-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpmemory.cpp
163 lines (124 loc) · 3.5 KB
/
pmemory.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
// Memory Reading/Writing
#include "pmemory.h"
#include <Psapi.h>
#include <cstring>
#pragma comment(lib, "Psapi.lib")
#define MEM_WRITE (PAGE_READWRITE | PAGE_WRITECOPY | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY)
#define MEM_EXEC_WRITE (PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY)
UINT_PTR GetDMA(UINT_PTR BaseAddress, UINT_PTR* Offsets, UINT PointerLevel)
{
BaseAddress = Read<UINT_PTR>(BaseAddress);
--PointerLevel;
for (; PointerLevel && BaseAddress; --PointerLevel, ++Offsets)
BaseAddress = Read<UINT_PTR>(BaseAddress + *Offsets);
if (BaseAddress)
return (BaseAddress + *Offsets);
return 0;
}
UINT_PTR GetDMA_s(UINT_PTR BaseAddress, UINT_PTR* Offsets, UINT PointerLevel)
{
BaseAddress = Read_s<UINT_PTR>(BaseAddress);
--PointerLevel;
for (; PointerLevel && BaseAddress; --PointerLevel, ++Offsets)
BaseAddress = Read_s<UINT_PTR>(BaseAddress + *Offsets);
if (BaseAddress)
return (BaseAddress + *Offsets);
return 0;
}
bool IsValidWritePtr(void* Ptr)
{
if (!Ptr)
return false;
MEMORY_BASIC_INFORMATION MBI{ 0 };
if (!VirtualQuery(Ptr, &MBI, sizeof(MEMORY_BASIC_INFORMATION)))
return false;
return (MBI.State == MEM_COMMIT && (MBI.Protect & MEM_WRITE) != 0);
}
bool IsValidReadPtr(void* Ptr)
{
if (!Ptr)
return false;
MEMORY_BASIC_INFORMATION MBI{ 0 };
if (!VirtualQuery(Ptr, &MBI, sizeof(MEMORY_BASIC_INFORMATION)))
return false;
if (MBI.State == MEM_COMMIT && !(MBI.Protect & PAGE_NOACCESS))
return true;
return false;
}
HANDLE CreateThreadAtAddress(PTHREAD_START_ROUTINE pFunc, void* pArg, BYTE* pAddress)
{
if (!pFunc)
return nullptr;
bool Restore = false;
if (pAddress)
Restore = true;
DWORD dwOld = 0;
if (!pAddress)
pAddress = reinterpret_cast<BYTE*>(VirtualAlloc(nullptr, 0x10, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE));
else if (!VirtualProtect(pAddress, 0x10, PAGE_EXECUTE_READWRITE, &dwOld))
return nullptr;
if (!pAddress)
return nullptr;
BYTE Buffer[0x10];
if (Restore)
memcpy(Buffer, pAddress, 0x10);
#ifdef _WIN64
* pAddress = 0x48;
*(pAddress + 1) = 0xB8;
*reinterpret_cast<PTHREAD_START_ROUTINE*>(pAddress + 2) = pFunc;
*(pAddress + 0xA) = 0xFF;
*(pAddress + 0xB) = 0xE0;
#else
* pAddress = 0xE9;
*reinterpret_cast<DWORD*>(pAddress + 1) = (BYTE*)pFunc - pAddress - 5;
#endif
HANDLE hThread = CreateThread(nullptr, 0, (PTHREAD_START_ROUTINE)pAddress, pArg, 0, nullptr);
if (!hThread)
VirtualFree(pAddress, 0x10, MEM_DECOMMIT);
Sleep(100);
if (Restore)
{
memcpy(pAddress, Buffer, 0x10);
VirtualProtect(pAddress, 0x10, dwOld, &dwOld);
}
else
VirtualFree(pAddress, 0x10, MEM_DECOMMIT);
return hThread;
}
BYTE* ReadBytes(UINT_PTR address, int size)
{
BYTE* byteArr = new BYTE[size];
for (auto i = 0; i < size; i++)
{
byteArr[i] = Read<BYTE>(address++);
}
return byteArr;
}
uintptr_t FindPattern(HMODULE module, const unsigned char* pattern, const char* mask)
{
MODULEINFO info = { };
GetModuleInformation(GetCurrentProcess(), module, &info, sizeof(MODULEINFO));
return FindPattern(reinterpret_cast<uintptr_t>(module), info.SizeOfImage, pattern, mask);
}
uintptr_t FindPattern(uintptr_t start, size_t length, const unsigned char* pattern, const char* mask)
{
size_t pos = 0;
auto maskLength = std::strlen(mask) - 1;
auto startAdress = start;
for (auto it = startAdress; it < startAdress + length; ++it)
{
if (*reinterpret_cast<unsigned char*>(it) == pattern[pos] || mask[pos] == '?')
{
if (mask[pos + 1] == '\0')
{
return it - maskLength;
}
pos++;
}
else
{
pos = 0;
}
}
return -1;
}