Shynd

1. #include-once
2.  
3. #Region CONSTANTS
4. Const $PROCESS_ALL_ACCESS = 0x1F0FFF
5. Const $PROCESS_SUSPEND_RESUME = 0x0800
6. Const $PROCESS_TERMINATE = 0x0001
7. Const $PROCESS_VM_OPERATION = 0x0008
8. Const $PROCESS_VM_READ = 0x0010
9. Const $PROCESS_VM_WRITE = 0x0020
10. Const $SYNCHRONIZE = 0x00100000
11. #EndRegion
12.  
13. Global $m_Kernel32, $m_User32
14. Global $m_IsInitialized = False
15.  
16. ;-------------------------------------------------
17. ; _BMInitialize()
18. ;-------------------------------------------------
19. ; Desc: This function needs to be called before
20. ;       using any other functions contained in
21. ;       this UDF.
22. ;-------------------------------------------------
23. Func _BMInitialize()
24.     $m_Kernel32 = DllOpen("kernel32.dll")
25.     If $m_Kernel32 = -1 Then
26.         MsgBox(0x10, "Error Opening Kernel32.dll", "Could not open Kernel32.dll")
27.         Return
28.     EndIf
29.    
30.     $m_User32 = DllOpen("user32.dll")
31.     If $m_User32 = -1 Then
32.         MsgBox(0x10, "Error Opening User32.dll", "Could not open User32.dll")
33.         Return
34.     EndIf
35.    
36.     __SetPrivilege("SeDebugPrivilege", 1)
37.    
38.     $m_IsInitialized = True
39. EndFunc ;End _BMInitialize
40.  
41. ;-------------------------------------------------
42. ; _BMDispose()
43. ;-------------------------------------------------
44. ; Desc: This function should be called after the
45. ;       user is done with the functions in this
46. ;       UDF.
47. ;-------------------------------------------------
48. Func _BMDispose()
49.     If $m_Kernel32 <> -1 Then DllClose($m_Kernel32)
50.     If $m_User32 <> -1 Then DllClose($m_User32)
51.     $m_IsInitialized = False
52. EndFunc ;End _BMDispose
53.  
54. ;-------------------------------------------------
55. ; _BMOpenProcess()
56. ;-------------------------------------------------
57. ; Desc: This should be called before manipulating
58. ;       the process' memory.
59. ;-------------------------------------------------
60. Func _BMOpenProcess($PID, $UsePID = True, $AccessRights = $PROCESS_ALL_ACCESS)
61.     If Not $m_IsInitialized Then
62.         SetError(1)
63.         Return 0
64.     EndIf
65.    
66.     Local $l_ret
67.    
68.    
69.     If Not $UsePID Then
70.         Local $l_hWnd = $PID
71.         $l_ret = DllCall($m_User32, "dword", "GetWindowThreadProcessId", "hwnd", $l_hWnd, "dword*", 0)
72.         If Not @error Then
73.             $PID = $l_ret[2]
74.             If $PID = 0 Then
75.                 MsgBox(0x10, "Null ProcessId", "ID of process is null.")
76.                 Return 0
77.             EndIf
78.         Else
79.             MsgBox(0x10, "Error Getting ProcessId", "Could not obtain the ID of the process in question.")
80.             Return 0
81.         EndIf
82.     EndIf
83.    
84.    
85.     Local $l_hProcess
86.    
87.     $l_ret = DllCall($m_Kernel32, "ptr", "OpenProcess", "dword", $AccessRights, "int", 0, "dword", $PID)
88.     If Not @error Then
89.         $l_hProcess = $l_ret[0]
90.         If $l_hProcess = 0 Then
91.             MsgBox(0x10, "Null Process Handle", "The process handle obtained is null.")
92.             Return 0
93.         EndIf
94.     Else
95.         MsgBox(0x10, "Error Getting Process Handle", "Could not obtain a handle to the process in question.")
96.         Return 0
97.     EndIf
98.    
99.     Return $l_hProcess
100. EndFunc
101.  
102. ;-------------------------------------------------
103. ; _BMCloseHandle()
104. ;-------------------------------------------------
105. ; Desc: This should be called on the handle that
106. ;       is returned by _BMOpenProcess().
107. ;-------------------------------------------------
108. Func _BMCloseHandle($Handle)
109.     If $m_IsInitialized Then
110.         DllCall($m_Kernel32, "dword", "CloseHandle", "ptr", $Handle)
111.     EndIf
112. EndFunc
113.  
114. #Region Read Memory
115. Func _BMReadRawMemory($Handle, $Address, ByRef $Struct)
116.     If Not $m_IsInitialized Then
117.         SetError(1)
118.         Return 0
119.     EndIf
120.    
121.     If DllStructGetPtr($Struct) = 0 Or DllStructGetSize($Struct) = 0 Then
122.         SetError(2)
123.         Return 0
124.     EndIf
125.    
126.     Local $l_ret
127.    
128.     $l_ret = DllCall($m_Kernel32, "int", "ReadProcessMemory", _
129.                         "ptr", $Handle, _
130.                         "dword", $Address, _
131.                         "ptr", DllStructGetPtr($Struct), _
132.                         "dword", DllStructGetSize($Struct), _
133.                         "dword*", 0)
134.    
135.     If @error Then
136.         $l_Buffer = 0
137.         MsgBox(0x10, "ReadProcessMemory Error", "Could not read process' memory.")
138.         SetError(3)
139.         Return 0
140.     EndIf
141.    
142.     Return 1
143. EndFunc
144.  
145. Func _BMReadMemory($Handle, $Address, $Type)
146.     If Not $m_IsInitialized Then
147.         SetError(1)
148.         Return 0
149.     EndIf
150.    
151.     Local $l_Buffer = DllStructCreate($Type)
152.    
153.     _BMReadRawMemory($Handle, $Address, $l_Buffer)
154.     If @error Then
155.         $l_Buffer = 0
156.         SetError(2 + BitShift(@error, -16))
157.         Return 0
158.     EndIf
159.    
160.     Local $l_Ret = DllStructGetData($l_Buffer, 1)
161.     $l_Buffer = 0
162.     Return $l_Ret
163. EndFunc
164.  
165. Func _BMReadBytes($Handle, $Address, $Length)
166.     If Not $m_IsInitialized Then
167.         SetError(1)
168.         Return 0
169.     EndIf
170.    
171.     Local $l_Buffer = DllStructCreate("ubyte[" & $Length & "]")
172.    
173.     _BMReadRawMemory($Handle, $Address, $l_Buffer)
174.     If @error Then
175.         $l_Buffer = 0
176.         SetError(2 + BitShift(@error, -16))
177.         Return 0
178.     EndIf
179.    
180.     Dim $l_ret[$Length]
181.    
182.     For $i = 1 To UBound($l_ret)
183.         $l_ret[$i - 1] = DllStructGetData($l_Buffer, 1, $i)
184.     Next
185.    
186.     $l_Buffer = 0
187.     Return $l_ret
188. EndFunc
189.  
190. Func _BMReadASCIIString($Handle, $Address, $Length)
191.     Local $l_Ret = _BMReadMemory($Handle, $Address, "char[" & $Length & "]")
192.     Return $l_Ret ;Maybe check for occurrence of \0 and autotrim?
193. EndFunc
194.  
195. Func _BMReadUnicodeString($Handle, $Address, $Length)
196.     Return _BMReadMemory($Handle, $Address, "wchar[" & $Length & "]")
197. EndFunc
198.  
199. Func _BMReadDouble($Handle, $Address)
200.     Return _BMReadMemory($Handle, $Address, "double")
201. EndFunc
202.  
203. Func _BMReadFloat($Handle, $Address)
204.     Return _BMReadMemory($Handle, $Address, "float")
205. EndFunc
206.  
207. Func _BMReadUInt($Handle, $Address)
208.     Return _BMReadMemory($Handle, $Address, "uint")
209. EndFunc
210.  
211. Func _BMReadInt($Handle, $Address)
212.     Return _BMReadMemory($Handle, $Address, "int")
213. EndFunc
214.  
215. Func _BMReadUShort($Handle, $Address)
216.     Return _BMReadMemory($Handle, $Address, "ushort")
217. EndFunc
218.  
219. Func _BMReadShort($Handle, $Address)
220.     Return _BMReadMemory($Handle, $Address, "short")
221. EndFunc
222.  
223. Func _BMReadUByte($Handle, $Address)
224.     Return _BMReadMemory($Handle, $Address, "ubyte")
225. EndFunc
226.  
227. Func _BMReadByte($Handle, $Address)
228.     Return _BMReadMemory($Handle, $Address, "byte")
229. EndFunc
230. #EndRegion
231.  
232. #Region Write Memory
233. Func _BMWriteRawMemory($Handle, $Address, ByRef $Struct)
234.     If Not $m_IsInitialized Then
235.         SetError(1)
236.         Return False
237.     EndIf
238.    
239.     If DllStructGetPtr($Struct) = 0 Or DllStructGetSize($Struct) = 0 Then
240.         SetError(2)
241.         Return False
242.     EndIf
243.    
244.     Local $l_ret
245.    
246.     $l_ret = DllCall($m_Kernel32, "int", "WriteProcessMemory", _
247.                         "ptr", $Handle, _
248.                         "dword", $Address, _
249.                         "ptr", DllStructGetPtr($Struct), _
250.                         "dword", DllStructGetSize($Struct), _
251.                         "dword*", 0)
252.    
253.     If @error Then
254.         MsgBox(0x10, "WriteProcessMemory Error", "Could not write to process' memory.")
255.         SetError(3)
256.         Return False
257.     EndIf
258.    
259.     Return ($l_ret[0] <> 0)
260. EndFunc
261.  
262. Func _BMWriteMemory($Handle, $Address, $Value, $Type)
263.     If Not $m_IsInitialized Then
264.         SetError(1)
265.         Return False
266.     EndIf
267.    
268.     Local $l_Buffer = DllStructCreate($Type)
269.     DllStructSetData($l_Buffer, 1, $Value)
270.    
271.     Local $l_ret = _BMWriteRawMemory($Handle, $Address, $l_Buffer)
272.     If @error Or $l_ret = 0 Then
273.         $l_Buffer = 0
274.         SetError(2 + BitShift(@error, -16))
275.         Return False
276.     EndIf
277.    
278.     Return $l_ret
279. EndFunc
280.  
281. Func _BMWriteBytes($Handle, $Address, $ByteArray)
282.     If Not $m_IsInitialized Then
283.         SetError(1)
284.         Return False
285.     EndIf
286.    
287.     If Not IsArray($ByteArray) Then
288.         SetError(2)
289.         Return False
290.     EndIf
291.    
292.     Local $l_Buffer = DllStructCreate("ubyte[" & UBound($ByteArray) & "]")
293.    
294.     For $i = 1 To UBound($ByteArray)
295.         DllStructSetData($l_Buffer, $i, $ByteArray[$i - 1])
296.     Next
297.    
298.     Local $l_ret = _BMWriteRawMemory($Handle, $Address, $l_Buffer)
299.    
300.     $l_Buffer = 0
301.    
302.     Return $l_ret
303. EndFunc
304.  
305. Func _BMWriteDouble($Handle, $Address, $Value)
306.     Return _BMWriteMemory($Handle, $Address, $Value, "double")
307. EndFunc
308.  
309. Func _BMWriteFloat($Handle, $Address, $Value)
310.     Return _BMWriteMemory($Handle, $Address, $Value, "float")
311. EndFunc
312.  
313. Func _BMWriteUInt($Handle, $Address, $Value)
314.     Return _BMWriteMemory($Handle, $Address, $Value, "dword")
315. EndFunc
316.  
317. Func _BMWriteInt($Handle, $Address, $Value)
318.     Return _BMWriteMemory($Handle, $Address, $Value, "int")
319. EndFunc
320.  
321. Func _BMWriteUShort($Handle, $Address, $Value)
322.     Return _BMWriteMemory($Handle, $Address, $Value, "ushort")
323. EndFunc
324.  
325. Func _BMWriteShort($Handle, $Address, $Value)
326.     Return _BMWriteMemory($Handle, $Address, $Value, "short")
327. EndFunc
328.  
329. Func _BMWriteUByte($Handle, $Address, $Value)
330.     Return _BMWriteMemory($Handle, $Address, $Value, "ubyte")
331. EndFunc
332.  
333. Func _BMWriteByte($Handle, $Address, $Value)
334.     Return _BMWriteMemory($Handle, $Address, $Value, "byte")
335. EndFunc
336. #EndRegion
337.  
338. ;==================================================================================
339. ; Function:            SetPrivilege( $privilege, $bEnable )
340. ; Description:        Enables (or disables) the $privilege on the current process
341. ;                   (Probably) requires administrator privileges to run
342. ;
343. ; Author(s):        Larry (from autoitscript.com's Forum)
344. ; Notes(s):
345. ; http://www.autoitscript.com/forum/index.php?s=&showtopic=31248&view=findpost&p=223999
346. ;==================================================================================
347. Func __SetPrivilege( $privilege, $bEnable )
348.     Const $MY_TOKEN_ADJUST_PRIVILEGES = 0x0020
349.     Const $MY_TOKEN_QUERY = 0x0008
350.     Const $MY_SE_PRIVILEGE_ENABLED = 0x0002
351.     Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv
352.     $nTokens = 1
353.     $LUID = DLLStructCreate("dword;int")
354.     If IsArray($privilege) Then    $nTokens = UBound($privilege)
355.     $TOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
356.     $NEWTOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
357.     $hCurrProcess = DLLCall("kernel32.dll","hwnd","GetCurrentProcess")
358.     $SP_auxret = DLLCall("advapi32.dll","int","OpenProcessToken","hwnd",$hCurrProcess[0],   _
359.             "int",BitOR($MY_TOKEN_ADJUST_PRIVILEGES,$MY_TOKEN_QUERY),"int*",0)
360.     If $SP_auxret[0] Then
361.         $hToken = $SP_auxret[3]
362.         DLLStructSetData($TOKEN_PRIVILEGES,1,1)
363.         $nTokenIndex = 1
364.         While $nTokenIndex <= $nTokens
365.             If IsArray($privilege) Then
366.                 $priv = $privilege[$nTokenIndex-1]
367.             Else
368.                 $priv = $privilege
369.             EndIf
370.             $ret = DLLCall("advapi32.dll","int","LookupPrivilegeValue","str","","str",$priv,   _
371.                     "ptr",DLLStructGetPtr($LUID))
372.             If $ret[0] Then
373.                 If $bEnable Then
374.                     DLLStructSetData($TOKEN_PRIVILEGES,2,$MY_SE_PRIVILEGE_ENABLED,(3 * $nTokenIndex))
375.                 Else
376.                     DLLStructSetData($TOKEN_PRIVILEGES,2,0,(3 * $nTokenIndex))
377.                 EndIf
378.                 DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,1),(3 * ($nTokenIndex-1)) + 1)
379.                 DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,2),(3 * ($nTokenIndex-1)) + 2)
380.                 DLLStructSetData($LUID,1,0)
381.                 DLLStructSetData($LUID,2,0)
382.             EndIf
383.             $nTokenIndex += 1
384.         WEnd
385.         $ret = DLLCall("advapi32.dll","int","AdjustTokenPrivileges","hwnd",$hToken,"int",0,   _
386.                 "ptr",DllStructGetPtr($TOKEN_PRIVILEGES),"int",DllStructGetSize($NEWTOKEN_PRIVILEGES),   _
387.                 "ptr",DllStructGetPtr($NEWTOKEN_PRIVILEGES),"int*",0)
388.         $f = DLLCall("kernel32.dll","int","GetLastError")
389.     EndIf
390.     $NEWTOKEN_PRIVILEGES=0
391.     $TOKEN_PRIVILEGES=0
392.     $LUID=0
393.     If $SP_auxret[0] = 0 Then Return 0
394.     $SP_auxret = DLLCall("kernel32.dll","int","CloseHandle","hwnd",$hToken)
395.     If Not $ret[0] And Not $SP_auxret[0] Then Return 0
396.     return $ret[0]
397. EndFunc  ;==>SetPrivilege