Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #pragma once
- #include "Include.h"
- using namespace std;
- namespace asmjs
- {
- class DProcess
- {
- HANDLE_TABLE_ENTRY* ExpLookupHandleTableEntry(HANDLE_TABLE* handleTable, HANDLE handle)
- {
- uint64 v2; // rdx@1
- LONGLONG v3; // r8@2
- uint64 result; // rax@4
- uint64 v5;
- uint64 a1 = (uint64)handleTable;
- v2 = (uint64)handle & 0xFFFFFFFFFFFFFFFCui64;
- if (v2 >= *(DWORD*)a1)
- {
- result = 0i64;
- }
- else
- {
- v3 = *(uint64*)(a1 + 8);
- if (*(uint64*)(a1 + 8) & 3)
- {
- if ((*(DWORD*)(a1 + 8) & 3) == 1)
- {
- v5 = ReadKernel<uint64>(v3 + 8 * (v2 >> 10) - 1);
- result = v5 + 4 * (v2 & 0x3FF);
- }
- else
- {
- v5 = ReadKernel<uint64>(ReadKernel<uint64>(v3 + 8 * (v2 >> 19) - 2) + 8 * ((v2 >> 10) & 0x1FF));
- result = v5 + 4 * (v2 & 0x3FF);
- }
- }
- else
- {
- result = v3 + 4 * v2;
- }
- }
- return (HANDLE_TABLE_ENTRY*)result;
- }
- template <class T> T Read(uint64 dirbase, uint64 address)
- {
- T buff;
- Pm->ReadVirtual(dirbase, address, (uint8_t*)&buff, sizeof(T));
- return buff;
- }
- template <class T> T ReadKernel(uint64 address)
- {
- return Read<T>(KernelDirbase, address);
- }
- template <class T> void Write(uint64 dirbase, uint64 address, T& value)
- {
- Pm->WriteVirtual(dirbase, address, (uint8_t*)&value, sizeof(T));
- }
- template <class T> void WriteKernel(uint64 address, T& value)
- {
- Write<T>(KernelDirbase, address, value);
- }
- HANDLE_TABLE_ENTRY* GetHandleTableEntry(HANDLE handle)
- {
- auto pHandleTable = ReadKernel<HANDLE_TABLE*>(pEntry + oObjectTable);
- HANDLE_TABLE handleTable = ReadKernel<HANDLE_TABLE>((uint64)pHandleTable);
- return ExpLookupHandleTableEntry(&handleTable, handle);
- }
- public:
- uint64 pEntry;
- shared_ptr<PhysicalMemory> Pm;
- uint64 KernelDirbase;
- uint64 oObjectTable = 0x418;
- uint64 oProcessId = 0x2e0;
- uint64 oProtection = 0x6ca;
- DProcess(shared_ptr<PhysicalMemory> physMem, uint64 processId) : Pm(physMem)
- {
- if (processId == null) processId = GetCurrentProcessId();
- pEntry = Pm->GetEProcess(processId);
- KernelDirbase = Pm->GetKernelDirBase();
- }
- DProcess(shared_ptr<PhysicalMemory> physMem, string processName) : Pm(physMem)
- {
- uint64 id = GetProcessIdByName(processName);
- if (!id) throw "Process doesn't exist.";
- pEntry = Pm->GetEProcess(id);
- KernelDirbase = Pm->GetKernelDirBase();
- }
- static uint64 GetProcessIdByName(string name)
- {
- uint64 pid = false;
- HANDLE snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
- PROCESSENTRY32 entry;
- entry.dwSize = sizeof(entry);
- if (!Process32First(snap, &entry)) return false;
- do
- {
- if (LC(entry.szExeFile) == LC(W(name)))
- {
- pid = entry.th32ProcessID;
- }
- } while (Process32Next(snap, &entry));
- CloseHandle(snap);
- return pid;
- }
- uint64 GetId()
- {
- return ReadKernel<uint64>(pEntry + oProcessId);
- }
- void SetId(uint64 id)
- {
- WriteKernel<uint64>(pEntry + oProcessId, id);
- }
- WORD GetProtection()
- {
- return ReadKernel<WORD>(pEntry + oProtection);
- }
- void SetProtection(WORD protection)
- {
- WriteKernel<WORD>(pEntry + oProtection, protection);
- }
- void SetHandleAccess(HANDLE handle, uint64 access)
- {
- auto pEntry = GetHandleTableEntry(handle);
- if (!pEntry) throw "Couldn't get handle entry";
- HANDLE_TABLE_ENTRY entry = ReadKernel<HANDLE_TABLE_ENTRY>((uint64)pEntry);
- entry.GrantedAccess = access;
- WriteKernel<HANDLE_TABLE_ENTRY>((uint64)pEntry, entry);
- }
- uint64 GetHandleAccess(HANDLE handle)
- {
- auto pEntry = GetHandleTableEntry(handle);
- if (!pEntry) throw "Couldn't get handle entry";
- HANDLE_TABLE_ENTRY entry = ReadKernel<HANDLE_TABLE_ENTRY>((uint64)pEntry);
- return entry.GrantedAccess;
- }
- };
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement