Skip to content

Commit

Permalink
Update
Browse files Browse the repository at this point in the history
  • Loading branch information
@RatinCN
RatinCN committed Dec 8, 2024
1 parent 618720f commit 3f1bef6
Show file tree
Hide file tree
Showing 12 changed files with 242 additions and 144 deletions.
4 changes: 2 additions & 2 deletions Source/KNSoft.MakeLifeEasier/KNSoft.MakeLifeEasier.vcxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -278,14 +278,14 @@
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
<Import Project="..\packages\KNSoft.Precomp4C.1.0.15-alpha\build\KNSoft.Precomp4C.targets" Condition="Exists('..\packages\KNSoft.Precomp4C.1.0.15-alpha\build\KNSoft.Precomp4C.targets')" />
<Import Project="..\packages\KNSoft.NDK.1.2.14-beta\build\KNSoft.NDK.targets" Condition="Exists('..\packages\KNSoft.NDK.1.2.14-beta\build\KNSoft.NDK.targets')" />
<Import Project="..\packages\KNSoft.NDK.1.2.15-beta\build\KNSoft.NDK.targets" Condition="Exists('..\packages\KNSoft.NDK.1.2.15-beta\build\KNSoft.NDK.targets')" />
</ImportGroup>
<Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
<PropertyGroup>
<ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
</PropertyGroup>
<Error Condition="!Exists('..\packages\KNSoft.Precomp4C.1.0.15-alpha\build\KNSoft.Precomp4C.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\KNSoft.Precomp4C.1.0.15-alpha\build\KNSoft.Precomp4C.props'))" />
<Error Condition="!Exists('..\packages\KNSoft.Precomp4C.1.0.15-alpha\build\KNSoft.Precomp4C.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\KNSoft.Precomp4C.1.0.15-alpha\build\KNSoft.Precomp4C.targets'))" />
<Error Condition="!Exists('..\packages\KNSoft.NDK.1.2.14-beta\build\KNSoft.NDK.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\KNSoft.NDK.1.2.14-beta\build\KNSoft.NDK.targets'))" />
<Error Condition="!Exists('..\packages\KNSoft.NDK.1.2.15-beta\build\KNSoft.NDK.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\KNSoft.NDK.1.2.15-beta\build\KNSoft.NDK.targets'))" />
</Target>
</Project>
4 changes: 2 additions & 2 deletions Source/KNSoft.MakeLifeEasier/MakeLifeEasier.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,9 @@ typedef _Return_type_success_(return == 0) ULONG W32ERROR;
* - Depends on NDK only
* - Header only
*/
#include "Memory/Core.h"
#include "NT/Core.h"
#include "String/Core.h"
#include "Memory/Core.h"

/*
* L1 Header
Expand Down Expand Up @@ -59,7 +59,6 @@ typedef _Return_type_success_(return == 0) ULONG W32ERROR;
#include "PE/Symbol.h"
#include "Process/Environment.h"
#include "Process/Loader.h"
#include "Process/Remote.h"
#include "Process/Token.h"
#include "Shell/Shell.h"
#include "String/Convert.h"
Expand All @@ -79,6 +78,7 @@ typedef _Return_type_success_(return == 0) ULONG W32ERROR;
#include "Error/Message.h"
#include "IO/File.h"
#include "Process/Process.h"
#include "Process/Remote.h"
#include "UI/Control/Dialog.h"

/* KNSoft specification, do not use */
Expand Down
62 changes: 60 additions & 2 deletions Source/KNSoft.MakeLifeEasier/NT/Core.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

#include <KNSoft/NDK/NDK.h>

#include "../Memory/Core.h"

#pragma region String

/* See also RtlInitUnicodeStringEx */
Expand All @@ -26,8 +28,8 @@ NT_InitStringW(
{
NTString->Length = NTString->MaximumLength = 0;
}

NTString->Buffer = (PWCHAR)String;

return STATUS_SUCCESS;
}

Expand All @@ -53,11 +55,67 @@ NT_InitStringA(
{
NTString->Length = NTString->MaximumLength = 0;
}

NTString->Buffer = (PCHAR)String;

return STATUS_SUCCESS;
}

FORCEINLINE
PUNICODE_STRING
NT_AllocStringW(
_In_ USHORT CchLength)
{
PUNICODE_STRING p;

p = (PUNICODE_STRING)Mem_Alloc(sizeof(UNICODE_STRING) + CchLength * sizeof(WCHAR) + sizeof(UNICODE_NULL));
if (p == NULL)
{
return p;
}
p->Length = CchLength * sizeof(WCHAR);
p->MaximumLength = p->Length + sizeof(UNICODE_NULL);
p->Buffer = (PWCH)Add2Ptr(p, sizeof(UNICODE_STRING));

return p;
}

FORCEINLINE
PANSI_STRING
NT_AllocStringA(
_In_ USHORT CchLength)
{
PANSI_STRING p;

p = (PANSI_STRING)Mem_Alloc(sizeof(ANSI_STRING) + CchLength * sizeof(CHAR) + sizeof(ANSI_NULL));
if (p == NULL)
{
return p;
}
p->Length = CchLength * sizeof(CHAR);
p->MaximumLength = p->Length + sizeof(ANSI_NULL);
p->Buffer = (PCHAR)Add2Ptr(p, sizeof(ANSI_STRING));

return p;
}

FORCEINLINE
_Success_(return != FALSE)
LOGICAL
NT_FreeStringW(
__drv_freesMem(Mem) _Frees_ptr_ _Post_invalid_ PUNICODE_STRING String)
{
return Mem_Free(String);
}

FORCEINLINE
_Success_(return != FALSE)
LOGICAL
NT_FreeStringA(
__drv_freesMem(Mem) _Frees_ptr_ _Post_invalid_ PANSI_STRING String)
{
return Mem_Free(String);
}

#pragma endregion

#pragma region Object Attributes
Expand Down
1 change: 0 additions & 1 deletion Source/KNSoft.MakeLifeEasier/PE/Symbol.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,6 @@ PE_SymLoadModule(
_In_opt_ DWORD Flags,
_Out_opt_ PDWORD64 BaseAddress)
{
W32ERROR Ret;
DWORD64 Base;

RtlAcquireSRWLockExclusive(&g_Lock);
Expand Down
2 changes: 1 addition & 1 deletion Source/KNSoft.MakeLifeEasier/PE/Util.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
EXTERN_C_START

FORCEINLINE
ULONG
USHORT
PE_GetMachineBits(
_In_ USHORT Machine)
{
Expand Down
133 changes: 133 additions & 0 deletions Source/KNSoft.MakeLifeEasier/Process/Remote.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,3 +150,136 @@ PS_GetMachineType(
_Fallback_1:
return PS_GetMachineTypeFromFile(ProcessHandle, MachineType);
}

HRESULT
NTAPI
PS_GetRemoteAddressName(
_In_ HANDLE ProcessHandle,
_In_ ULONGLONG Address,
_Outptr_opt_ PUNICODE_STRING* ModulePath,
_Outptr_opt_result_maybenull_ PUNICODE_STRING* SymbolName,
_Out_opt_ _When_(SymbolName == NULL, _Null_) PULONGLONG SymbolDisplacement)
{
HRESULT hr;
NTSTATUS Status;
USHORT Bits;
LDR_DATA_TABLE_ENTRY64 DllEntry64;
LDR_DATA_TABLE_ENTRY32 DllEntry32;
PUNICODE_STRING DllPath;
W32ERROR SymRet;
DWORD OldSymOptions;
DWORD64 SymModuleBase;
BYTE SymInfoBuffer[sizeof(SYMBOL_INFOW) + (MAX_CIDENTIFIERNAME_CCH - 1) * sizeof(WCHAR)];
PSYMBOL_INFOW SymInfo;
PUNICODE_STRING SymName;

/* Get process machine bits */
Status = PS_GetMachineBits(ProcessHandle, &Bits);
if (!NT_SUCCESS(Status))
{
return HRESULT_FROM_NT(Status);
}

/* Get module full path */
if (Bits != 32)
{
Status = PS_GetRemoteModuleEntryByAddress64(ProcessHandle, (VOID* POINTER_64)Address, &DllEntry64);
} else
{
Status = PS_GetRemoteModuleEntryByAddress32(ProcessHandle, (VOID* POINTER_32)Address, &DllEntry32);
}
if (!NT_SUCCESS(Status))
{
return HRESULT_FROM_NT(Status);
}
if (Bits != 32)
{
Status = PS_DuplicateUnicodeString64(ProcessHandle, &DllEntry64.FullDllName, &DllPath);
} else
{
Status = PS_DuplicateUnicodeString32(ProcessHandle, &DllEntry32.FullDllName, &DllPath);
}
if (!NT_SUCCESS(Status))
{
return HRESULT_FROM_NT(Status);
}
if (SymbolName == NULL)
{
hr = S_OK;
goto _Exit_0;
}

/* Get symbol name */
if (SymbolDisplacement != NULL)
{
*SymbolDisplacement = 0;
}
SymName = NULL;
SymRet = PE_SymInitialize(NULL, FALSE);
if (SymRet != ERROR_SUCCESS)
{
goto _Exit_1;
}
SymRet = PE_SymSetOptions(SYMOPT_FAIL_CRITICAL_ERRORS |
SYMOPT_NO_PROMPTS |
SYMOPT_UNDNAME |
SYMOPT_NO_UNQUALIFIED_LOADS |
SYMOPT_OMAP_FIND_NEAREST, &OldSymOptions);
if (SymRet != ERROR_SUCCESS)
{
OldSymOptions = MAXDWORD;
}
SymRet = PE_SymLoadModule(NULL,
DllPath->Buffer,
NULL,
Bits != 32 ? (DWORD64)DllEntry64.DllBase: (DWORD64)DllEntry32.DllBase,
Bits != 32 ? DllEntry64.SizeOfImage : DllEntry32.SizeOfImage,
NULL,
0,
&SymModuleBase);
if (SymRet != ERROR_SUCCESS)
{
goto _Exit_2;
}
SymInfo = (PSYMBOL_INFOW)SymInfoBuffer;
SymInfo->SizeOfStruct = sizeof(*SymInfo);
C_ASSERT(MAX_CIDENTIFIERNAME_CCH < MAXUSHORT);
SymInfo->MaxNameLen = MAX_CIDENTIFIERNAME_CCH;
SymRet = PE_SymFromAddr((DWORD64)Address, SymbolDisplacement, (PSYMBOL_INFOW)SymInfoBuffer);
if (SymRet != ERROR_SUCCESS)
{
goto _Exit_3;
}

SymName = NT_AllocStringW((USHORT)SymInfo->NameLen);
if (SymName == NULL)
{
goto _Exit_3;
}
memcpy(SymName->Buffer, SymInfo->Name, SymName->Length);
SymName->Buffer[SymInfo->NameLen] = UNICODE_NULL;

_Exit_3:
if (SymModuleBase != 0)
{
PE_SymUnloadModule(SymModuleBase);
}
_Exit_2:
if (OldSymOptions != MAXDWORD)
{
PE_SymSetOptions(OldSymOptions, NULL);
}
PE_SymCleanup();
_Exit_1:
*SymbolName = SymName;
hr = SymName == NULL ? S_FALSE : S_OK;
_Exit_0:
if (ModulePath != NULL)
{
*ModulePath = DllPath;
} else
{
PS_FreeUnicodeString(DllPath);
}
return hr;
}
50 changes: 35 additions & 15 deletions Source/KNSoft.MakeLifeEasier/Process/Remote.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@

#include "../MakeLifeEasier.h"

#include "../PE/Util.h"

EXTERN_C_START

#pragma region Memory R/W
Expand Down Expand Up @@ -41,11 +43,12 @@ PS_DuplicateUnicodeString32(
_Out_ PUNICODE_STRING* Dst);

FORCEINLINE
_Success_(return != FALSE)
LOGICAL
PS_FreeDuplicatedUnicodeString(
PS_FreeUnicodeString(
__drv_freesMem(Mem) _Frees_ptr_ _Post_invalid_ PUNICODE_STRING String)
{
return Mem_Free(String);
return NT_FreeStringW(String);
}

#pragma endregion
Expand All @@ -58,6 +61,33 @@ PS_GetMachineType(
_In_ HANDLE ProcessHandle,
_Out_ PUSHORT MachineType);

FORCEINLINE
NTSTATUS
NTAPI
PS_GetMachineBits(
_In_ HANDLE ProcessHandle,
_Out_ PUSHORT MachineBits)
{
NTSTATUS Status;
USHORT MachineType;
USHORT Bits;

Status = PS_GetMachineType(ProcessHandle, &MachineType);
if (!NT_SUCCESS(Status))
{
return Status;
}

Bits = PE_GetMachineBits(MachineType);
if (Bits == 0)
{
return STATUS_UNSUCCESSFUL;
}

*MachineBits = Bits;
return STATUS_SUCCESS;
}

#pragma region Enumerate Modules

MLE_API
Expand Down Expand Up @@ -95,21 +125,11 @@ PS_GetRemoteModuleEntryByAddress32(
MLE_API
HRESULT
NTAPI
PS_GetRemoteAddressName64(
PS_GetRemoteAddressName(
_In_ HANDLE ProcessHandle,
_In_ VOID* POINTER_64 Address,
_Outptr_opt_ PUNICODE_STRING* ModulePath,
_Outptr_opt_ PUNICODE_STRING* SymbolName,
_Out_opt_ _When_(SymbolName == NULL, _Null_) PULONGLONG SymbolDisplacement);

MLE_API
HRESULT
NTAPI
PS_GetRemoteAddressName32(
_In_ HANDLE ProcessHandle,
_In_ VOID* POINTER_32 Address,
_In_ ULONGLONG Address,
_Outptr_opt_ PUNICODE_STRING* ModulePath,
_Outptr_opt_ PUNICODE_STRING* SymbolName,
_Outptr_opt_result_maybenull_ PUNICODE_STRING* SymbolName,
_Out_opt_ _When_(SymbolName == NULL, _Null_) PULONGLONG SymbolDisplacement);

#pragma endregion
Expand Down
Loading

0 comments on commit 3f1bef6

Please sign in to comment.