starting commit

2015-04-02 23:29:41 +09:00 · 2015-04-02 23:29:41 +09:00 · ef049233a1
commit ef049233a1
parent 9914ab9985
8 changed files with 4577 additions and 0 deletions
--- a/vnr/ntdll/ntdll.h
+++ b/vnr/ntdll/ntdll.h
--- a/vnr/ntdll/ntdll.pri
+++ b/vnr/ntdll/ntdll.pri
@ -0,0 +1,10 @@
+# ntdll.pri
+# 4/9/2012 jichi
+
+DEFINES += WITH_LIB_NTDLL
+
+DEPENDPATH += $$PWD
+
+HEADERS += $$PWD/ntdll.h
+
+# EOF
--- a/vnr/ntinspect/ntinspect.cc
+++ b/vnr/ntinspect/ntinspect.cc
@ -0,0 +1,100 @@
+// ntinspect.cc
+// 4/20/2014 jichi
+#include "ntdll/ntdll.h"
+#include "ntinspect/ntinspect.h"
+
+//#ifdef _MSC_VER
+//# pragma warning(disable:4018) // C4018: signed/unsigned mismatch
+//#endif // _MSC_VER
+
+namespace { // unnamed
+// Replacement of wcscpy_s which is not available on Windows XP's msvcrt
+// http://sakuradite.com/topic/247
+errno_t wcscpy_safe(wchar_t *buffer, size_t bufferSize, const wchar_t *source)
+{
+  size_t len = min(bufferSize - 1, wcslen(source));
+  buffer[len] = 0;
+  if (len)
+    memcpy(buffer, source, len * 2);
+  return 0;
+}
+} // unnamed namespace
+
+NTINSPECT_BEGIN_NAMESPACE
+
+BOOL getCurrentProcessName(LPWSTR buffer, int bufferSize)
+{
+  //assert(name);
+  PLDR_DATA_TABLE_ENTRY it;
+  __asm
+  {
+    mov eax,fs:[0x30]
+    mov eax,[eax+0xc]
+    mov eax,[eax+0xc]
+    mov it,eax
+  }
+  // jichi 6/4/2014: _s functions are not supported on Windows XP's msvcrt.dll
+  //return 0 == wcscpy_s(buffer, bufferSize, it->BaseDllName.Buffer);
+  return 0 == wcscpy_safe(buffer, bufferSize, it->BaseDllName.Buffer);
+}
+
+BOOL getModuleMemoryRange(LPCWSTR moduleName, DWORD *lowerBound, DWORD *upperBound)
+{
+  //assert(lower);
+  //assert(upper);
+  PLDR_DATA_TABLE_ENTRY it;
+  LIST_ENTRY *begin;
+  __asm
+  {
+    mov eax,fs:[0x30]
+    mov eax,[eax+0xc]
+    mov eax,[eax+0xc]
+    mov it,eax
+    mov begin,eax
+  }
+
+  while (it->SizeOfImage) {
+    if (_wcsicmp(it->BaseDllName.Buffer, moduleName) == 0) {
+      DWORD lower = (DWORD)it->DllBase;
+      if (lowerBound)
+        *lowerBound = lower;
+
+      if (upperBound) {
+        DWORD upper = lower;
+        MEMORY_BASIC_INFORMATION mbi = {};
+        DWORD size = 0;
+        do {
+          DWORD len;
+          // Nt function is needed instead of VirtualQuery, which only works for the current process
+          ::NtQueryVirtualMemory(NtCurrentProcess(), (LPVOID)upper, MemoryBasicInformation, &mbi, sizeof(mbi), &len);
+          if (mbi.Protect & PAGE_NOACCESS) {
+            it->SizeOfImage = size;
+            break;
+          }
+          size += mbi.RegionSize;
+          upper += mbi.RegionSize;
+        } while (size < it->SizeOfImage);
+
+        *upperBound = upper;
+      }
+      return TRUE;
+    }
+    it = (PLDR_DATA_TABLE_ENTRY)it->InLoadOrderModuleList.Flink;
+    if (it->InLoadOrderModuleList.Flink == begin)
+      break;
+  }
+  return FALSE;
+}
+
+BOOL getCurrentMemoryRange(DWORD *lowerBound, DWORD *upperBound)
+{
+  WCHAR procName[MAX_PATH]; // cached
+  *lowerBound = 0;
+  *upperBound = 0;
+  return getCurrentProcessName(procName, MAX_PATH)
+      && getModuleMemoryRange(procName, lowerBound, upperBound);
+}
+
+NTINSPECT_END_NAMESPACE
+
+// EOF
--- a/vnr/ntinspect/ntinspect.h
+++ b/vnr/ntinspect/ntinspect.h
@ -0,0 +1,31 @@
+#pragma once
+
+// ntinspect.h
+// 4/20/2014 jichi
+
+#include <windows.h>
+
+#ifndef NTINSPECT_BEGIN_NAMESPACE
+# define NTINSPECT_BEGIN_NAMESPACE  namespace NtInspect {
+#endif
+#ifndef NTINSPECT_END_NAMESPACE
+# define NTINSPECT_END_NAMESPACE    } // NtInspect
+#endif
+
+NTINSPECT_BEGIN_NAMESPACE
+
+///  Get current module name in fs:0x30
+BOOL getCurrentProcessName(_Out_ LPWSTR buffer, _In_ int bufferSize);
+
+/**
+ *  Get the memory range of the module if succeed
+ *  See: ITH FillRange
+ */
+BOOL getModuleMemoryRange(_In_ LPCWSTR moduleName, _Out_ DWORD *lowerBound, _Out_ DWORD *upperBound);
+
+///  Get memory of the current process
+BOOL getCurrentMemoryRange(_Out_ DWORD *lowerBound, _Out_ DWORD *upperBound);
+
+NTINSPECT_END_NAMESPACE
+
+// EOF
--- a/vnr/ntinspect/ntinspect.pri
+++ b/vnr/ntinspect/ntinspect.pri
@ -0,0 +1,16 @@
+# ntinspect.pri
+# 4/20/2014 jichi
+win32 {
+
+DEFINES += WITH_LIB_NTINSPECT
+
+DEPENDPATH += $$PWD
+
+HEADERS += $$PWD/ntinspect.h
+SOURCES += $$PWD/ntinspect.cc
+
+LIBS += -L$$WDK7_HOME/lib/wxp/i386 -lntdll
+
+}
+
+# EOF
--- a/vnr/winmaker/winmaker.cc
+++ b/vnr/winmaker/winmaker.cc
@ -0,0 +1,46 @@
+// winmaker.cc
+// 2/1/2013 jichi
+
+#include "winmaker/winmaker.h"
+#include <windows.h>
+//#include <commctrl.h>
+
+#ifdef _MSC_VER
+# pragma warning (disable:4800)   // C4800: forcing value to bool
+#endif // _MSC_VER
+
+// See: http://www.codeguru.com/cpp/w-p/dll/tips/article.php/c3635/Tip-Detecting-a-HMODULEHINSTANCE-Handle-Within-the-Module-Youre-Running-In.htm
+extern "C" IMAGE_DOS_HEADER __ImageBase;
+namespace { // unnamed
+  inline HMODULE _get_module() { return reinterpret_cast<HMODULE>(&__ImageBase); }
+} // unnamed
+
+bool wm_register_hidden_class(LPCWSTR className)
+{
+  WNDCLASSEX wx = {};
+  wx.cbSize = sizeof(wx);
+  wx.lpfnWndProc = ::DefWindowProc;
+  wx.hInstance = ::GetModuleHandle(nullptr);
+  wx.lpszClassName = className;
+  return ::RegisterClassEx(&wx);
+}
+
+wm_window_t wm_create_hidden_window(LPCWSTR windowName, LPCWSTR className, wm_module_t dllHandle)
+{
+  //return ::CreateWindowExA(0, className, windowName, 0, 0, 0, 0, 0, HWND_MESSAGE, nullptr, dllHandle, nullptr);
+  HINSTANCE module = reinterpret_cast<HINSTANCE>(dllHandle);
+  if (!module)
+    module = _get_module();
+  return ::CreateWindowEx(0, className, windowName, 0, 0, 0, 0, 0, 0, NULL, module, NULL);
+}
+
+bool wm_destroy_window(wm_window_t hwnd)
+{ return ::DestroyWindow(reinterpret_cast<HWND>(hwnd)); }
+
+
+// EOF
+//
+//void wm_init() { ::InitCommonControls(); }
+//void wm_destroy() {}
+//bool wm_destroy_window() { return ::DestroyWindow(hwnd); }
+
--- a/vnr/winmaker/winmaker.h
+++ b/vnr/winmaker/winmaker.h
@ -0,0 +1,23 @@
+#pragma once
+
+// winmaker.h
+// 2/1/2013 jichi
+
+#include <windows.h>
+typedef void *wm_window_t; // HWMD
+typedef void *wm_module_t; // HMODULE
+
+bool wm_register_hidden_class(LPCWSTR className = L"hidden_class");
+
+wm_window_t wm_create_hidden_window(
+    LPCWSTR windowName = L"hidden_window",
+    LPCWSTR className = L"Button", // bust be one of the common control widgets
+    wm_module_t dllHandle  = nullptr);
+
+bool wm_destroy_window(wm_window_t hwnd);
+
+// EOF
+
+//#ifdef QT_CORE_LIB
+//#include <QtGui/qwindowdefs.h>
+//WId wm_create_hidden_window(const char *className = "Button", const char *windowName = "hidden_window");
--- a/vnr/winmaker/winmaker.pri
+++ b/vnr/winmaker/winmaker.pri
@ -0,0 +1,15 @@
+# wintimer.pri
+# 7/20/2011 jichi
+win32 {
+
+DEFINES += WITH_LIB_WINMAKER
+
+#LIBS += -lkernel32 -luser32
+
+DEPENDPATH += $$PWD
+
+HEADERS += $$PWD/winmaker.h
+SOURCES += $$PWD/winmaker.cc
+}
+
+# EOF