diff --git a/course/WinDriver/tools/tools-MFC/Resource.h b/course/WinDriver/tools/tools-MFC/Resource.h index 42747d85c4581edfbfb5a63a2e606a69f5b6df20..b0197b7d2a58c324202e1f8ec3c6ef2eae2022a7 100644 --- a/course/WinDriver/tools/tools-MFC/Resource.h +++ b/course/WinDriver/tools/tools-MFC/Resource.h @@ -12,6 +12,8 @@ #define IDC_COMBO_PROCESS 1002 #define IDC_EDIT_MEM_DATA 1003 #define IDC_BUTTON_READ 1004 +#define IDC_COMBO1 1005 +#define IDC_COMBO_READ_TYPE 1005 // Next default values for new objects // @@ -19,7 +21,7 @@ #ifndef APSTUDIO_READONLY_SYMBOLS #define _APS_NEXT_RESOURCE_VALUE 130 #define _APS_NEXT_COMMAND_VALUE 32771 -#define _APS_NEXT_CONTROL_VALUE 1005 +#define _APS_NEXT_CONTROL_VALUE 1006 #define _APS_NEXT_SYMED_VALUE 101 #endif #endif diff --git a/course/WinDriver/tools/tools-MFC/tools-MFCDlg.cpp b/course/WinDriver/tools/tools-MFC/tools-MFCDlg.cpp index f535837f21c2be77212ba9bd622bc2fe376447c0..b3b2376650cd8f55093d6d9619683953470c4bcb 100644 --- a/course/WinDriver/tools/tools-MFC/tools-MFCDlg.cpp +++ b/course/WinDriver/tools/tools-MFC/tools-MFCDlg.cpp @@ -85,6 +85,7 @@ void CtoolsMFCDlg::DoDataExchange(CDataExchange* pDX) DDX_Text(pDX, IDC_EDIT_LENGTH, m_mem_length); DDX_Control(pDX, IDC_EDIT_ADDRESS, m_mem_address); DDX_Control(pDX, IDC_COMBO_PROCESS, m_combo_process); + DDX_Control(pDX, IDC_COMBO_READ_TYPE, m_combo_read_type); } BEGIN_MESSAGE_MAP(CtoolsMFCDlg, CDialogEx) @@ -93,6 +94,7 @@ BEGIN_MESSAGE_MAP(CtoolsMFCDlg, CDialogEx) ON_WM_QUERYDRAGICON() ON_BN_CLICKED(IDC_BUTTON_READ, &CtoolsMFCDlg::OnBnClickedButtonRead) ON_CBN_DROPDOWN(IDC_COMBO_PROCESS, &CtoolsMFCDlg::OnCbnDropdownComboProcess) + ON_CBN_SELCHANGE(IDC_COMBO_PROCESS, &CtoolsMFCDlg::OnCbnSelchangeComboProcess) END_MESSAGE_MAP() @@ -134,6 +136,11 @@ BOOL CtoolsMFCDlg::OnInitDialog() m_mem_length = 0x20; UpdateData(FALSE); + m_combo_read_type.AddString(_T("ReadProcessMemory")); + m_combo_read_type.AddString(_T("BlackBone_R3")); + m_combo_read_type.AddString(_T("BlackBone_R0")); + m_combo_read_type.SetCurSel(0); + return TRUE; // 除非将焦点设置到控件,否则返回 TRUE } @@ -229,18 +236,25 @@ std::string ToHexLines(PBYTE bytes, DWORD length) void CtoolsMFCDlg::OnBnClickedButtonRead() { - // TODO: 在此添加控件通知处理程序代码 + // 更新控件数据,清空16进制显示控件内容 UpdateData(); m_mem_data.SetString(_T("")); + // 获取目标进程内存地址:ll_address CString str_address; m_mem_address.GetWindowText(str_address); str_address = _T("0x") + str_address; LONGLONG ll_address = _tcstoull_l(str_address.GetBuffer(), NULL, 16, 0); + // 获取目标进程ID:pid int nIndex = m_combo_process.GetCurSel(); DWORD pid = m_combo_process.GetItemData(nIndex); + // 获取读取方式:str_read_type + CString str_read_type; + m_combo_read_type.GetWindowText(str_read_type); + + // 打开目标进程 blackbone::Process process; process.Attach(pid); if (!process.valid()) @@ -256,7 +270,7 @@ void CtoolsMFCDlg::OnBnClickedButtonRead() } // ReadProcessMemory方式 - if (false) + if (str_read_type == _T("ReadProcessMemory")) { SIZE_T byte_read; BOOL result = ReadProcessMemory(process.core().handle(), (LPCVOID)ll_address, (LPVOID)bytes, (SIZE_T)m_mem_length, &byte_read); @@ -266,8 +280,8 @@ void CtoolsMFCDlg::OnBnClickedButtonRead() return; } } - // blackbone方式 - else if (false) + // blackbone方式: NtWow64ReadVirtualMemory64 + else if (str_read_type == _T("BlackBone_R3")) { NTSTATUS status = process.memory().Read(ll_address, m_mem_length, (PVOID)bytes); if (!NT_SUCCESS(status)) @@ -277,14 +291,16 @@ void CtoolsMFCDlg::OnBnClickedButtonRead() } } // 驱动方式 - else + else if (str_read_type == _T("BlackBone_R0")) { + // 加载驱动 NTSTATUS status = blackbone::Driver().EnsureLoaded(); if (!NT_SUCCESS(status)) { AfxMessageBox(_T("加载驱动失败。")); return; } + // 驱动内存读取 status = blackbone::Driver().ReadMem(pid, ll_address, m_mem_length, (PVOID)bytes); if (!NT_SUCCESS(status)) { @@ -339,3 +355,27 @@ void CtoolsMFCDlg::OnCbnDropdownComboProcess() m_combo_process.SetItemData(nIndex, pid); } } + + +void CtoolsMFCDlg::OnCbnSelchangeComboProcess() +{ + // TODO: 在此添加控件通知处理程序代码 + int nIndex = m_combo_process.GetCurSel(); + DWORD pid = m_combo_process.GetItemData(nIndex); + + blackbone::Process process; + process.Attach(pid); + if (!process.valid()) + { + return; + } + + if (process.modules().GetMainModule() == nullptr) + { + return; + } + + CString str_address; + str_address.Format(_T("%llX"), process.modules().GetMainModule()->baseAddress); + m_mem_address.SetWindowText(str_address); +} diff --git a/course/WinDriver/tools/tools-MFC/tools-MFCDlg.h b/course/WinDriver/tools/tools-MFC/tools-MFCDlg.h index 9efa9909c99baac76b673dfcc8f9d155599cede9..40552d63c02012420edb5078a8685ae6d9f61cff 100644 --- a/course/WinDriver/tools/tools-MFC/tools-MFCDlg.h +++ b/course/WinDriver/tools/tools-MFC/tools-MFCDlg.h @@ -38,4 +38,6 @@ public: CComboBox m_combo_process; afx_msg void OnBnClickedButtonRead(); afx_msg void OnCbnDropdownComboProcess(); + afx_msg void OnCbnSelchangeComboProcess(); + CComboBox m_combo_read_type; }; diff --git a/course/WinDriver/tools/tools-MFC/toolsMFC.rc b/course/WinDriver/tools/tools-MFC/toolsMFC.rc index f20f0e5f0607c88b0c02da0d63b43c6f9ff774b1..8d5a574a26f8346223137dedf4301fc35f4f9261 100644 Binary files a/course/WinDriver/tools/tools-MFC/toolsMFC.rc and b/course/WinDriver/tools/tools-MFC/toolsMFC.rc differ diff --git a/third/Blackbone/src/BlackBone/Include/Macro.h b/third/Blackbone/src/BlackBone/Include/Macro.h index d8d70b5313389c30549e43711e5d2f5a6b45b6f0..a42b8385605c95fe13aa55c58a864ff2c65192ef 100644 --- a/third/Blackbone/src/BlackBone/Include/Macro.h +++ b/third/Blackbone/src/BlackBone/Include/Macro.h @@ -16,8 +16,12 @@ #define CALL_64_86(b, f, ...) (b ? f(__VA_ARGS__) : f(__VA_ARGS__)) #define FIELD_PTR_64_86(b, e, t, f) (b ? fieldPtr( e, &t::f ) : fieldPtr( e, &t::f )) +#ifndef LODWORD #define LODWORD(l) ((uint32_t)(((uint64_t)(l)) & 0xffffffff)) +#endif +#ifndef HIDWORD #define HIDWORD(l) ((uint32_t)((((uint64_t)(l)) >> 32) & 0xffffffff)) +#endif // Set or reset particular bit #define SET_BIT(v, b) v |= (1ull << b)