📄 jiurlpdptsee.cpp
字号:
#include "JiurlPdPtSee.h"
#include "JiurlCommon.h"
void RedLight()
{
printf("[");
printfcolor("\4",0xc);
printf("]");
}
void GreenLight()
{
printf("[");
printfcolor("\4",0xa);
printf("]");
}
void main()
{
int ret;
JiurlAbout();
printf("\n");
///////////////////////////////////////////////
char ServiceFile[256];
GetCurrentDirectory(256,ServiceFile);
sprintf(ServiceFile,"%s\\JiurlDriver.sys",ServiceFile);
SC_HANDLE schSCManager;
schSCManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
ret=InstallDriver(schSCManager,DRIVER_NAME,ServiceFile);
if(ret==0)
{
RemoveDriver (schSCManager,DRIVER_NAME);
RedLight();
printf(" Press any key to Exit\n");
getch();
return;
}
ret=StartDriver(schSCManager,DRIVER_NAME);
if(ret==0)
{
StopDriver (schSCManager,DRIVER_NAME);
RemoveDriver (schSCManager,DRIVER_NAME);
RedLight();
printf(" Press any key to Exit\n");
getch();
return;
}
GreenLight();
printf(" ServiceFile: %s\n",ServiceFile);
GreenLight();
printf(" CreateService SUCCESS StartService SUCCESS\n");
/////////////////////////////////////////
HANDLE hDevice;
hDevice= CreateFile("\\\\.\\JiurlSymbolicLink",
GENERIC_READ | GENERIC_WRITE,
0, // share mode none
NULL, // no security
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL ); // no template
if (hDevice == INVALID_HANDLE_VALUE)
{
RedLight();
printf(" Open JiurlSymbolicLink handle Error: %d\n",GetLastError() );
}
else
{
GreenLight();
printf(" Open JiurlSymbolicLink handle SUCCESS\n");
}
//getch();
printf("__________________________________________________\n");
/////////////////////////////////////////
HANDLE hOut;
hOut=GetStdHandle(STD_OUTPUT_HANDLE);
COORD dwSize;
dwSize.X=80;
dwSize.Y=3000;
SetConsoleScreenBufferSize(hOut,dwSize);
CmdManager(hDevice);
/////////////////////////////////////////
printf("__________________________________________________\n\n");
ret = CloseHandle(hDevice);
if (ret==0)
{
RedLight();
printf(" CloseHandle Error: %d\n",GetLastError());
}
else
{
GreenLight();
printf(" CloseHandle SUCCESS\n\n");
}
/////////////////////////////////////////
StopDriver (schSCManager,DRIVER_NAME);
ret=RemoveDriver (schSCManager,DRIVER_NAME);
if(ret==0)
{
RedLight();
printf(" Press any key to Exit\n");
getch();
}
GreenLight();
printf(" DeleteService SUCCESS\n");
CloseServiceHandle (schSCManager);
/////////////////////////////////////////
printf("\n");
printfcolor(
" "" "
"PRESS ANY KEY TO EXIT .."" "
,0x70);
getch();
}
// -----------------------------------------------------------------
BOOL JiurlReadProcessMemory(
HANDLE hDevice,
DWORD pid,
LPVOID lpBaseAddress, // base of memory area
LPVOID lpBuffer, // data buffer
DWORD nSize, // number of bytes to read
LPDWORD lpNumberOfBytesRead // number of bytes read
)
{
MEMORY_INFO MemInfo;
MemInfo.ProcessId=pid;
MemInfo.StartVa=lpBaseAddress;
MemInfo.nBytes=nSize;
int ret;
ret=DeviceIoControl(
hDevice,
IOCTL_MEM_OUTPUT,
&MemInfo,
sizeof(MemInfo),
lpBuffer,
nSize,
lpNumberOfBytesRead,
NULL);
if(ret==0)
{
printf("DeviceIoControl Error: %d\n",GetLastError());
}
return ret;
}
// -----------------------------------------------------------------
BOOL JiurlGetProcessName(HANDLE hDevice, DWORD pid, LPVOID lpBuffer)
{
int ret;
DWORD NumberOfBytesRead;
ret=DeviceIoControl(
hDevice,
IOCTL_PROCESS_NAME_OUTPUT,
&pid,
sizeof(pid),
lpBuffer,
16,
&NumberOfBytesRead,
NULL);
if(ret==0)
{
printf("DeviceIoControl Error: %d\n",GetLastError());
}
if(NumberOfBytesRead!=16)
{
ret=0;
}
return ret;
}
// -----------------------------------------------------------------
void JiurlPageDirectorySee(HANDLE hDevice,DWORD pid,DWORD type)
{
DWORD PageDirecotry[1024];
void* pAddress;
DWORD nBytes;
DWORD BytesReturned;
pAddress=(void*)PAGE_DIRECTORY_BASE;
nBytes=4096;
JiurlReadProcessMemory(
hDevice,pid,pAddress,PageDirecotry,nBytes,&BytesReturned);
if(BytesReturned!=nBytes)
printf("JiurlReadProcessMemory Failed\n");
#define LINEDWORD 4
#define BIN(x,nbit) (x&(1<<nbit))>>nbit
int i;
printf("PAGE DIRECTORY\n");
switch(type)
{
case 0:
{
for(i=0;i<1024;i++)
{
if(i%LINEDWORD==0)
printf("%08x:",(unsigned int)PAGE_DIRECTORY_BASE+i*4);
printf(" %08x",PageDirecotry[i]);
if((i+1)%LINEDWORD==0)
printf("\n");
}
break;
}
case 1:
{
for(i=0;i<1024;i++)
{
if(BIN(PageDirecotry[i],0))
{
printf("%08x:",(unsigned int)PAGE_DIRECTORY_BASE+i*4);
printf(" %08x",PageDirecotry[i]);
printf(" ");
printf("PageTableAddress: %08x",
(char*)PAGE_TABLE_BASE+i*0x1000);
printf("\n");
}
}
break;
}
}
}
// -----------------------------------------------------------------
void JiurlPageTableSee(HANDLE hDevice,DWORD pid,
DWORD PageTableAddress,DWORD type)
{
DWORD PageTable[1024];
void* pAddress;
DWORD nBytes;
DWORD BytesReturned;
pAddress=(void*)PageTableAddress;
nBytes=4096;
JiurlReadProcessMemory(
hDevice,pid,pAddress,PageTable,nBytes,&BytesReturned);
if(BytesReturned!=nBytes)
printf("JiurlReadProcessMemory Failed\n");
#define LINEDWORD 4
#define BIN(x,nbit) (x&(1<<nbit))>>nbit
int i;
switch(type)
{
case 0:
{
for(i=0;i<1024;i++)
{
if(i%LINEDWORD==0)
printf("%08x:",(unsigned int)pAddress+i*4);
printf(" %08x",PageTable[i]);
if((i+1)%LINEDWORD==0)
printf("\n");
}
break;
}
case 1:
{
for(i=0;i<1024;i++)
{
if(BIN(PageTable[i],0))
{
printf("%08x:",(unsigned int)pAddress+i*4);
printf(" %08x",PageTable[i]);
printf(" ");
DWORD VaStart;
VaStart=(((unsigned int)pAddress+i*4-0xC0000000)/4)<<12;
printf("AddressSpace: %08x-%08x",
VaStart,VaStart+0x00000FFF);
printf("\n");
}
}
break;
}
}
}
// -----------------------------------------------------------------
void CmdManager(HANDLE hDevice)
{
char CmdStr1[256];
char* CmdUprStr1;
unsigned int pid;
unsigned int PageTableAddress;
unsigned int type;
int ret;
char ProcessName[16];
while(1)
{
printf(">");
scanf("%s",CmdStr1);
CmdUprStr1=strupr(CmdStr1);
switch(CmdUprStr1[0])
{
case 'P':
{
if(strcmp(CmdUprStr1,"PDE")==0)
{
scanf("%d",&pid);
scanf("%d",&type);
ret=JiurlGetProcessName(hDevice, pid,ProcessName);
if(ret==0)
printf("Get Process Name Error\n");
else
printf("%s:\n",ProcessName);
JiurlPageDirectorySee(hDevice,pid,type);
}
if(strcmp(CmdUprStr1,"PTE")==0)
{
scanf("%d",&pid);
scanf("%x",&PageTableAddress);
scanf("%d",&type);
ret=JiurlGetProcessName(hDevice, pid,ProcessName);
if(ret==0)
printf("Get Process Name Error\n");
else
printf("%s:\n",ProcessName);
printf("PAGE TABLE %08x\n",PageTableAddress);
JiurlPageTableSee(hDevice,pid,PageTableAddress,type);
}
break;
}
case 'H':
{
CmdHelp();
break;
}
case 'Q':
{
return;
}
default:
{
printf("Unkown Command\n\n");
CmdHelp();
}
}
}
}
// -----------------------------------------------------------------
void CmdHelp()
{
printf("[");
printfcolor("\4",0x9);
printf("]");
printf(" Help\n\n");
printf("pde [pid] [type] - page directory\n");
printf("pte [pid] [ptAddress] [type] - page table\n");
printf("[pid] - decimal process id\n");
printf("[ptAddress] - hex page table address\n");
printf("[type] - 0 or 1\n");
printf("[type=0] - dump all\n");
printf("[type=1] - dump only valid , print some information\n");
printf("\n");
printf("h - help\n");
printf("q - quit\n");
printf("\n");
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -