-
Notifications
You must be signed in to change notification settings - Fork 4
/
comm.cpp
129 lines (103 loc) · 3.41 KB
/
comm.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
#include "../Misc/stdafx.h"
#include <iostream>
PVOID(NTAPI* NtConvertBetweenAuxiliaryCounterAndPerformanceCounter)(PVOID, PVOID, PVOID, PVOID);
namespace Comm {
BOOL Setup() {
auto module = LoadLibrary(L"ntdll.dll");
if (!module) {
errorf("Failed to get a handle for NTDLL\n");
return FALSE;
}
*reinterpret_cast<PVOID*>(&NtConvertBetweenAuxiliaryCounterAndPerformanceCounter) = GetProcAddress(module, "NtConvertBetweenAuxiliaryCounterAndPerformanceCounter");
if (!NtConvertBetweenAuxiliaryCounterAndPerformanceCounter) {
errorf("Failed to find \"NtConvertBetweenAuxiliaryCounterAndPerformanceCounter\"\n");
return FALSE;
}
return TRUE;
}
NTSTATUS SendRequest(REQUEST_TYPE type, PVOID args, SIZE_T argsSize) {
REQUEST_DATA request = { 0 };
request.Unique = DATA_UNIQUE;
request.Type = type;
request.Arguments = args;
auto requestPtr = &request;
auto status = 0ULL;
NtConvertBetweenAuxiliaryCounterAndPerformanceCounter(0, &requestPtr, &status, 0);
return static_cast<NTSTATUS>(status);
}
Process::Process(LPCWSTR processName) {
auto snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (snapshot == INVALID_HANDLE_VALUE) {
return;
}
PROCESSENTRY32 entry = { 0 };
entry.dwSize = sizeof(entry);
if (Process32First(snapshot, &entry)) {
do {
if (_wcsicmp(entry.szExeFile, processName) == 0) {
this->ProcessId = entry.th32ProcessID;
break;
}
} while (Process32Next(snapshot, &entry));
}
CloseHandle(snapshot);
}
BOOLEAN Process::Valid() {
return this->ProcessId != 0;
}
NTSTATUS Process::Extend(LPCWSTR moduleName, DWORD size) {
REQUEST_EXTEND req = { 0 };
req.ProcessId = this->ProcessId;
req.Size = size;
wcscpy_s(req.Module, sizeof(req.Module) / sizeof(req.Module[0]), moduleName);
return SendRequest(REQUEST_TYPE::EXTEND, &req, sizeof(req));
}
NTSTATUS Process::Write(PVOID dest, PVOID src, DWORD size) {
REQUEST_WRITE req = { 0 };
req.ProcessId = this->ProcessId;
req.Dest = dest;
req.Src = src;
req.Size = size;
return SendRequest(REQUEST_TYPE::WRITE, &req, sizeof(req));
}
NTSTATUS Process::Read(PVOID dest, PVOID src, DWORD size) {
REQUEST_READ req = { 0 };
req.ProcessId = this->ProcessId;
req.Dest = dest;
req.Src = src;
req.Size = size;
return SendRequest(REQUEST_TYPE::READ, &req, sizeof(req));
}
NTSTATUS Process::Protect(PVOID address, DWORD size, PDWORD inOutProtect) {
REQUEST_PROTECT req = { 0 };
req.ProcessId = this->ProcessId;
req.Address = address;
req.Size = size;
req.InOutProtect = inOutProtect;
return SendRequest(REQUEST_TYPE::PROTECT, &req, sizeof(req));
}
PVOID Process::Alloc(DWORD size, DWORD protect) {
PVOID outAddress = NULL;
REQUEST_ALLOC req = { 0 };
req.ProcessId = this->ProcessId;
req.OutAddress = &outAddress;
req.Size = size;
req.Protect = protect;
SendRequest(REQUEST_TYPE::ALLOC, &req, sizeof(req));
return outAddress;
}
NTSTATUS Process::Free(PVOID address) {
REQUEST_FREE req = { 0 };
req.ProcessId = this->ProcessId;
req.Address = address;
return SendRequest(REQUEST_TYPE::FREE, &req, sizeof(req));
}
NTSTATUS Process::Module(LPCWSTR moduleName, PBYTE* base, PDWORD size) {
REQUEST_MODULE req = { 0 };
req.ProcessId = this->ProcessId;
req.OutAddress = base;
req.OutSize = size;
wcscpy_s(req.Module, sizeof(req.Module) / sizeof(req.Module[0]), moduleName);
return SendRequest(REQUEST_TYPE::MODULE, &req, sizeof(req));
}
}