-
Notifications
You must be signed in to change notification settings - Fork 27
Expand file tree
/
Copy pathutils.cpp
More file actions
134 lines (107 loc) · 3.6 KB
/
utils.cpp
File metadata and controls
134 lines (107 loc) · 3.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#include "stdafx.h"
PVOID(NTAPI *NtConvertBetweenAuxiliaryCounterAndPerformanceCounter)(PVOID, PVOID, PVOID, PVOID);
namespace utils {
BOOL Setup() {
// load ntdll library so we can manipulate our game process
auto module = LoadLibrary(L"ntdll.dll");
if (!module) {
errorf("Handle for NTDLL failed\n");
return FALSE;
}
// Find our module's address
*reinterpret_cast<PVOID *>(&NtConvertBetweenAuxiliaryCounterAndPerformanceCounter) = GetProcAddress(module, "NtConvertBetweenAuxiliaryCounterAndPerformanceCounter");
if (!NtConvertBetweenAuxiliaryCounterAndPerformanceCounter) {
errorf("Failed to find \"NtConvertBetweenAuxiliaryCounterAndPerformanceCounter\"\n");
return FALSE;
}
return TRUE;
}
// The rest down here is just normal utility functions used across the source code :)
#pragma region Process Manipulation
NTSTATUS SendRequest(REQUEST_TYPE type, PVOID args, SIZE_T argsSize) {
REQUEST_DATA request = { 0 };
request.Unique = DATA_UNIQUE;
request.Type = type;
request.Arguments = args;
auto requestPtr = &request;
auto status = 0ULL;
NtConvertBetweenAuxiliaryCounterAndPerformanceCounter(0, &requestPtr, &status, 0);
return static_cast<NTSTATUS>(status);
}
Process::Process(LPCWSTR processName) {
auto snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (snapshot == INVALID_HANDLE_VALUE) {
return;
}
PROCESSENTRY32 entry = { 0 };
entry.dwSize = sizeof(entry);
if (Process32First(snapshot, &entry)) {
do {
if (_wcsicmp(entry.szExeFile, processName) == 0) {
this->ProcessId = entry.th32ProcessID;
break;
}
} while (Process32Next(snapshot, &entry));
}
CloseHandle(snapshot);
}
BOOLEAN Process::Valid() {
return this->ProcessId != 0;
}
NTSTATUS Process::Extend(LPCWSTR moduleName, DWORD size) {
REQUEST_EXTEND req = { 0 };
req.ProcessId = this->ProcessId;
req.Size = size;
wcscpy_s(req.Module, sizeof(req.Module) / sizeof(req.Module[0]), moduleName);
return SendRequest(REQUEST_TYPE::EXTEND, &req, sizeof(req));
}
NTSTATUS Process::Write(PVOID dest, PVOID src, DWORD size) {
REQUEST_WRITE req = { 0 };
req.ProcessId = this->ProcessId;
req.Dest = dest;
req.Src = src;
req.Size = size;
return SendRequest(REQUEST_TYPE::WRITE, &req, sizeof(req));
}
NTSTATUS Process::Read(PVOID dest, PVOID src, DWORD size) {
REQUEST_READ req = { 0 };
req.ProcessId = this->ProcessId;
req.Dest = dest;
req.Src = src;
req.Size = size;
return SendRequest(REQUEST_TYPE::READ, &req, sizeof(req));
}
NTSTATUS Process::Protect(PVOID address, DWORD size, PDWORD inOutProtect) {
REQUEST_PROTECT req = { 0 };
req.ProcessId = this->ProcessId;
req.Address = address;
req.Size = size;
req.InOutProtect = inOutProtect;
return SendRequest(REQUEST_TYPE::PROTECT, &req, sizeof(req));
}
PVOID Process::Alloc(DWORD size, DWORD protect) {
PVOID outAddress = NULL;
REQUEST_ALLOC req = { 0 };
req.ProcessId = this->ProcessId;
req.OutAddress = &outAddress;
req.Size = size;
req.Protect = protect;
SendRequest(REQUEST_TYPE::ALLOC, &req, sizeof(req));
return outAddress;
}
NTSTATUS Process::Free(PVOID address) {
REQUEST_FREE req = { 0 };
req.ProcessId = this->ProcessId;
req.Address = address;
return SendRequest(REQUEST_TYPE::FREE, &req, sizeof(req));
}
NTSTATUS Process::Module(LPCWSTR moduleName, PBYTE *base, PDWORD size) {
REQUEST_MODULE req = { 0 };
req.ProcessId = this->ProcessId;
req.OutAddress = base;
req.OutSize = size;
wcscpy_s(req.Module, sizeof(req.Module) / sizeof(req.Module[0]), moduleName);
return SendRequest(REQUEST_TYPE::MODULE, &req, sizeof(req));
}
#pragma endregion
}