📄 jiurlvalidpagesee.cpp

📁 关于win2000核心编程的文章
💻 CPP
字号:
#include "JiurlValidPageSee.h"
#include "JiurlCommon.h"


void RedLight()
{
	printf("[");
	printfcolor("\4",0xc);
	printf("]");
}

void GreenLight()
{
	printf("[");
	printfcolor("\4",0xa);
	printf("]");
}


void main()
{
	int ret;

	JiurlAbout();
	printf("\n");

	///////////////////////////////////////////////
	char ServiceFile[256];

	GetCurrentDirectory(256,ServiceFile);

	sprintf(ServiceFile,"%s\\JiurlDriver.sys",ServiceFile);

	SC_HANDLE   schSCManager;
    schSCManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);

	ret=InstallDriver(schSCManager,DRIVER_NAME,ServiceFile);
	if(ret==0)
	{
		RemoveDriver (schSCManager,DRIVER_NAME);
		RedLight();
		printf(" Press any key to Exit\n");
		getch();
		return;
	}

	ret=StartDriver(schSCManager,DRIVER_NAME);
	if(ret==0)
	{
		StopDriver (schSCManager,DRIVER_NAME);
		RemoveDriver (schSCManager,DRIVER_NAME);
		RedLight();
		printf(" Press any key to Exit\n");
		getch();
		return;
	}

	GreenLight();
	printf(" ServiceFile: %s\n",ServiceFile);
	GreenLight();
	printf(" CreateService SUCCESS  StartService SUCCESS\n");
	/////////////////////////////////////////

	HANDLE hDevice;

	hDevice= CreateFile("\\\\.\\JiurlSymbolicLink",
		GENERIC_READ | GENERIC_WRITE,
		0,		// share mode none
		NULL,	// no security
		OPEN_EXISTING,
		FILE_ATTRIBUTE_NORMAL,
		NULL );		// no template

	if (hDevice == INVALID_HANDLE_VALUE) 
	{
		RedLight();
		printf(" Open JiurlSymbolicLink handle Error: %d\n",GetLastError() );
	}
	else
	{
		GreenLight();
		printf(" Open JiurlSymbolicLink handle SUCCESS\n");
	}
	//getch();

	printf("__________________________________________________\n");
	/////////////////////////////////////////

	HANDLE hOut;
	hOut=GetStdHandle(STD_OUTPUT_HANDLE);

	COORD dwSize;
	dwSize.X=80;
	dwSize.Y=3000;
	SetConsoleScreenBufferSize(hOut,dwSize);

	//JiurlPageDirectorySee(hDevice);
	DWORD pid;
	printf("ProcessId(Decimal): ");
	scanf("%d",&pid);
	JiurlValidPageSee(hDevice,pid);

	/////////////////////////////////////////
	printf("__________________________________________________\n\n");

	ret = CloseHandle(hDevice);

	if (ret==0) 
	{
		RedLight();
		printf(" CloseHandle Error: %d\n",GetLastError());
	}
	else
	{
		GreenLight();
		printf(" CloseHandle SUCCESS\n");
	}

	/////////////////////////////////////////
	StopDriver (schSCManager,DRIVER_NAME);
	ret=RemoveDriver (schSCManager,DRIVER_NAME);
	if(ret==0)
	{
		RedLight();
		printf(" Press any key to Exit\n");
		getch();
	}

	GreenLight();
	printf(" DeleteService SUCCESS\n");	

	CloseServiceHandle (schSCManager);

	/////////////////////////////////////////
	printf("\n");
	printfcolor(
		"                    ""                    "
		"PRESS ANY KEY TO EXIT ..""                "
		,0x70);

	getch();

}

// -----------------------------------------------------------------

BOOL JiurlReadProcessMemory(
  HANDLE hDevice,
  DWORD pid,
  LPVOID lpBaseAddress,       // base of memory area
  LPVOID lpBuffer,             // data buffer
  DWORD nSize,                 // number of bytes to read
  LPDWORD lpNumberOfBytesRead  // number of bytes read
)
{
	MEMORY_INFO MemInfo;

	MemInfo.ProcessId=pid;
	MemInfo.StartVa=lpBaseAddress;
	MemInfo.nBytes=nSize;

	int ret;

	ret=DeviceIoControl(
		hDevice,
		IOCTL_MEM_OUTPUT,
		&MemInfo,
		sizeof(MemInfo),
		lpBuffer,
		nSize,
		lpNumberOfBytesRead,
		NULL);
	if(ret==0)
	{
		printf("DeviceIoControl Error: %d\n",GetLastError());
	}

	return ret;
}

//-------------------------------------------------
/*
void JiurlPageTableSee2(HANDLE hDevice,DWORD pid,
					   DWORD nTable)
{
	DWORD PageTable[1024];
	#define PAGE_TABLE_BASE 0xC0000000

	void* pAddress;
	DWORD nBytes;
	DWORD BytesReturned;
	
	pAddress=(void*)((char*)PAGE_TABLE_BASE+nTable*0x1000);
	nBytes=4096;

	JiurlReadProcessMemory(
		hDevice,pid,pAddress,PageTable,nBytes,&BytesReturned);

	if(BytesReturned!=nBytes)
		printf("JiurlReadProcessMemory Failed\n");

	#define LINEDWORD 4
	#define BIN(x,nbit) (x&(1<<nbit))>>nbit
	DWORD StartingVa;

	int i;

	for(i=0;i<1024;i++)
	{
		if(BIN(PageTable[i],0))
		{
			StartingVa=((((unsigned int)pAddress+i*4)-0xC0000000)/4)<<12;
			printf("%08x - %08x\n",StartingVa,StartingVa+0xfff);
		}
	}
}
*/

void JiurlValidPageSee(HANDLE hDevice,DWORD pid)
{
	DWORD PageDirecotry[1024];
	#define PAGE_DIRECTORY_BASE 0xC0300000

	void* pAddress;
	DWORD nBytes;
	DWORD BytesReturned;
	
	pAddress=(void*)PAGE_DIRECTORY_BASE;
	nBytes=4096;

	int ret;
	char ProcessName[16];

	ret=JiurlGetProcessName(hDevice, pid,ProcessName);
	if(ret==0)
		printf("Get Process Name Error\n");
	else
		printf("%s:\n\n",ProcessName);

	JiurlReadProcessMemory(
		hDevice,pid,pAddress,PageDirecotry,nBytes,&BytesReturned);

	if(BytesReturned!=nBytes)
		printf("JiurlReadProcessMemory Failed\n");

	#define LINEDWORD 4
	#define BIN(x,nbit) (x&(1<<nbit))>>nbit
	int i;

//	for(i=901;i<902;i++)
//	{
//		if(BIN(PageDirecotry[i],0))
//		{
//			JiurlPageTableSee2(hDevice,pid,i);
//		}
//	}
//	printf("\n\n");

	for(i=0;i<512;i++)
	{
		if(BIN(PageDirecotry[i],0))
		{
			JiurlPageTableSee(hDevice,pid,i);
		}
	}
	printf("\n");
	printf("_______________________________________________________\n");
	printf("\n");

	printf("80000000 - 9fffffff  LargePages  size: 512(dec)MB\n");
	for(i=640;i<1024;i++)
	{
		if(BIN(PageDirecotry[i],0))
		{
			JiurlPageTableSee(hDevice,pid,i);
		}
	}
}

void JiurlPageTableSee(HANDLE hDevice,DWORD pid,
					   DWORD nTable)
{
	DWORD PageTable[1024];
	#define PAGE_TABLE_BASE 0xC0000000

	void* pAddress;
	DWORD nBytes;
	DWORD BytesReturned;
	
	pAddress=(void*)((char*)PAGE_TABLE_BASE+nTable*0x1000);
	nBytes=4096;

	JiurlReadProcessMemory(
		hDevice,pid,pAddress,PageTable,nBytes,&BytesReturned);

	if(BytesReturned!=nBytes)
		printf("JiurlReadProcessMemory Failed\n");

	#define LINEDWORD 4
	#define BIN(x,nbit) (x&(1<<nbit))>>nbit
	DWORD StartingVa;
	DWORD LastStartingVa;
	DWORD ContinuousPages;
	int i;

	ContinuousPages=0;
	LastStartingVa=0;
	for(i=0;i<1023;i++)
	{
		if(BIN(PageTable[i],0))
		{
			StartingVa=((((unsigned int)pAddress+i*4)-0xC0000000)/4)<<12;

			if(LastStartingVa==(StartingVa-0x1000))
			{
				LastStartingVa=StartingVa;
				ContinuousPages++;
			}
			else
			{
				if(LastStartingVa!=0)
				{
					printf("%08x",LastStartingVa+0x00000FFF);
					printf("  size: %4d(dec) Pages %4d(dec)KB\n",
						ContinuousPages,ContinuousPages*4);
				}
				
				printf("%08x - ",StartingVa);
				LastStartingVa=StartingVa;
				ContinuousPages=1;
			}
		}
	}

	if(BIN(PageTable[1023],0))
	{
		StartingVa=((((unsigned int)pAddress+1023*4)-0xC0000000)/4)<<12;

		if(LastStartingVa==(StartingVa-0x1000))
		{
			ContinuousPages++;
			printf("%08x",StartingVa+0x00000FFF);
			printf("  size: %4d(dec) Pages %4d(dec)KB >>\n",
				ContinuousPages,ContinuousPages*4);
		}
		else
		{
			printf("%08x - %08x",StartingVa,StartingVa+0x00000FFF);
			printf("  size:    1(dec) Pages    4(dec)KB >>\n");
		}
	}
	else
	{
		if(LastStartingVa!=0)
		{
			printf("%08x",LastStartingVa+0x00000FFF);
			printf("  size: %4d(dec) Pages %4d(dec)KB\n",
				ContinuousPages,ContinuousPages*4);
		}
	}

}

// -----------------------------------------------------------------

BOOL JiurlGetProcessName(HANDLE hDevice, DWORD pid, LPVOID lpBuffer)
{
	int ret;
	DWORD NumberOfBytesRead;

	ret=DeviceIoControl(
		hDevice,
		IOCTL_PROCESS_NAME_OUTPUT,
		&pid,
		sizeof(pid),
		lpBuffer,
		16,
		&NumberOfBytesRead,
		NULL);
	if(ret==0)
	{
		printf("DeviceIoControl Error: %d\n",GetLastError());
	}
	if(NumberOfBytesRead!=16)
	{
		//printf("NumberOfBytesRead: %d\n",NumberOfBytesRead);//
		ret=0;
	}

	return ret;
}

// -----------------------------------------------------------------
💿 文件大小 1030 K
👤 上传用户 wyly
📂 所属分类电子书籍
🏷️ 相关标签

#2000 #win #核心 #编程
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -