📄 jiurlsystemmodulessee.cpp

📁 关于win2000核心编程的文章
💻 CPP
字号:
#include "JiurlSystemModulesSee.h"
#include "JiurlCommon.h"

void RedLight()
{
	printf("[");
	printfcolor("\4",0xc);
	printf("]");
}

void GreenLight()
{
	printf("[");
	printfcolor("\4",0xa);
	printf("]");
}

void main()
{
	int ret;

	JiurlAbout();
	printf("\n");

	///////////////////////////////////////////////
	char ServiceFile[256];

	GetCurrentDirectory(256,ServiceFile);

	sprintf(ServiceFile,"%s\\JiurlDriver.sys",ServiceFile);

	SC_HANDLE   schSCManager;
    schSCManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);

	ret=InstallDriver(schSCManager,DRIVER_NAME,ServiceFile);
	if(ret==0)
	{
		StopDriver (schSCManager,DRIVER_NAME);
		RemoveDriver (schSCManager,DRIVER_NAME);
		RedLight();
		printf(" Press any key to Exit\n");
		getch();
		return;
	}

	ret=StartDriver(schSCManager,DRIVER_NAME);
	if(ret==0)
	{
		StopDriver (schSCManager,DRIVER_NAME);
		RemoveDriver (schSCManager,DRIVER_NAME);
		RedLight();
		printf(" Press any key to Exit\n");
		getch();
		return;
	}

	GreenLight();
	printf(" ServiceFile: %s\n",ServiceFile);
	GreenLight();
	printf(" CreateService SUCCESS  StartService SUCCESS\n");
	/////////////////////////////////////////

	HANDLE hDevice;

	hDevice= CreateFile("\\\\.\\JiurlSymbolicLink",
		GENERIC_READ | GENERIC_WRITE,
		0,		// share mode none
		NULL,	// no security
		OPEN_EXISTING,
		FILE_ATTRIBUTE_NORMAL,
		NULL );		// no template

	if (hDevice == INVALID_HANDLE_VALUE) 
	{
		RedLight();
		printf(" Open JiurlSymbolicLink handle Error: %d\n",GetLastError() );
	}
	else
	{
		GreenLight();
		printf(" Open JiurlSymbolicLink handle SUCCESS\n");
	}

	printf("__________________________________________________\n");
	/////////////////////////////////////////
	HANDLE hOut;
	hOut=GetStdHandle(STD_OUTPUT_HANDLE);

	COORD dwSize;
	dwSize.X=80;
	dwSize.Y=2000;
	SetConsoleScreenBufferSize(hOut,dwSize);

	JiurlSystemModulesSee(hDevice);

	/////////////////////////////////////////
	printf("__________________________________________________\n\n");

	ret = CloseHandle(hDevice);

	if (ret==0) 
	{
		RedLight();
		printf(" CloseHandle Error: %d\n",GetLastError());
	}
	else
	{
		GreenLight();
		printf(" CloseHandle SUCCESS\n");
	}

	/////////////////////////////////////////
	StopDriver (schSCManager,DRIVER_NAME);
	ret=RemoveDriver (schSCManager,DRIVER_NAME);
	if(ret==0)
	{
		RedLight();
		printf(" Press any key to Exit\n");
		getch();
	}

	GreenLight();
	printf(" DeleteService SUCCESS\n");	

	CloseServiceHandle (schSCManager);

	/////////////////////////////////////////
	printf("\n");
	printfcolor(
		"                    ""                    "
		"PRESS ANY KEY TO EXIT ..""                "
		,0x70);

	getch();

}

// -----------------------------------------------------------------

BOOL JiurlReadMemory(
  HANDLE  hDevice,
  LPVOID  lpBaseAddress,       // base of memory area
  LPVOID  lpBuffer,             // data buffer
  DWORD   nSize,                 // number of bytes to read
  LPDWORD lpNumberOfBytesRead  // number of bytes read
)
{
	MEMORY_INFO MemInfo;

	MemInfo.StartVa=lpBaseAddress;
	MemInfo.nBytes=nSize;

	int ret;

	ret=DeviceIoControl(
		hDevice,
		JIURL_MEM_OUTPUT,
		&MemInfo,
		sizeof(MemInfo),
		lpBuffer,
		nSize,
		lpNumberOfBytesRead,
		NULL);
	if(ret==0)
	{
		printf("DeviceIoControl Error: %d\n",GetLastError());
	}

	return ret;
}

// -----------------------------------------------------------------

void JiurlSystemModulesSee(HANDLE hDevice)
{
	DWORD nBytes;
	DWORD BytesReturned;

	PLIST_ENTRY pModuleListHead , pModuleListEntry;

	pModuleListHead=
		(PLIST_ENTRY)PsLoadedModuleList;

	JiurlReadMemory(hDevice,pModuleListHead,&pModuleListEntry,
		sizeof(pModuleListEntry),&BytesReturned);

	if(BytesReturned!=sizeof(pModuleListEntry))
	{
		printf("JiurlReadProcessMemory Failed\n");
		return;
	}

	KMODULE Module;
	char* ModuleAddress;
	wchar_t NameBuf[256];

	do
	{
		ModuleAddress=(char*)pModuleListEntry;

		nBytes=sizeof(Module);
		JiurlReadMemory(
			hDevice,ModuleAddress,&Module,nBytes,&BytesReturned);
		if(BytesReturned!=nBytes)
		{
			printf("JiurlReadProcessMemory Failed\n");
			return;
		}

		pModuleListEntry=Module.KernelLoadedModuleList.Flink;

		JiurlReadMemory(
			hDevice,Module.ModuleName.Buffer,NameBuf,sizeof(NameBuf),
			&BytesReturned);

		printf("0x%08x - 0x%08x  %ws\n",
			Module.ImageBase,
			(char*)Module.ImageBase+Module.SizeOfImage,
			NameBuf);

		JiurlPeSectionsSee(hDevice,Module.ImageBase);

		printf("\n");
	}
	while(pModuleListEntry!=pModuleListHead);
}


// -----------------------------------------------------------------

void JiurlPeSectionsSee(HANDLE hDevice,PVOID BaseAddress)
{
	DWORD nBytes;
	DWORD BytesReturned;

	char pe[4096];

	nBytes=4096;
	JiurlReadMemory(
		hDevice,BaseAddress,pe,nBytes,&BytesReturned);

	if(BytesReturned!=nBytes)
	{
		printf("JiurlReadProcessMemory Failed\n");
		return;
	}

	PIMAGE_DOS_HEADER pDosHeader;

	pDosHeader= (PIMAGE_DOS_HEADER)pe;

	if(pDosHeader->e_magic != IMAGE_DOS_SIGNATURE)
    {
        printf("Not a PE File\n");
		return;
    }
	
	PIMAGE_NT_HEADERS pNtHeader;

	pNtHeader= (PIMAGE_NT_HEADERS)(pe+pDosHeader->e_lfanew);

	if ( pNtHeader->Signature != IMAGE_NT_SIGNATURE)
	{
        printf("Not a PE File\n");
		return;
    }

	PIMAGE_SECTION_HEADER section;
	DWORD nSections; 
    DWORD i;

	nSections= pNtHeader->FileHeader.NumberOfSections;
	section=IMAGE_FIRST_SECTION(pNtHeader);

	char SectionName[9];
	memset(SectionName,0,9);
	DWORD SectionStart,SectionEnd,SectionSize;
	
    for (i=0; i<nSections; i++)
    {

		SectionSize=section->Misc.VirtualSize;

		SectionStart= (DWORD)((char*)BaseAddress+section->VirtualAddress);
		SectionEnd= SectionStart+SectionSize;

		memcpy(SectionName,(char*)section->Name,8);

		printf("  ");
		printf("0x%08x - 0x%08x  %s\n",
			SectionStart,SectionEnd,SectionName);
		section++;
    }
}
💿 文件大小 1030 K
👤 上传用户 wyly
📂 所属分类电子书籍
🏷️ 相关标签

#2000 #win #核心 #编程
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -