2016-11-13 01:52:46 +08:00
|
|
|
|
// ithsys.cc
|
2016-01-05 23:01:17 +08:00
|
|
|
|
// 8/21/2013 jichi
|
|
|
|
|
|
// Branch: ITH_SYS/SYS.cpp, rev 126
|
|
|
|
|
|
//
|
|
|
|
|
|
// 8/24/2013 TODO:
|
|
|
|
|
|
// - Clean up the code
|
|
|
|
|
|
// - Move my old create remote thread for ITH2 here
|
|
|
|
|
|
|
|
|
|
|
|
#include "ithsys/ithsys.h"
|
|
|
|
|
|
|
|
|
|
|
|
// - Global variables -
|
|
|
|
|
|
|
|
|
|
|
|
// jichi 6/12/2015: https://en.wikipedia.org/wiki/Shift_JIS
|
|
|
|
|
|
// Leading table for SHIFT-JIS encoding
|
|
|
|
|
|
BYTE LeadByteTable[0x100] = {
|
|
|
|
|
|
1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
|
|
|
|
|
|
1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
|
|
|
|
|
|
1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
|
|
|
|
|
|
1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
|
|
|
|
|
|
1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
|
|
|
|
|
|
1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
|
|
|
|
|
|
1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
|
|
|
|
|
|
1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
|
|
|
|
|
|
1,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
|
|
|
|
|
|
2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
|
|
|
|
|
|
2,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
|
|
|
|
|
|
1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
|
|
|
|
|
|
1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
|
|
|
|
|
|
1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
|
|
|
|
|
|
2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,
|
|
|
|
|
|
2,2,2,2,2,2,2,2,2,2,2,2,2,1,1,1
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
// - API functions -
|
|
|
|
|
|
|
|
|
|
|
|
extern "C" {
|
2018-07-15 11:18:08 +08:00
|
|
|
|
/**
|
|
|
|
|
|
* Return the address of the first matched pattern.
|
|
|
|
|
|
* Artikash 7/14/2018: changed implementation, hopefully it behaves the same
|
|
|
|
|
|
* Return 0 if failed. The return result is ambiguous if the pattern address is 0.
|
|
|
|
|
|
*
|
|
|
|
|
|
* @param startAddress search start address
|
|
|
|
|
|
* @param range search range
|
|
|
|
|
|
* @param pattern array of bytes to match
|
|
|
|
|
|
* @param patternSize size of the pattern array
|
|
|
|
|
|
* @return relative offset from the startAddress
|
|
|
|
|
|
*/
|
|
|
|
|
|
DWORD SearchPattern(DWORD base, DWORD base_length, LPCVOID search, DWORD search_length)
|
2016-01-05 23:01:17 +08:00
|
|
|
|
{
|
2018-07-15 11:18:08 +08:00
|
|
|
|
// Artikash 7/14/2018: not sure, but I think this could throw read access violation if I dont subtract search_length
|
|
|
|
|
|
for (int i = 0; i < base_length - search_length; ++i)
|
|
|
|
|
|
if (memcmp((void*)(base + i), search, search_length) == 0)
|
|
|
|
|
|
return i;
|
2016-01-05 23:01:17 +08:00
|
|
|
|
|
2018-07-15 11:18:08 +08:00
|
|
|
|
return 0;
|
2016-01-05 23:01:17 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
DWORD IthGetMemoryRange(LPCVOID mem, DWORD *base, DWORD *size)
|
|
|
|
|
|
{
|
|
|
|
|
|
DWORD r;
|
|
|
|
|
|
MEMORY_BASIC_INFORMATION info;
|
|
|
|
|
|
NtQueryVirtualMemory(NtCurrentProcess(), const_cast<LPVOID>(mem), MemoryBasicInformation, &info, sizeof(info), &r);
|
|
|
|
|
|
if (base)
|
|
|
|
|
|
*base = (DWORD)info.BaseAddress;
|
|
|
|
|
|
if (size)
|
|
|
|
|
|
*size = info.RegionSize;
|
|
|
|
|
|
return (info.Type&PAGE_NOACCESS) == 0;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2018-07-18 05:01:56 +08:00
|
|
|
|
inline DWORD GetHash(LPSTR str)
|
|
|
|
|
|
{
|
|
|
|
|
|
DWORD hash = 0;
|
|
|
|
|
|
//for (; *str; str++)
|
|
|
|
|
|
while (*str)
|
|
|
|
|
|
hash = ((hash >> 7) | (hash << 25)) + *str++;
|
|
|
|
|
|
return hash;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2016-01-05 23:01:17 +08:00
|
|
|
|
} // extern "C"
|
|
|
|
|
|
|
2018-06-15 19:43:32 +08:00
|
|
|
|
// EOF
|
