starting commit
This commit is contained in:
parent
9914ab9985
commit
ef049233a1
4336
vnr/ntdll/ntdll.h
Normal file
4336
vnr/ntdll/ntdll.h
Normal file
File diff suppressed because it is too large
Load Diff
10
vnr/ntdll/ntdll.pri
Normal file
10
vnr/ntdll/ntdll.pri
Normal file
@ -0,0 +1,10 @@
|
||||
# ntdll.pri
|
||||
# 4/9/2012 jichi
|
||||
|
||||
DEFINES += WITH_LIB_NTDLL
|
||||
|
||||
DEPENDPATH += $$PWD
|
||||
|
||||
HEADERS += $$PWD/ntdll.h
|
||||
|
||||
# EOF
|
100
vnr/ntinspect/ntinspect.cc
Normal file
100
vnr/ntinspect/ntinspect.cc
Normal file
@ -0,0 +1,100 @@
|
||||
// ntinspect.cc
|
||||
// 4/20/2014 jichi
|
||||
#include "ntdll/ntdll.h"
|
||||
#include "ntinspect/ntinspect.h"
|
||||
|
||||
//#ifdef _MSC_VER
|
||||
//# pragma warning(disable:4018) // C4018: signed/unsigned mismatch
|
||||
//#endif // _MSC_VER
|
||||
|
||||
namespace { // unnamed
|
||||
// Replacement of wcscpy_s which is not available on Windows XP's msvcrt
|
||||
// http://sakuradite.com/topic/247
|
||||
errno_t wcscpy_safe(wchar_t *buffer, size_t bufferSize, const wchar_t *source)
|
||||
{
|
||||
size_t len = min(bufferSize - 1, wcslen(source));
|
||||
buffer[len] = 0;
|
||||
if (len)
|
||||
memcpy(buffer, source, len * 2);
|
||||
return 0;
|
||||
}
|
||||
} // unnamed namespace
|
||||
|
||||
NTINSPECT_BEGIN_NAMESPACE
|
||||
|
||||
BOOL getCurrentProcessName(LPWSTR buffer, int bufferSize)
|
||||
{
|
||||
//assert(name);
|
||||
PLDR_DATA_TABLE_ENTRY it;
|
||||
__asm
|
||||
{
|
||||
mov eax,fs:[0x30]
|
||||
mov eax,[eax+0xc]
|
||||
mov eax,[eax+0xc]
|
||||
mov it,eax
|
||||
}
|
||||
// jichi 6/4/2014: _s functions are not supported on Windows XP's msvcrt.dll
|
||||
//return 0 == wcscpy_s(buffer, bufferSize, it->BaseDllName.Buffer);
|
||||
return 0 == wcscpy_safe(buffer, bufferSize, it->BaseDllName.Buffer);
|
||||
}
|
||||
|
||||
BOOL getModuleMemoryRange(LPCWSTR moduleName, DWORD *lowerBound, DWORD *upperBound)
|
||||
{
|
||||
//assert(lower);
|
||||
//assert(upper);
|
||||
PLDR_DATA_TABLE_ENTRY it;
|
||||
LIST_ENTRY *begin;
|
||||
__asm
|
||||
{
|
||||
mov eax,fs:[0x30]
|
||||
mov eax,[eax+0xc]
|
||||
mov eax,[eax+0xc]
|
||||
mov it,eax
|
||||
mov begin,eax
|
||||
}
|
||||
|
||||
while (it->SizeOfImage) {
|
||||
if (_wcsicmp(it->BaseDllName.Buffer, moduleName) == 0) {
|
||||
DWORD lower = (DWORD)it->DllBase;
|
||||
if (lowerBound)
|
||||
*lowerBound = lower;
|
||||
|
||||
if (upperBound) {
|
||||
DWORD upper = lower;
|
||||
MEMORY_BASIC_INFORMATION mbi = {};
|
||||
DWORD size = 0;
|
||||
do {
|
||||
DWORD len;
|
||||
// Nt function is needed instead of VirtualQuery, which only works for the current process
|
||||
::NtQueryVirtualMemory(NtCurrentProcess(), (LPVOID)upper, MemoryBasicInformation, &mbi, sizeof(mbi), &len);
|
||||
if (mbi.Protect & PAGE_NOACCESS) {
|
||||
it->SizeOfImage = size;
|
||||
break;
|
||||
}
|
||||
size += mbi.RegionSize;
|
||||
upper += mbi.RegionSize;
|
||||
} while (size < it->SizeOfImage);
|
||||
|
||||
*upperBound = upper;
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
it = (PLDR_DATA_TABLE_ENTRY)it->InLoadOrderModuleList.Flink;
|
||||
if (it->InLoadOrderModuleList.Flink == begin)
|
||||
break;
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
BOOL getCurrentMemoryRange(DWORD *lowerBound, DWORD *upperBound)
|
||||
{
|
||||
WCHAR procName[MAX_PATH]; // cached
|
||||
*lowerBound = 0;
|
||||
*upperBound = 0;
|
||||
return getCurrentProcessName(procName, MAX_PATH)
|
||||
&& getModuleMemoryRange(procName, lowerBound, upperBound);
|
||||
}
|
||||
|
||||
NTINSPECT_END_NAMESPACE
|
||||
|
||||
// EOF
|
31
vnr/ntinspect/ntinspect.h
Normal file
31
vnr/ntinspect/ntinspect.h
Normal file
@ -0,0 +1,31 @@
|
||||
#pragma once
|
||||
|
||||
// ntinspect.h
|
||||
// 4/20/2014 jichi
|
||||
|
||||
#include <windows.h>
|
||||
|
||||
#ifndef NTINSPECT_BEGIN_NAMESPACE
|
||||
# define NTINSPECT_BEGIN_NAMESPACE namespace NtInspect {
|
||||
#endif
|
||||
#ifndef NTINSPECT_END_NAMESPACE
|
||||
# define NTINSPECT_END_NAMESPACE } // NtInspect
|
||||
#endif
|
||||
|
||||
NTINSPECT_BEGIN_NAMESPACE
|
||||
|
||||
/// Get current module name in fs:0x30
|
||||
BOOL getCurrentProcessName(_Out_ LPWSTR buffer, _In_ int bufferSize);
|
||||
|
||||
/**
|
||||
* Get the memory range of the module if succeed
|
||||
* See: ITH FillRange
|
||||
*/
|
||||
BOOL getModuleMemoryRange(_In_ LPCWSTR moduleName, _Out_ DWORD *lowerBound, _Out_ DWORD *upperBound);
|
||||
|
||||
/// Get memory of the current process
|
||||
BOOL getCurrentMemoryRange(_Out_ DWORD *lowerBound, _Out_ DWORD *upperBound);
|
||||
|
||||
NTINSPECT_END_NAMESPACE
|
||||
|
||||
// EOF
|
16
vnr/ntinspect/ntinspect.pri
Normal file
16
vnr/ntinspect/ntinspect.pri
Normal file
@ -0,0 +1,16 @@
|
||||
# ntinspect.pri
|
||||
# 4/20/2014 jichi
|
||||
win32 {
|
||||
|
||||
DEFINES += WITH_LIB_NTINSPECT
|
||||
|
||||
DEPENDPATH += $$PWD
|
||||
|
||||
HEADERS += $$PWD/ntinspect.h
|
||||
SOURCES += $$PWD/ntinspect.cc
|
||||
|
||||
LIBS += -L$$WDK7_HOME/lib/wxp/i386 -lntdll
|
||||
|
||||
}
|
||||
|
||||
# EOF
|
46
vnr/winmaker/winmaker.cc
Normal file
46
vnr/winmaker/winmaker.cc
Normal file
@ -0,0 +1,46 @@
|
||||
// winmaker.cc
|
||||
// 2/1/2013 jichi
|
||||
|
||||
#include "winmaker/winmaker.h"
|
||||
#include <windows.h>
|
||||
//#include <commctrl.h>
|
||||
|
||||
#ifdef _MSC_VER
|
||||
# pragma warning (disable:4800) // C4800: forcing value to bool
|
||||
#endif // _MSC_VER
|
||||
|
||||
// See: http://www.codeguru.com/cpp/w-p/dll/tips/article.php/c3635/Tip-Detecting-a-HMODULEHINSTANCE-Handle-Within-the-Module-Youre-Running-In.htm
|
||||
extern "C" IMAGE_DOS_HEADER __ImageBase;
|
||||
namespace { // unnamed
|
||||
inline HMODULE _get_module() { return reinterpret_cast<HMODULE>(&__ImageBase); }
|
||||
} // unnamed
|
||||
|
||||
bool wm_register_hidden_class(LPCWSTR className)
|
||||
{
|
||||
WNDCLASSEX wx = {};
|
||||
wx.cbSize = sizeof(wx);
|
||||
wx.lpfnWndProc = ::DefWindowProc;
|
||||
wx.hInstance = ::GetModuleHandle(nullptr);
|
||||
wx.lpszClassName = className;
|
||||
return ::RegisterClassEx(&wx);
|
||||
}
|
||||
|
||||
wm_window_t wm_create_hidden_window(LPCWSTR windowName, LPCWSTR className, wm_module_t dllHandle)
|
||||
{
|
||||
//return ::CreateWindowExA(0, className, windowName, 0, 0, 0, 0, 0, HWND_MESSAGE, nullptr, dllHandle, nullptr);
|
||||
HINSTANCE module = reinterpret_cast<HINSTANCE>(dllHandle);
|
||||
if (!module)
|
||||
module = _get_module();
|
||||
return ::CreateWindowEx(0, className, windowName, 0, 0, 0, 0, 0, 0, NULL, module, NULL);
|
||||
}
|
||||
|
||||
bool wm_destroy_window(wm_window_t hwnd)
|
||||
{ return ::DestroyWindow(reinterpret_cast<HWND>(hwnd)); }
|
||||
|
||||
|
||||
// EOF
|
||||
//
|
||||
//void wm_init() { ::InitCommonControls(); }
|
||||
//void wm_destroy() {}
|
||||
//bool wm_destroy_window() { return ::DestroyWindow(hwnd); }
|
||||
|
23
vnr/winmaker/winmaker.h
Normal file
23
vnr/winmaker/winmaker.h
Normal file
@ -0,0 +1,23 @@
|
||||
#pragma once
|
||||
|
||||
// winmaker.h
|
||||
// 2/1/2013 jichi
|
||||
|
||||
#include <windows.h>
|
||||
typedef void *wm_window_t; // HWMD
|
||||
typedef void *wm_module_t; // HMODULE
|
||||
|
||||
bool wm_register_hidden_class(LPCWSTR className = L"hidden_class");
|
||||
|
||||
wm_window_t wm_create_hidden_window(
|
||||
LPCWSTR windowName = L"hidden_window",
|
||||
LPCWSTR className = L"Button", // bust be one of the common control widgets
|
||||
wm_module_t dllHandle = nullptr);
|
||||
|
||||
bool wm_destroy_window(wm_window_t hwnd);
|
||||
|
||||
// EOF
|
||||
|
||||
//#ifdef QT_CORE_LIB
|
||||
//#include <QtGui/qwindowdefs.h>
|
||||
//WId wm_create_hidden_window(const char *className = "Button", const char *windowName = "hidden_window");
|
15
vnr/winmaker/winmaker.pri
Normal file
15
vnr/winmaker/winmaker.pri
Normal file
@ -0,0 +1,15 @@
|
||||
# wintimer.pri
|
||||
# 7/20/2011 jichi
|
||||
win32 {
|
||||
|
||||
DEFINES += WITH_LIB_WINMAKER
|
||||
|
||||
#LIBS += -lkernel32 -luser32
|
||||
|
||||
DEPENDPATH += $$PWD
|
||||
|
||||
HEADERS += $$PWD/winmaker.h
|
||||
SOURCES += $$PWD/winmaker.cc
|
||||
}
|
||||
|
||||
# EOF
|
Loading…
x
Reference in New Issue
Block a user