-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMemoryInt.cpp
115 lines (85 loc) · 2.65 KB
/
MemoryInt.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#include "MemoryInt.h"
#include <Psapi.h>
#pragma comment(lib, "Psapi.lib")
#define MEM_WRITE (PAGE_READWRITE | PAGE_WRITECOPY | PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY)
#define MEM_EXEC_WRITE (PAGE_EXECUTE_READWRITE | PAGE_EXECUTE_WRITECOPY)
UINT_PTR GetDMA(UINT_PTR BaseAddress, UINT_PTR* Offsets, UINT PointerLevel)
{
BaseAddress = Read<UINT_PTR>(BaseAddress);
--PointerLevel;
for (; PointerLevel && BaseAddress; --PointerLevel, ++Offsets)
BaseAddress = Read<UINT_PTR>(BaseAddress + *Offsets);
if (BaseAddress)
return (BaseAddress + *Offsets);
return 0;
}
UINT_PTR GetDMA_s(UINT_PTR BaseAddress, UINT_PTR* Offsets, UINT PointerLevel)
{
BaseAddress = Read_s<UINT_PTR>(BaseAddress);
--PointerLevel;
for (; PointerLevel && BaseAddress; --PointerLevel, ++Offsets)
BaseAddress = Read_s<UINT_PTR>(BaseAddress + *Offsets);
if (BaseAddress)
return (BaseAddress + *Offsets);
return 0;
}
bool IsValidWritePtr(void* Ptr)
{
if (!Ptr)
return false;
MEMORY_BASIC_INFORMATION MBI{ 0 };
if (!VirtualQuery(Ptr, &MBI, sizeof(MEMORY_BASIC_INFORMATION)))
return false;
return (MBI.State == MEM_COMMIT && (MBI.Protect & MEM_WRITE) != 0);
}
bool IsValidReadPtr(void* Ptr)
{
if (!Ptr)
return false;
MEMORY_BASIC_INFORMATION MBI{ 0 };
if (!VirtualQuery(Ptr, &MBI, sizeof(MEMORY_BASIC_INFORMATION)))
return false;
if (MBI.State == MEM_COMMIT && !(MBI.Protect & PAGE_NOACCESS))
return true;
return false;
}
HANDLE CreateThreadAtAddress(PTHREAD_START_ROUTINE pFunc, void* pArg, BYTE* pAddress)
{
if (!pFunc)
return nullptr;
bool Restore = false;
if (pAddress)
Restore = true;
DWORD dwOld = 0;
if (!pAddress)
pAddress = reinterpret_cast<BYTE*>(VirtualAlloc(nullptr, 0x10, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE));
else if (!VirtualProtect(pAddress, 0x10, PAGE_EXECUTE_READWRITE, &dwOld))
return nullptr;
if (!pAddress)
return nullptr;
BYTE Buffer[0x10];
if (Restore)
memcpy(Buffer, pAddress, 0x10);
#ifdef _WIN64
* pAddress = 0x48;
*(pAddress + 1) = 0xB8;
*reinterpret_cast<PTHREAD_START_ROUTINE*>(pAddress + 2) = pFunc;
*(pAddress + 0xA) = 0xFF;
*(pAddress + 0xB) = 0xE0;
#else
* pAddress = 0xE9;
*reinterpret_cast<DWORD*>(pAddress + 1) = (BYTE*)pFunc - pAddress - 5;
#endif
HANDLE hThread = CreateThread(nullptr, 0, (PTHREAD_START_ROUTINE)pAddress, pArg, 0, nullptr);
if (!hThread)
VirtualFree(pAddress, 0x10, MEM_DECOMMIT);
Sleep(100);
if (Restore)
{
memcpy(pAddress, Buffer, 0x10);
VirtualProtect(pAddress, 0x10, dwOld, &dwOld);
}
else
VirtualFree(pAddress, 0x10, MEM_DECOMMIT);
return hThread;
}