starting commit

This commit is contained in:
mireado 2015-04-02 23:29:41 +09:00
parent 9914ab9985
commit ef049233a1
8 changed files with 4577 additions and 0 deletions

4336
vnr/ntdll/ntdll.h Normal file

File diff suppressed because it is too large Load Diff

10
vnr/ntdll/ntdll.pri Normal file

@ -0,0 +1,10 @@
# ntdll.pri
# 4/9/2012 jichi
DEFINES += WITH_LIB_NTDLL
DEPENDPATH += $$PWD
HEADERS += $$PWD/ntdll.h
# EOF

100
vnr/ntinspect/ntinspect.cc Normal file

@ -0,0 +1,100 @@
// ntinspect.cc
// 4/20/2014 jichi
#include "ntdll/ntdll.h"
#include "ntinspect/ntinspect.h"
//#ifdef _MSC_VER
//# pragma warning(disable:4018) // C4018: signed/unsigned mismatch
//#endif // _MSC_VER
namespace { // unnamed
// Replacement of wcscpy_s which is not available on Windows XP's msvcrt
// http://sakuradite.com/topic/247
errno_t wcscpy_safe(wchar_t *buffer, size_t bufferSize, const wchar_t *source)
{
size_t len = min(bufferSize - 1, wcslen(source));
buffer[len] = 0;
if (len)
memcpy(buffer, source, len * 2);
return 0;
}
} // unnamed namespace
NTINSPECT_BEGIN_NAMESPACE
BOOL getCurrentProcessName(LPWSTR buffer, int bufferSize)
{
//assert(name);
PLDR_DATA_TABLE_ENTRY it;
__asm
{
mov eax,fs:[0x30]
mov eax,[eax+0xc]
mov eax,[eax+0xc]
mov it,eax
}
// jichi 6/4/2014: _s functions are not supported on Windows XP's msvcrt.dll
//return 0 == wcscpy_s(buffer, bufferSize, it->BaseDllName.Buffer);
return 0 == wcscpy_safe(buffer, bufferSize, it->BaseDllName.Buffer);
}
BOOL getModuleMemoryRange(LPCWSTR moduleName, DWORD *lowerBound, DWORD *upperBound)
{
//assert(lower);
//assert(upper);
PLDR_DATA_TABLE_ENTRY it;
LIST_ENTRY *begin;
__asm
{
mov eax,fs:[0x30]
mov eax,[eax+0xc]
mov eax,[eax+0xc]
mov it,eax
mov begin,eax
}
while (it->SizeOfImage) {
if (_wcsicmp(it->BaseDllName.Buffer, moduleName) == 0) {
DWORD lower = (DWORD)it->DllBase;
if (lowerBound)
*lowerBound = lower;
if (upperBound) {
DWORD upper = lower;
MEMORY_BASIC_INFORMATION mbi = {};
DWORD size = 0;
do {
DWORD len;
// Nt function is needed instead of VirtualQuery, which only works for the current process
::NtQueryVirtualMemory(NtCurrentProcess(), (LPVOID)upper, MemoryBasicInformation, &mbi, sizeof(mbi), &len);
if (mbi.Protect & PAGE_NOACCESS) {
it->SizeOfImage = size;
break;
}
size += mbi.RegionSize;
upper += mbi.RegionSize;
} while (size < it->SizeOfImage);
*upperBound = upper;
}
return TRUE;
}
it = (PLDR_DATA_TABLE_ENTRY)it->InLoadOrderModuleList.Flink;
if (it->InLoadOrderModuleList.Flink == begin)
break;
}
return FALSE;
}
BOOL getCurrentMemoryRange(DWORD *lowerBound, DWORD *upperBound)
{
WCHAR procName[MAX_PATH]; // cached
*lowerBound = 0;
*upperBound = 0;
return getCurrentProcessName(procName, MAX_PATH)
&& getModuleMemoryRange(procName, lowerBound, upperBound);
}
NTINSPECT_END_NAMESPACE
// EOF

31
vnr/ntinspect/ntinspect.h Normal file

@ -0,0 +1,31 @@
#pragma once
// ntinspect.h
// 4/20/2014 jichi
#include <windows.h>
#ifndef NTINSPECT_BEGIN_NAMESPACE
# define NTINSPECT_BEGIN_NAMESPACE namespace NtInspect {
#endif
#ifndef NTINSPECT_END_NAMESPACE
# define NTINSPECT_END_NAMESPACE } // NtInspect
#endif
NTINSPECT_BEGIN_NAMESPACE
/// Get current module name in fs:0x30
BOOL getCurrentProcessName(_Out_ LPWSTR buffer, _In_ int bufferSize);
/**
* Get the memory range of the module if succeed
* See: ITH FillRange
*/
BOOL getModuleMemoryRange(_In_ LPCWSTR moduleName, _Out_ DWORD *lowerBound, _Out_ DWORD *upperBound);
/// Get memory of the current process
BOOL getCurrentMemoryRange(_Out_ DWORD *lowerBound, _Out_ DWORD *upperBound);
NTINSPECT_END_NAMESPACE
// EOF

@ -0,0 +1,16 @@
# ntinspect.pri
# 4/20/2014 jichi
win32 {
DEFINES += WITH_LIB_NTINSPECT
DEPENDPATH += $$PWD
HEADERS += $$PWD/ntinspect.h
SOURCES += $$PWD/ntinspect.cc
LIBS += -L$$WDK7_HOME/lib/wxp/i386 -lntdll
}
# EOF

46
vnr/winmaker/winmaker.cc Normal file

@ -0,0 +1,46 @@
// winmaker.cc
// 2/1/2013 jichi
#include "winmaker/winmaker.h"
#include <windows.h>
//#include <commctrl.h>
#ifdef _MSC_VER
# pragma warning (disable:4800) // C4800: forcing value to bool
#endif // _MSC_VER
// See: http://www.codeguru.com/cpp/w-p/dll/tips/article.php/c3635/Tip-Detecting-a-HMODULEHINSTANCE-Handle-Within-the-Module-Youre-Running-In.htm
extern "C" IMAGE_DOS_HEADER __ImageBase;
namespace { // unnamed
inline HMODULE _get_module() { return reinterpret_cast<HMODULE>(&__ImageBase); }
} // unnamed
bool wm_register_hidden_class(LPCWSTR className)
{
WNDCLASSEX wx = {};
wx.cbSize = sizeof(wx);
wx.lpfnWndProc = ::DefWindowProc;
wx.hInstance = ::GetModuleHandle(nullptr);
wx.lpszClassName = className;
return ::RegisterClassEx(&wx);
}
wm_window_t wm_create_hidden_window(LPCWSTR windowName, LPCWSTR className, wm_module_t dllHandle)
{
//return ::CreateWindowExA(0, className, windowName, 0, 0, 0, 0, 0, HWND_MESSAGE, nullptr, dllHandle, nullptr);
HINSTANCE module = reinterpret_cast<HINSTANCE>(dllHandle);
if (!module)
module = _get_module();
return ::CreateWindowEx(0, className, windowName, 0, 0, 0, 0, 0, 0, NULL, module, NULL);
}
bool wm_destroy_window(wm_window_t hwnd)
{ return ::DestroyWindow(reinterpret_cast<HWND>(hwnd)); }
// EOF
//
//void wm_init() { ::InitCommonControls(); }
//void wm_destroy() {}
//bool wm_destroy_window() { return ::DestroyWindow(hwnd); }

23
vnr/winmaker/winmaker.h Normal file

@ -0,0 +1,23 @@
#pragma once
// winmaker.h
// 2/1/2013 jichi
#include <windows.h>
typedef void *wm_window_t; // HWMD
typedef void *wm_module_t; // HMODULE
bool wm_register_hidden_class(LPCWSTR className = L"hidden_class");
wm_window_t wm_create_hidden_window(
LPCWSTR windowName = L"hidden_window",
LPCWSTR className = L"Button", // bust be one of the common control widgets
wm_module_t dllHandle = nullptr);
bool wm_destroy_window(wm_window_t hwnd);
// EOF
//#ifdef QT_CORE_LIB
//#include <QtGui/qwindowdefs.h>
//WId wm_create_hidden_window(const char *className = "Button", const char *windowName = "hidden_window");

15
vnr/winmaker/winmaker.pri Normal file

@ -0,0 +1,15 @@
# wintimer.pri
# 7/20/2011 jichi
win32 {
DEFINES += WITH_LIB_WINMAKER
#LIBS += -lkernel32 -luser32
DEPENDPATH += $$PWD
HEADERS += $$PWD/winmaker.h
SOURCES += $$PWD/winmaker.cc
}
# EOF