-
Notifications
You must be signed in to change notification settings - Fork 0
/
memory.cpp
137 lines (114 loc) · 5.13 KB
/
memory.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
// created by: https://github.com/faelcanalha
#include "./memory.h"
extern "C" NTSTATUS ZwReadVirtualMemory(HANDLE ProcessHandle, PVOID BaseAddress, PVOID Buffer, ULONG NumberOfBytesToRead, PULONG NumberOfBytesReaded);
extern "C" NTSTATUS ZwWriteVirtualMemory(HANDLE ProcessHandle, PVOID BaseAddress, LPCVOID Buffer, SIZE_T BufferSize, PSIZE_T NumberOfBytesWritten);
int get_pid(const char* processName) {
if (processName == NULL)
return 0;
DWORD pid = 0;
DWORD threadCount = 0;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PROCESSENTRY32 pe;
pe.dwSize = sizeof(PROCESSENTRY32);
Process32First(hSnap, &pe);
while (Process32Next(hSnap, &pe)) {
if (_tcsicmp(pe.szExeFile, processName) == 0) {
if ((int)pe.cntThreads > threadCount) {
threadCount = pe.cntThreads;
pid = pe.th32ProcessID;
}
}
}
return pid;
}
BOOL c_fn_memory::set_privilege(HANDLE processhandle, std::string perm)
{
const char* permchar = perm.c_str();
HANDLE tokenhandle;
LUID permissionidentifier;
TOKEN_PRIVILEGES tokenpriv;
if (OpenProcessToken(processhandle, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &tokenhandle))
{
if (LookupPrivilegeValue(NULL, permchar, &permissionidentifier))
{
tokenpriv.PrivilegeCount = 1;
tokenpriv.Privileges[0].Luid = permissionidentifier;
tokenpriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (AdjustTokenPrivileges(tokenhandle, false, &tokenpriv, sizeof(tokenpriv), NULL, NULL)) { return true; }
else { return false; }
}
else { return false; }
}
else { return false; }
CloseHandle(tokenhandle);
}
BOOL c_fn_memory::attack_process(const char* processName) {
DWORD process_id = get_pid(processName);
if (process_id == 0)
return false;
processId = process_id;
processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process_id);
return processHandle != nullptr;
}
std::vector<BYTE> c_fn_memory::hex_string_to_byte(const std::string& hex_string) {
std::vector<BYTE> byte_vector;
for (std::size_t i = 0; i < hex_string.size(); i += 3) {
std::string byte_string = hex_string.substr(i, 2);
BYTE byte = static_cast<BYTE>(std::strtol(byte_string.c_str(), nullptr, 16));
byte_vector.push_back(byte);
}
return byte_vector;
}
std::vector<LPVOID> c_fn_memory::find_byte(const std::string& hex_sequence) {
std::vector<BYTE> byte_sequence = hex_string_to_byte(hex_sequence);
return find_byte(byte_sequence);
}
std::vector<LPVOID> c_fn_memory::find_byte(const std::vector<BYTE>& findPattern) {
std::vector<LPVOID> addresses;
if (processId == 0 || processHandle == NULL) return addresses;
LPVOID baseAddress = nullptr;
while (true) {
MEMORY_BASIC_INFORMATION memoryInfo;
if (VirtualQueryEx(processHandle, baseAddress, &memoryInfo, sizeof(memoryInfo)) == 0) {
break;
}
if (memoryInfo.State == MEM_COMMIT &&
(memoryInfo.Protect & PAGE_READONLY ||
memoryInfo.Protect & PAGE_READWRITE ||
memoryInfo.Protect & PAGE_WRITECOPY ||
memoryInfo.Protect & PAGE_EXECUTE_READ ||
memoryInfo.Protect & PAGE_EXECUTE_READWRITE ||
memoryInfo.Protect & PAGE_EXECUTE_WRITECOPY)) {
const size_t bufferSize = memoryInfo.RegionSize;
std::vector<BYTE> buffer(bufferSize);
ULONG bytesRead;
if (ZwReadVirtualMemory(processHandle, memoryInfo.BaseAddress, &buffer[0], bufferSize, &bytesRead) == 0) {
auto foundIter = std::search(buffer.begin(), buffer.end(), findPattern.begin(), findPattern.end());
while (foundIter != buffer.end()) {
LPVOID byteAddress = reinterpret_cast<LPVOID>(reinterpret_cast<DWORD_PTR>(memoryInfo.BaseAddress) + std::distance(buffer.begin(), foundIter));
addresses.push_back(byteAddress);
foundIter = std::search(foundIter + 1, buffer.end(), findPattern.begin(), findPattern.end());
}
}
}
baseAddress = reinterpret_cast<LPVOID>(reinterpret_cast<DWORD_PTR>(baseAddress) + memoryInfo.RegionSize);
}
return addresses;
}
BOOL c_fn_memory::replace_byte(const std::string& findPattern, const std::string& replacePattern) {
std::vector<BYTE> byte_findPattern = hex_string_to_byte(findPattern);
std::vector<BYTE> byte_replacePattern = hex_string_to_byte(replacePattern);
return replace_byte(byte_findPattern, byte_replacePattern);
}
BOOL c_fn_memory::replace_byte(const std::vector<BYTE>& findPattern, const std::vector<BYTE>& replacePattern) {
size_t RepByteSize = replacePattern.size();
if (RepByteSize <= 0) return false;
std::vector<LPVOID> addresses = c_fn_memory::find_byte(findPattern);
if (addresses.empty()) return false;
for (const auto& address : addresses)
{
SIZE_T bytesWritten;
ZwWriteVirtualMemory(processHandle, address, replacePattern.data(), RepByteSize, &bytesWritten);
}
return true;
}