_LOWER 11
|
||||
#define UE_CMP_REG_LOWEROREQUAL 12
|
||||
#define UE_CMP_ALWAYSFALSE 13
|
||||
|
||||
#define UE_EAX 1
|
||||
#define UE_EBX 2
|
||||
#define UE_ECX 3
|
||||
@ -582,6 +582,8 @@ __declspec(dllexport) long long TITCALL ConvertVAtoFileOffset(ULONG_PTR FileMapV
|
||||
__declspec(dllexport) long long TITCALL ConvertVAtoFileOffsetEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool AddressIsRVA, bool ReturnType);
|
||||
__declspec(dllexport) long long TITCALL ConvertFileOffsetToVA(ULONG_PTR FileMapVA, ULONG_PTR AddressToConvert, bool ReturnType);
|
||||
__declspec(dllexport) long long TITCALL ConvertFileOffsetToVAEx(ULONG_PTR FileMapVA, DWORD FileSize, ULONG_PTR ImageBase, ULONG_PTR AddressToConvert, bool ReturnType);
|
||||
__declspec(dllexport) bool TITCALL MemoryReadSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesRead);
|
||||
__declspec(dllexport) bool TITCALL MemoryWriteSafe(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T * lpNumberOfBytesWritten);
|
||||
// TitanEngine.Realigner.functions:
|
||||
__declspec(dllexport) bool TITCALL FixHeaderCheckSum(char* szFileName);
|
||||
__declspec(dllexport) bool TITCALL FixHeaderCheckSumW(wchar_t* szFileName);
|
||||
@ -598,6 +600,9 @@ __declspec(dllexport) bool TITCALL IsFileDLL(char* szFileName, ULONG_PTR FileMap
|
||||
__declspec(dllexport) bool TITCALL IsFileDLLW(wchar_t* szFileName, ULONG_PTR FileMapVA);
|
||||
// TitanEngine.Hider.functions:
|
||||
__declspec(dllexport) void* TITCALL GetPEBLocation(HANDLE hProcess);
|
||||
__declspec(dllexport) void* TITCALL GetPEBLocation64(HANDLE hProcess);
|
||||
__declspec(dllexport) void* TITCALL GetTEBLocation(HANDLE hThread);
|
||||
__declspec(dllexport) void* TITCALL GetTEBLocation64(HANDLE hThread);
|
||||
__declspec(dllexport) bool TITCALL HideDebugger(HANDLE hProcess, DWORD PatchAPILevel);
|
||||
__declspec(dllexport) bool TITCALL UnHideDebugger(HANDLE hProcess, DWORD PatchAPILevel);
|
||||
// TitanEngine.Relocater.functions:
|
||||
@ -653,7 +658,6 @@ __declspec(dllexport) bool TITCALL ThreaderIsThreadActive(HANDLE hThread);
|
||||
__declspec(dllexport) bool TITCALL ThreaderIsAnyThreadActive();
|
||||
__declspec(dllexport) bool TITCALL ThreaderExecuteOnlyInjectedThreads();
|
||||
__declspec(dllexport) long long TITCALL ThreaderGetOpenHandleForThread(DWORD ThreadId);
|
||||
__declspec(dllexport) void* TITCALL ThreaderGetThreadData();
|
||||
__declspec(dllexport) bool TITCALL ThreaderIsExceptionInMainThread();
|
||||
// TitanEngine.Debugger.functions:
|
||||
__declspec(dllexport) void* TITCALL StaticDisassembleEx(ULONG_PTR DisassmStart, LPVOID DisassmAddress);
|
||||
@ -675,12 +679,11 @@ __declspec(dllexport) bool TITCALL IsBPXEnabled(ULONG_PTR bpxAddress);
|
||||
__declspec(dllexport) bool TITCALL EnableBPX(ULONG_PTR bpxAddress);
|
||||
__declspec(dllexport) bool TITCALL DisableBPX(ULONG_PTR bpxAddress);
|
||||
__declspec(dllexport) bool TITCALL SetBPX(ULONG_PTR bpxAddress, DWORD bpxType, LPVOID bpxCallBack);
|
||||
__declspec(dllexport) bool TITCALL SetBPXEx(ULONG_PTR bpxAddress, DWORD bpxType, DWORD NumberOfExecution, DWORD CmpRegister, DWORD CmpCondition, ULONG_PTR CmpValue, LPVOID bpxCallBack, LPVOID bpxCompareCallBack, LPVOID bpxRemoveCallBack);
|
||||
__declspec(dllexport) bool TITCALL DeleteBPX(ULONG_PTR bpxAddress);
|
||||
__declspec(dllexport) bool TITCALL SafeDeleteBPX(ULONG_PTR bpxAddress);
|
||||
__declspec(dllexport) bool TITCALL SetAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxType, DWORD bpxPlace, LPVOID bpxCallBack);
|
||||
__declspec(dllexport) bool TITCALL DeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace);
|
||||
__declspec(dllexport) bool TITCALL SafeDeleteAPIBreakPoint(char* szDLLName, char* szAPIName, DWORD bpxPlace);
|
||||
__declspec(dllexport) bool TITCALL SetAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxType, DWORD bpxPlace, LPVOID bpxCallBack);
|
||||
__declspec(dllexport) bool TITCALL DeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxPlace);
|
||||
__declspec(dllexport) bool TITCALL SafeDeleteAPIBreakPoint(const char* szDLLName, const char* szAPIName, DWORD bpxPlace);
|
||||
__declspec(dllexport) bool TITCALL SetMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, LPVOID bpxCallBack);
|
||||
__declspec(dllexport) bool TITCALL SetMemoryBPXEx(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory, DWORD BreakPointType, bool RestoreOnHit, LPVOID bpxCallBack);
|
||||
__declspec(dllexport) bool TITCALL RemoveMemoryBPX(ULONG_PTR MemoryStart, SIZE_T SizeOfMemory);
|
||||
@ -717,6 +720,7 @@ __declspec(dllexport) void TITCALL SetCustomHandler(DWORD ExceptionId, LPVOID Ca
|
||||
__declspec(dllexport) void TITCALL ForceClose();
|
||||
__declspec(dllexport) void TITCALL StepInto(LPVOID traceCallBack);
|
||||
__declspec(dllexport) void TITCALL StepOver(LPVOID traceCallBack);
|
||||
__declspec(dllexport) void TITCALL StepOut(LPVOID StepOut, bool StepFinal);
|
||||
__declspec(dllexport) void TITCALL SingleStep(DWORD StepCount, LPVOID StepCallBack);
|
||||
__declspec(dllexport) bool TITCALL GetUnusedHardwareBreakPointRegister(LPDWORD RegisterIndex);
|
||||
__declspec(dllexport) bool TITCALL SetHardwareBreakPointEx(HANDLE hActiveThread, ULONG_PTR bpxAddress, DWORD IndexOfRegister, DWORD bpxType, DWORD bpxSize, LPVOID bpxCallBack, LPDWORD IndexOfSelectedRegister);
|
||||
@ -755,6 +759,7 @@ __declspec(dllexport) long long TITCALL ImporterFindOrdinalAPIWriteLocation(ULON
|
||||
__declspec(dllexport) long long TITCALL ImporterFindAPIByWriteLocation(ULONG_PTR APIWriteLocation);
|
||||
__declspec(dllexport) long long TITCALL ImporterFindDLLByWriteLocation(ULONG_PTR APIWriteLocation);
|
||||
__declspec(dllexport) void* TITCALL ImporterGetDLLName(ULONG_PTR APIAddress);
|
||||
__declspec(dllexport) void* TITCALL ImporterGetDLLNameW(ULONG_PTR APIAddress);
|
||||
__declspec(dllexport) void* TITCALL ImporterGetAPIName(ULONG_PTR APIAddress);
|
||||
__declspec(dllexport) long long TITCALL ImporterGetAPIOrdinalNumber(ULONG_PTR APIAddress);
|
||||
__declspec(dllexport) void* TITCALL ImporterGetAPINameEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
|
||||
@ -762,12 +767,14 @@ __declspec(dllexport) long long TITCALL ImporterGetRemoteAPIAddress(HANDLE hProc
|
||||
__declspec(dllexport) long long TITCALL ImporterGetRemoteAPIAddressEx(char* szDLLName, char* szAPIName);
|
||||
__declspec(dllexport) long long TITCALL ImporterGetLocalAPIAddress(HANDLE hProcess, ULONG_PTR APIAddress);
|
||||
__declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress);
|
||||
__declspec(dllexport) void* TITCALL ImporterGetDLLNameFromDebugeeW(HANDLE hProcess, ULONG_PTR APIAddress);
|
||||
__declspec(dllexport) void* TITCALL ImporterGetAPINameFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress);
|
||||
__declspec(dllexport) long long TITCALL ImporterGetAPIOrdinalNumberFromDebugee(HANDLE hProcess, ULONG_PTR APIAddress);
|
||||
__declspec(dllexport) long TITCALL ImporterGetDLLIndexEx(ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
|
||||
__declspec(dllexport) long TITCALL ImporterGetDLLIndex(HANDLE hProcess, ULONG_PTR APIAddress, ULONG_PTR DLLBasesList);
|
||||
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBase(HANDLE hProcess, HMODULE LocalModuleBase);
|
||||
__declspec(dllexport) long long TITCALL ImporterGetRemoteDLLBaseEx(HANDLE hProcess, char* szModuleName);
|
||||
__declspec(dllexport) void* TITCALL ImporterGetRemoteDLLBaseExW(HANDLE hProcess, wchar_t* szModuleName);
|
||||
__declspec(dllexport) bool TITCALL ImporterIsForwardedAPI(HANDLE hProcess, ULONG_PTR APIAddress);
|
||||
__declspec(dllexport) void* TITCALL ImporterGetForwardedAPIName(HANDLE hProcess, ULONG_PTR APIAddress);
|
||||
__declspec(dllexport) void* TITCALL ImporterGetForwardedDLLName(HANDLE hProcess, ULONG_PTR APIAddress);
|
||||
@ -927,6 +934,7 @@ __declspec(dllexport) bool TITCALL EngineFakeMissingDependencies(HANDLE hProcess
|
||||
__declspec(dllexport) bool TITCALL EngineDeleteCreatedDependencies();
|
||||
__declspec(dllexport) bool TITCALL EngineCreateUnpackerWindow(char* WindowUnpackerTitle, char* WindowUnpackerLongTitle, char* WindowUnpackerName, char* WindowUnpackerAuthor, void* StartUnpackingCallBack);
|
||||
__declspec(dllexport) void TITCALL EngineAddUnpackerWindowLogMessage(char* szLogMessage);
|
||||
__declspec(dllexport) bool TITCALL EngineCheckStructAlignment(DWORD StructureType, ULONG_PTR StructureSize);
|
||||
// Global.Engine.Extension.Functions:
|
||||
__declspec(dllexport) bool TITCALL ExtensionManagerIsPluginLoaded(char* szPluginName);
|
||||
__declspec(dllexport) bool TITCALL ExtensionManagerIsPluginEnabled(char* szPluginName);
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -19,11 +19,12 @@ extern "C" DLL_EXPORT duint _dbg_memfindbaseaddr(duint addr, duint* size)
|
||||
|
||||
extern "C" DLL_EXPORT bool _dbg_memread(duint addr, unsigned char* dest, duint size, duint* read)
|
||||
{
|
||||
bool ret=memread(fdProcessInfo->hProcess, (void*)addr, dest, size, read);
|
||||
if(!ret)
|
||||
return false;
|
||||
bpfixmemory(addr, dest, size);
|
||||
return true;
|
||||
return memread(fdProcessInfo->hProcess, (void*)addr, dest, size, read);
|
||||
}
|
||||
|
||||
extern "C" DLL_EXPORT bool _dbg_memwrite(duint addr, const unsigned char* src, duint size, duint* written)
|
||||
{
|
||||
return memwrite(fdProcessInfo->hProcess, (void*)addr, src, size, written);
|
||||
}
|
||||
|
||||
extern "C" DLL_EXPORT bool _dbg_memmap(MEMMAP* memmap)
|
||||
|
||||
@ -10,6 +10,7 @@ extern "C"
|
||||
|
||||
DLL_EXPORT duint _dbg_memfindbaseaddr(duint addr, duint* size);
|
||||
DLL_EXPORT bool _dbg_memread(duint addr, unsigned char* dest, duint size, duint* read);
|
||||
DLL_EXPORT bool _dbg_memwrite(duint addr, const unsigned char* src, duint size, duint* written);
|
||||
DLL_EXPORT bool _dbg_memmap(MEMMAP* memmap);
|
||||
DLL_EXPORT bool _dbg_memisvalidreadptr(duint addr);
|
||||
DLL_EXPORT bool _dbg_valfromstring(const char* string, duint* value);
|
||||
|
||||
@ -295,27 +295,6 @@ int bpgetcount(BP_TYPE type)
|
||||
return sqlrowcount(userdb, sql);
|
||||
}
|
||||
|
||||
void bpfixmemory(uint addr, unsigned char* dest, uint size)
|
||||
{
|
||||
uint start=addr;
|
||||
uint end=addr+size;
|
||||
unsigned char oldbytes[2];
|
||||
for(int i=0; i<bpcount; i++)
|
||||
{
|
||||
if(!bpall[i].enabled or bpall[i].type!=BPNORMAL)
|
||||
continue;
|
||||
uint cur_addr=bpall[i].addr;
|
||||
if(cur_addr>=start and cur_addr<end) //breakpoint is in range of current memory
|
||||
{
|
||||
memcpy(oldbytes, &bpall[i].oldbytes, sizeof(short));
|
||||
uint index=cur_addr-start;
|
||||
dest[index]=oldbytes[0];
|
||||
if(size>1 and index!=(size-1)) //restore second byte
|
||||
dest[index+1]=oldbytes[1];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void bptobridge(const BREAKPOINT* bp, BRIDGEBP* bridge)
|
||||
{
|
||||
if(!bp or !bridge)
|
||||
|
||||
@ -39,7 +39,6 @@ bool bpsetname(uint addr, BP_TYPE type, const char* name);
|
||||
bool bpenumall(BPENUMCALLBACK cbEnum);
|
||||
bool bpenumall(BPENUMCALLBACK cbEnum, const char* module);
|
||||
int bpgetcount(BP_TYPE type);
|
||||
void bpfixmemory(uint addr, unsigned char* dest, uint size);
|
||||
void bptobridge(const BREAKPOINT* bp, BRIDGEBP* bridge);
|
||||
|
||||
#endif // _BREAKPOINT_H
|
||||
|
||||
@ -423,7 +423,6 @@ static unsigned char getCIPch()
|
||||
unsigned char ch=0x90;
|
||||
uint cip=GetContextData(UE_CIP);
|
||||
memread(fdProcessInfo->hProcess, (void*)cip, &ch, 1, 0);
|
||||
bpfixmemory(cip, &ch, 1);
|
||||
return ch;
|
||||
}
|
||||
|
||||
|
||||
@ -1,4 +1,5 @@
|
||||
#include "memory.h"
|
||||
#include "debugger.h"
|
||||
|
||||
uint memfindbaseaddr(HANDLE hProcess, uint addr, uint* size)
|
||||
{
|
||||
@ -30,13 +31,7 @@ bool memread(HANDLE hProcess, const void* lpBaseAddress, void* lpBuffer, SIZE_T
|
||||
return false;
|
||||
SIZE_T read=0;
|
||||
DWORD oldprotect=0;
|
||||
bool ret=ReadProcessMemory(hProcess, (void*)lpBaseAddress, lpBuffer, nSize, &read); //try 'normal' RPM
|
||||
if(!ret or read!=nSize) //failed
|
||||
{
|
||||
VirtualProtectEx(hProcess, (void*)lpBaseAddress, nSize, PAGE_EXECUTE_READWRITE, &oldprotect); //change page protection
|
||||
ret=ReadProcessMemory(hProcess, (void*)lpBaseAddress, lpBuffer, nSize, &read); //try 'normal' RPM again
|
||||
VirtualProtectEx(hProcess, (void*)lpBaseAddress, nSize, oldprotect, &oldprotect); //restore page protection
|
||||
}
|
||||
bool ret=MemoryReadSafe(hProcess, (void*)lpBaseAddress, lpBuffer, nSize, &read); //try 'normal' RPM
|
||||
if(ret and read==nSize) //'normal' RPM worked!
|
||||
{
|
||||
if(lpNumberOfBytesRead)
|
||||
@ -47,14 +42,13 @@ bool memread(HANDLE hProcess, const void* lpBaseAddress, void* lpBuffer, SIZE_T
|
||||
{
|
||||
unsigned char* curaddr=(unsigned char*)lpBaseAddress+i;
|
||||
unsigned char* curbuf=(unsigned char*)lpBuffer+i;
|
||||
ret=ReadProcessMemory(hProcess, curaddr, curbuf, 1, 0); //try 'normal' RPM
|
||||
ret=MemoryReadSafe(hProcess, curaddr, curbuf, 1, 0); //try 'normal' RPM
|
||||
if(!ret) //we failed
|
||||
{
|
||||
VirtualProtectEx(hProcess, curaddr, 1, PAGE_EXECUTE_READWRITE, &oldprotect); //change page protection
|
||||
ret=ReadProcessMemory(hProcess, curaddr, curbuf, PAGE_SIZE, 0); //try 'normal' RPM again
|
||||
VirtualProtectEx(hProcess, curaddr, 1, oldprotect, &oldprotect); //restore page protection
|
||||
if(!ret) //complete failure
|
||||
return false;
|
||||
if(lpNumberOfBytesRead)
|
||||
*lpNumberOfBytesRead=i;
|
||||
SetLastError(ERROR_PARTIAL_COPY);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
@ -66,31 +60,24 @@ bool memwrite(HANDLE hProcess, void* lpBaseAddress, const void* lpBuffer, SIZE_T
|
||||
return false;
|
||||
SIZE_T written=0;
|
||||
DWORD oldprotect=0;
|
||||
bool ret=WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, &written);
|
||||
if(!ret or written!=nSize) //failed
|
||||
{
|
||||
VirtualProtectEx(hProcess, (void*)lpBaseAddress, nSize, PAGE_EXECUTE_READWRITE, &oldprotect); //change page protection
|
||||
ret=WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, &written); //try 'normal' WPM again
|
||||
VirtualProtectEx(hProcess, (void*)lpBaseAddress, nSize, oldprotect, &oldprotect); //restore page protection
|
||||
}
|
||||
bool ret=MemoryWriteSafe(hProcess, lpBaseAddress, lpBuffer, nSize, &written);
|
||||
if(ret and written==nSize) //'normal' WPM worked!
|
||||
{
|
||||
if(lpNumberOfBytesWritten)
|
||||
*lpNumberOfBytesWritten=written;
|
||||
return true;
|
||||
}
|
||||
for(uint i=0; i<nSize; i++) //read byte-per-byte
|
||||
for(uint i=0; i<nSize; i++) //write byte-per-byte
|
||||
{
|
||||
unsigned char* curaddr=(unsigned char*)lpBaseAddress+i;
|
||||
unsigned char* curbuf=(unsigned char*)lpBuffer+i;
|
||||
ret=WriteProcessMemory(hProcess, curaddr, curbuf, 1, 0); //try 'normal' WPM
|
||||
ret=MemoryWriteSafe(hProcess, curaddr, curbuf, 1, 0); //try 'normal' WPM
|
||||
if(!ret) //we failed
|
||||
{
|
||||
VirtualProtectEx(hProcess, curaddr, 1, PAGE_EXECUTE_READWRITE, &oldprotect); //change page protection
|
||||
ret=WriteProcessMemory(hProcess, curaddr, curbuf, PAGE_SIZE, 0); //try 'normal' WPM again
|
||||
VirtualProtectEx(hProcess, curaddr, 1, oldprotect, &oldprotect); //restore page protection
|
||||
if(!ret) //complete failure
|
||||
return false;
|
||||
if(lpNumberOfBytesWritten)
|
||||
*lpNumberOfBytesWritten=i;
|
||||
SetLastError(ERROR_PARTIAL_COPY);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
@ -106,3 +93,8 @@ void* memalloc(HANDLE hProcess, uint addr, DWORD size, DWORD fdProtect)
|
||||
{
|
||||
return VirtualAllocEx(hProcess, (void*)addr, size, MEM_RESERVE|MEM_COMMIT, fdProtect);
|
||||
}
|
||||
|
||||
void memfree(HANDLE hProcess, uint addr)
|
||||
{
|
||||
VirtualFreeEx(hProcess, (void*)addr, 0, MEM_RELEASE);
|
||||
}
|
||||
|
||||
@ -10,5 +10,6 @@ bool memread(HANDLE hProcess, const void* lpBaseAddress, void* lpBuffer, SIZE_T
|
||||
bool memwrite(HANDLE hProcess, void* lpBaseAddress, const void* lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten);
|
||||
bool memisvalidreadptr(HANDLE hProcess, uint addr);
|
||||
void* memalloc(HANDLE hProcess, uint addr, DWORD size, DWORD fdProtect);
|
||||
void memfree(HANDLE hProcess, uint addr);
|
||||
|
||||
#endif // _MEMORY_H
|
||||
|
||||
@ -1261,7 +1261,6 @@ bool valfromstring(const char* string, uint* value, bool silent, bool baseonly,
|
||||
dputs("failed to read memory");
|
||||
return false;
|
||||
}
|
||||
bpfixmemory(addr, (unsigned char*)value, read_size);
|
||||
if(value_size)
|
||||
*value_size=read_size;
|
||||
if(isvar)
|
||||
@ -1417,9 +1416,7 @@ bool valtostring(const char* string, uint* value, bool silent)
|
||||
return false;
|
||||
}
|
||||
efree(newstring, "valfromstring::newstring");
|
||||
bool wpm=WriteProcessMemory(fdProcessInfo->hProcess, (void*)temp, value, read_size, 0);
|
||||
bpfixmemory(temp, (unsigned char*)value, read_size);
|
||||
if(!wpm)
|
||||
if(!memwrite(fdProcessInfo->hProcess, (void*)temp, value, read_size, 0))
|
||||
{
|
||||
if(!silent)
|
||||
dputs("failed to write memory");
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user