From ba1b7ea3d650f326231bf5b3a9f4e51ebb6d9fa5 Mon Sep 17 00:00:00 2001
From: khz_df <zhaoanhua6763@dingtalk.com>
Date: Tue, 21 May 2019 14:32:15 +0800
Subject: [PATCH] =?UTF-8?q?[=E5=86=85=E5=AD=98=E8=AF=BB=E5=8F=96]=20ReadPr?=
 =?UTF-8?q?ocessMemory=E6=96=B9=E5=BC=8F=E5=8F=8A=E9=A9=B1=E5=8A=A8?=
 =?UTF-8?q?=E6=96=B9=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../tools/tools-MFC/tools-MFC.vcxproj         |  5 +-
 .../tools/tools-MFC/tools-MFCDlg.cpp          | 54 +++++++++++++++++--
 course/WinDriver/tools/tools/tools.vcxproj    |  4 ++
 3 files changed, 57 insertions(+), 6 deletions(-)

diff --git a/course/WinDriver/tools/tools-MFC/tools-MFC.vcxproj b/course/WinDriver/tools/tools-MFC/tools-MFC.vcxproj
index 4a6a565..63b1883 100644
--- a/course/WinDriver/tools/tools-MFC/tools-MFC.vcxproj
+++ b/course/WinDriver/tools/tools-MFC/tools-MFC.vcxproj
@@ -39,7 +39,7 @@
     <PlatformToolset>v141</PlatformToolset>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
-    <UseOfMfc>Dynamic</UseOfMfc>
+    <UseOfMfc>Static</UseOfMfc>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
     <ConfigurationType>Application</ConfigurationType>
@@ -142,6 +142,9 @@
       <IntrinsicFunctions>true</IntrinsicFunctions>
       <SDLCheck>true</SDLCheck>
       <PreprocessorDefinitions>WIN32;_WINDOWS;NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalOptions>/I"../../../../third/Blackbone/src" %(AdditionalOptions)</AdditionalOptions>
+      <LanguageStandard>stdcpplatest</LanguageStandard>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
diff --git a/course/WinDriver/tools/tools-MFC/tools-MFCDlg.cpp b/course/WinDriver/tools/tools-MFC/tools-MFCDlg.cpp
index 11d98ea..f535837 100644
--- a/course/WinDriver/tools/tools-MFC/tools-MFCDlg.cpp
+++ b/course/WinDriver/tools/tools-MFC/tools-MFCDlg.cpp
@@ -23,9 +23,14 @@
 #include <BlackBone/Patterns/PatternSearch.h>
 #include <BlackBone/Asm/LDasm.h>
 #include <BlackBone/localHook/VTableHook.hpp>
+#include <BlackBone/DriverControl/DriverControl.h>
 
 // /I"../../../../third/Blackbone/src"
+#ifdef _DEBUG
 #pragma comment(lib, "../../../../third/Blackbone/build/Win32/Debug(XP)/BlackBone.lib")
+#else
+#pragma comment(lib, "../../../../third/Blackbone/build/Win32/Release(XP)/BlackBone.lib")
+#endif
 //////////////////////////////////////////////////////////////////////////
 
 // 用于应用程序“关于”菜单项的 CAboutDlg 对话框
@@ -226,11 +231,12 @@ void CtoolsMFCDlg::OnBnClickedButtonRead()
 {
 	// TODO: 在此添加控件通知处理程序代码
 	UpdateData();
+	m_mem_data.SetString(_T(""));
 
 	CString str_address;
 	m_mem_address.GetWindowText(str_address);
 	str_address = _T("0x") + str_address;
-	LONGLONG dw_address = _tcstoull_l(str_address.GetBuffer(), NULL, 16, 0);
+	LONGLONG ll_address = _tcstoull_l(str_address.GetBuffer(), NULL, 16, 0);
 
 	int nIndex = m_combo_process.GetCurSel();
 	DWORD pid = m_combo_process.GetItemData(nIndex);
@@ -248,16 +254,54 @@ void CtoolsMFCDlg::OnBnClickedButtonRead()
 	{
 		return;
 	}
-	NTSTATUS status = process.memory().Read(dw_address, m_mem_length, (PVOID)bytes);
-	if (!NT_SUCCESS(status))
+
+	// ReadProcessMemory方式
+	if (false)
 	{
-		AfxMessageBox(_T("读取进程内存失败，请检查内存地址和大小。"));
-		return;
+		SIZE_T byte_read;
+		BOOL result = ReadProcessMemory(process.core().handle(), (LPCVOID)ll_address, (LPVOID)bytes, (SIZE_T)m_mem_length, &byte_read);
+		if (result == FALSE)
+		{
+			AfxMessageBox(_T("读取进程内存失败，请检查内存地址和大小。"));
+			return;
+		}
+	}
+	// blackbone方式
+	else if (false)
+	{
+		NTSTATUS status = process.memory().Read(ll_address, m_mem_length, (PVOID)bytes);
+		if (!NT_SUCCESS(status))
+		{
+			AfxMessageBox(_T("读取进程内存失败，请检查内存地址和大小。"));
+			return;
+		}
+	}
+	// 驱动方式
+	else
+	{
+		NTSTATUS status = blackbone::Driver().EnsureLoaded();
+		if (!NT_SUCCESS(status))
+		{
+			AfxMessageBox(_T("加载驱动失败。"));
+			return;
+		}
+		status = blackbone::Driver().ReadMem(pid, ll_address, m_mem_length, (PVOID)bytes);
+		if (!NT_SUCCESS(status))
+		{
+			AfxMessageBox(_T("读取进程内存失败，请检查内存地址和大小。"));
+			return;
+		}
 	}
 // 	m_mem_data.Format(_T("%02X %02X %02X %02X   %02X %02X %02X %02X "), bytes[0], bytes[1], bytes[2], bytes[3]
 // 		, bytes[4], bytes[5], bytes[6], bytes[7]);
 	std::string str_mem_data = ToHexLines(bytes, m_mem_length);
 	m_mem_data = CStringA(str_mem_data.data());
+
+	if (bytes)
+	{
+		delete(bytes);
+		bytes = NULL;
+	}
 	UpdateData(FALSE);
 }
 
diff --git a/course/WinDriver/tools/tools/tools.vcxproj b/course/WinDriver/tools/tools/tools.vcxproj
index efd87a0..f7e51ed 100644
--- a/course/WinDriver/tools/tools/tools.vcxproj
+++ b/course/WinDriver/tools/tools/tools.vcxproj
@@ -90,6 +90,7 @@
       <SDLCheck>true</SDLCheck>
       <PreprocessorDefinitions>WIN32;_DEBUG;TOOLS_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <ConformanceMode>true</ConformanceMode>
+      <AdditionalOptions>/I"../../../../third/Blackbone/src" %(AdditionalOptions)</AdditionalOptions>
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
@@ -120,6 +121,9 @@
       <SDLCheck>true</SDLCheck>
       <PreprocessorDefinitions>WIN32;NDEBUG;TOOLS_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <ConformanceMode>true</ConformanceMode>
+      <AdditionalOptions>/I"../../../../third/Blackbone/src" %(AdditionalOptions)</AdditionalOptions>
+      <LanguageStandard>stdcpplatest</LanguageStandard>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
-- 
GitLab