2018-07-26 12:48:18 +08:00
|
|
|
#include "misc.h"
|
|
|
|
|
#include "../vnrhook/include/const.h"
|
|
|
|
|
#include <QRegExp>
|
|
|
|
|
#include <Psapi.h>
|
|
|
|
|
|
2018-07-27 13:42:21 +08:00
|
|
|
QString GetFullModuleName(DWORD processId, HMODULE module)
|
2018-07-26 12:48:18 +08:00
|
|
|
{
|
|
|
|
|
HANDLE handle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processId);
|
2018-07-31 11:25:08 +08:00
|
|
|
wchar_t buffer[MAX_PATH] = {};
|
2018-07-26 12:48:18 +08:00
|
|
|
GetModuleFileNameExW(handle, module, buffer, MAX_PATH);
|
|
|
|
|
CloseHandle(handle);
|
2018-07-27 13:42:21 +08:00
|
|
|
return QString::fromWCharArray(buffer);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
QString GetModuleName(DWORD processId, HMODULE module)
|
|
|
|
|
{
|
|
|
|
|
QString fullName = GetFullModuleName(processId, module);
|
|
|
|
|
return fullName.remove(0, fullName.lastIndexOf("\\") + 1);
|
2018-07-26 12:48:18 +08:00
|
|
|
}
|
|
|
|
|
|
2018-08-21 02:30:50 +08:00
|
|
|
std::unordered_map<std::wstring, DWORD> GetAllProcesses()
|
2018-07-31 11:25:08 +08:00
|
|
|
{
|
|
|
|
|
DWORD allProcessIds[0x1000];
|
|
|
|
|
DWORD spaceUsed;
|
2018-08-21 02:30:50 +08:00
|
|
|
std::unordered_map<std::wstring, DWORD> ret;
|
2018-07-31 11:25:08 +08:00
|
|
|
if (!EnumProcesses(allProcessIds, sizeof(allProcessIds), &spaceUsed)) return ret;
|
|
|
|
|
for (int i = 0; i < spaceUsed / sizeof(DWORD); ++i)
|
|
|
|
|
if (GetModuleName(allProcessIds[i]).size())
|
2018-08-21 02:30:50 +08:00
|
|
|
ret[GetModuleName(allProcessIds[i]).toStdWString()] = allProcessIds[i];
|
2018-07-31 11:25:08 +08:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-26 12:48:18 +08:00
|
|
|
DWORD Hash(QString module)
|
|
|
|
|
{
|
2018-07-27 13:42:21 +08:00
|
|
|
module = module.toLower();
|
2018-07-26 12:48:18 +08:00
|
|
|
DWORD hash = 0;
|
|
|
|
|
for (auto i : module) hash = _rotr(hash, 7) + i.unicode();
|
|
|
|
|
return hash;
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-05 06:01:59 +08:00
|
|
|
HookParam ParseRCode(QString RCode)
|
|
|
|
|
{
|
|
|
|
|
HookParam hp = {};
|
2018-08-05 06:29:43 +08:00
|
|
|
hp.type |= DIRECT_READ;
|
2018-08-05 06:01:59 +08:00
|
|
|
switch (RCode.at(0).unicode())
|
|
|
|
|
{
|
|
|
|
|
case L'S':
|
|
|
|
|
break;
|
|
|
|
|
case L'Q':
|
|
|
|
|
hp.type |= USING_STRING | USING_UNICODE;
|
|
|
|
|
break;
|
|
|
|
|
case L'V':
|
|
|
|
|
hp.type |= USING_STRING | USING_UTF8;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
return {};
|
|
|
|
|
}
|
|
|
|
|
RCode.remove(0, 1);
|
|
|
|
|
QRegExp stringGap("^\\-?[\\dA-F]+");
|
|
|
|
|
if (stringGap.indexIn(RCode) == -1) return {};
|
|
|
|
|
hp.offset = stringGap.cap(0).toInt(nullptr, 16);
|
|
|
|
|
RCode.remove(0, stringGap.cap(0).length());
|
|
|
|
|
if (RCode.at(0).unicode() != L'@') return {};
|
|
|
|
|
RCode.remove(0, 1);
|
|
|
|
|
QRegExp address("[\\dA-F]+$");
|
|
|
|
|
if (address.indexIn(RCode) == -1) return {};
|
2018-08-11 15:05:31 +08:00
|
|
|
hp.address = address.cap(0).toULongLong(nullptr, 16);
|
2018-08-05 06:01:59 +08:00
|
|
|
return hp;
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-27 13:42:21 +08:00
|
|
|
HookParam ParseHCode(QString HCode)
|
2018-07-26 12:48:18 +08:00
|
|
|
{
|
|
|
|
|
HookParam hp = {};
|
|
|
|
|
switch (HCode.at(0).unicode())
|
|
|
|
|
{
|
|
|
|
|
case L'S':
|
|
|
|
|
hp.type |= USING_STRING;
|
|
|
|
|
break;
|
|
|
|
|
case L'A':
|
|
|
|
|
hp.type |= BIG_ENDIAN;
|
|
|
|
|
hp.length_offset = 1;
|
|
|
|
|
break;
|
|
|
|
|
case L'B':
|
|
|
|
|
hp.length_offset = 1;
|
|
|
|
|
break;
|
|
|
|
|
case L'Q':
|
|
|
|
|
hp.type |= USING_STRING | USING_UNICODE;
|
|
|
|
|
break;
|
|
|
|
|
case L'W':
|
|
|
|
|
hp.type |= USING_UNICODE;
|
|
|
|
|
hp.length_offset = 1;
|
|
|
|
|
break;
|
2018-08-03 13:48:57 +08:00
|
|
|
case L'V':
|
|
|
|
|
hp.type |= USING_STRING | USING_UTF8;
|
|
|
|
|
break;
|
2018-07-26 12:48:18 +08:00
|
|
|
default:
|
|
|
|
|
return {};
|
|
|
|
|
}
|
|
|
|
|
HCode.remove(0, 1);
|
|
|
|
|
if (HCode.at(0).unicode() == L'N')
|
|
|
|
|
{
|
|
|
|
|
hp.type |= NO_CONTEXT;
|
|
|
|
|
HCode.remove(0, 1);
|
|
|
|
|
}
|
|
|
|
|
QRegExp dataOffset("^\\-?[\\dA-F]+");
|
|
|
|
|
if (dataOffset.indexIn(HCode) == -1) return {};
|
|
|
|
|
hp.offset = dataOffset.cap(0).toInt(nullptr, 16);
|
|
|
|
|
HCode.remove(0, dataOffset.cap(0).length());
|
|
|
|
|
QRegExp dataIndirect("^\\*(\\-?[\\dA-F]+)");
|
|
|
|
|
if (dataIndirect.indexIn(HCode) != -1)
|
|
|
|
|
{
|
|
|
|
|
hp.type |= DATA_INDIRECT;
|
|
|
|
|
hp.index = dataIndirect.cap(1).toInt(nullptr, 16);
|
|
|
|
|
HCode.remove(0, dataIndirect.cap(0).length());
|
|
|
|
|
}
|
|
|
|
|
QRegExp split("^\\:(\\-?[\\dA-F]+)");
|
|
|
|
|
if (split.indexIn(HCode) != -1)
|
|
|
|
|
{
|
|
|
|
|
hp.type |= USING_SPLIT;
|
|
|
|
|
hp.split = split.cap(1).toInt(nullptr, 16);
|
|
|
|
|
HCode.remove(0, split.cap(0).length());
|
|
|
|
|
QRegExp splitIndirect("^\\*(\\-?[\\dA-F]+)");
|
|
|
|
|
if (splitIndirect.indexIn(HCode) != -1)
|
|
|
|
|
{
|
|
|
|
|
hp.type |= SPLIT_INDIRECT;
|
|
|
|
|
hp.split_index = splitIndirect.cap(1).toInt(nullptr, 16);
|
|
|
|
|
HCode.remove(0, splitIndirect.cap(0).length());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (HCode.at(0).unicode() != L'@') return {};
|
|
|
|
|
HCode.remove(0, 1);
|
|
|
|
|
QRegExp address("^([\\dA-F]+):?");
|
|
|
|
|
if (address.indexIn(HCode) == -1) return {};
|
|
|
|
|
hp.address = address.cap(1).toInt(nullptr, 16);
|
|
|
|
|
HCode.remove(address.cap(0));
|
|
|
|
|
if (HCode.length())
|
|
|
|
|
{
|
|
|
|
|
hp.type |= MODULE_OFFSET;
|
2018-07-27 13:42:21 +08:00
|
|
|
hp.module = Hash(HCode);
|
2018-07-26 12:48:18 +08:00
|
|
|
}
|
2018-08-04 15:16:14 +08:00
|
|
|
if (hp.offset < 0)
|
2018-07-26 12:48:18 +08:00
|
|
|
hp.offset -= 4;
|
2018-08-04 15:16:14 +08:00
|
|
|
if (hp.split < 0)
|
2018-07-26 12:48:18 +08:00
|
|
|
hp.split -= 4;
|
|
|
|
|
return hp;
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-05 06:01:59 +08:00
|
|
|
HookParam ParseCode(QString code)
|
|
|
|
|
{
|
|
|
|
|
code = code.toUpper();
|
|
|
|
|
if (code.startsWith("/H")) return ParseHCode(code.remove(0, 2));
|
|
|
|
|
else if (code.startsWith("/R")) return ParseRCode(code.remove(0, 2));
|
|
|
|
|
else return {};
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-26 12:48:18 +08:00
|
|
|
QString GenerateHCode(HookParam hp, DWORD processId)
|
|
|
|
|
{
|
|
|
|
|
QString code = "/H";
|
|
|
|
|
if (hp.type & USING_UNICODE)
|
|
|
|
|
{
|
|
|
|
|
if (hp.type & USING_STRING)
|
|
|
|
|
code += "Q";
|
|
|
|
|
else
|
|
|
|
|
code += "W";
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2018-08-03 13:48:57 +08:00
|
|
|
if (hp.type & USING_UTF8)
|
|
|
|
|
code += "V";
|
|
|
|
|
else if (hp.type & USING_STRING)
|
2018-07-26 12:48:18 +08:00
|
|
|
code += "S";
|
|
|
|
|
else if (hp.type & BIG_ENDIAN)
|
|
|
|
|
code += "A";
|
|
|
|
|
else
|
|
|
|
|
code += "B";
|
|
|
|
|
}
|
|
|
|
|
if (hp.type & NO_CONTEXT)
|
|
|
|
|
code += "N";
|
2018-08-04 15:16:14 +08:00
|
|
|
if (hp.offset < 0) hp.offset += 4;
|
|
|
|
|
if (hp.split < 0) hp.split += 4;
|
|
|
|
|
if (hp.offset < 0)
|
|
|
|
|
code += "-" + QString::number(-hp.offset, 16);
|
2018-07-26 12:48:18 +08:00
|
|
|
else
|
|
|
|
|
code += QString::number(hp.offset, 16);
|
|
|
|
|
if (hp.type & DATA_INDIRECT)
|
|
|
|
|
{
|
2018-08-04 15:16:14 +08:00
|
|
|
if (hp.index < 0)
|
2018-07-26 12:48:18 +08:00
|
|
|
code += "*-" + QString::number(-hp.index, 16);
|
|
|
|
|
else
|
|
|
|
|
code += "*" + QString::number(hp.index, 16);
|
|
|
|
|
}
|
|
|
|
|
if (hp.type & USING_SPLIT)
|
|
|
|
|
{
|
2018-08-04 15:16:14 +08:00
|
|
|
if (hp.split < 0)
|
|
|
|
|
code += ":-" + QString::number(-hp.split, 16);
|
2018-07-26 12:48:18 +08:00
|
|
|
else
|
|
|
|
|
code += ":" + QString::number(hp.split, 16);
|
|
|
|
|
}
|
|
|
|
|
if (hp.type & SPLIT_INDIRECT)
|
|
|
|
|
{
|
2018-08-04 15:16:14 +08:00
|
|
|
if (hp.split_index < 0)
|
2018-07-26 12:48:18 +08:00
|
|
|
code += "*-" + QString::number(-hp.split_index, 16);
|
|
|
|
|
else
|
|
|
|
|
code += "*" + QString::number(hp.split_index, 16);
|
|
|
|
|
}
|
|
|
|
|
code += "@";
|
|
|
|
|
QString badCode = (code + QString::number(hp.address, 16)).toUpper();
|
|
|
|
|
HANDLE processHandle;
|
|
|
|
|
if (!(processHandle = OpenProcess(PROCESS_VM_READ | PROCESS_QUERY_INFORMATION, FALSE, processId))) return badCode;
|
|
|
|
|
MEMORY_BASIC_INFORMATION info;
|
|
|
|
|
if (!VirtualQueryEx(processHandle, (LPCVOID)hp.address, &info, sizeof(info))) return badCode;
|
2018-08-22 10:43:30 +08:00
|
|
|
QString moduleName = GetModuleName(processId, (HMODULE)info.AllocationBase);
|
|
|
|
|
if (moduleName.size() == 0) return badCode;
|
2018-07-26 12:48:18 +08:00
|
|
|
code += QString::number(hp.address - (DWORD)info.AllocationBase, 16) + ":";
|
|
|
|
|
code = code.toUpper();
|
2018-08-22 10:43:30 +08:00
|
|
|
code += moduleName;
|
2018-07-26 12:48:18 +08:00
|
|
|
return code;
|
|
|
|
|
}
|
2018-08-05 06:01:59 +08:00
|
|
|
|
|
|
|
|
QString GenerateRCode(HookParam hp)
|
|
|
|
|
{
|
|
|
|
|
QString code = "/R";
|
|
|
|
|
if (hp.type & USING_UNICODE)
|
|
|
|
|
code += "Q";
|
|
|
|
|
else if (hp.type & USING_UTF8)
|
|
|
|
|
code += "V";
|
|
|
|
|
else
|
|
|
|
|
code += "S";
|
|
|
|
|
code += QString::number(hp.offset, 16);
|
|
|
|
|
code += "@";
|
|
|
|
|
code += QString::number(hp.address, 16);
|
2018-08-05 06:42:06 +08:00
|
|
|
return code.toUpper();
|
2018-08-05 06:01:59 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
QString GenerateCode(HookParam hp, DWORD processId)
|
|
|
|
|
{
|
|
|
|
|
if (hp.type & DIRECT_READ) return GenerateRCode(hp);
|
|
|
|
|
else return GenerateHCode(hp, processId);
|
|
|
|
|
}
|
