📄 jiurlprocmemsee.cpp
字号:
#include "JiurlProcMemSee.h"
#include "JiurlCommon.h"
void RedLight()
{
printf("[");
printfcolor("\4",0xc);
printf("]");
}
void GreenLight()
{
printf("[");
printfcolor("\4",0xa);
printf("]");
}
void main()
{
int ret;
JiurlAbout();
printf("\n");
///////////////////////////////////////////////
char ServiceFile[256];
GetCurrentDirectory(256,ServiceFile);
sprintf(ServiceFile,"%s\\JiurlDriver.sys",ServiceFile);
SC_HANDLE schSCManager;
schSCManager = OpenSCManager(NULL,NULL,SC_MANAGER_ALL_ACCESS);
ret=InstallDriver(schSCManager,DRIVER_NAME,ServiceFile);
if(ret==0)
{
StopDriver (schSCManager,DRIVER_NAME);
RemoveDriver (schSCManager,DRIVER_NAME);
RedLight();
printf(" Press any key to Exit\n");
getch();
return;
}
ret=StartDriver(schSCManager,DRIVER_NAME);
if(ret==0)
{
StopDriver (schSCManager,DRIVER_NAME);
RemoveDriver (schSCManager,DRIVER_NAME);
RedLight();
printf(" Press any key to Exit\n");
getch();
return;
}
GreenLight();
printf(" ServiceFile: %s\n",ServiceFile);
GreenLight();
printf(" CreateService SUCCESS StartService SUCCESS\n\n");
/////////////////////////////////////////
HANDLE hDevice;
hDevice= CreateFile("\\\\.\\JiurlSymbolicLink",
GENERIC_READ | GENERIC_WRITE,
0, // share mode none
NULL, // no security
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL ); // no template
if (hDevice == INVALID_HANDLE_VALUE)
{
RedLight();
printf(" Open JiurlSymbolicLink handle Error: %d\n",GetLastError() );
}
else
{
GreenLight();
printf(" Open JiurlSymbolicLink handle SUCCESS\n");
}
//getch();
printf("__________________________________________________\n");
/////////////////////////////////////////
HANDLE hOut;
hOut=GetStdHandle(STD_OUTPUT_HANDLE);
COORD dwSize;
dwSize.X=80;
dwSize.Y=3000;
SetConsoleScreenBufferSize(hOut,dwSize);
CmdManager(hDevice);
/////////////////////////////////////////
printf("__________________________________________________\n\n");
ret = CloseHandle(hDevice);
if (ret==0)
{
RedLight();
printf(" CloseHandle Error: %d\n",GetLastError());
}
else
{
GreenLight();
printf(" CloseHandle SUCCESS\n\n");
}
/////////////////////////////////////////
StopDriver (schSCManager,DRIVER_NAME);
ret=RemoveDriver (schSCManager,DRIVER_NAME);
if(ret==0)
{
RedLight();
printf(" Press any key to Exit\n");
getch();
}
GreenLight();
printf(" DeleteService SUCCESS\n");
CloseServiceHandle (schSCManager);
/////////////////////////////////////////
printf("\n");
printfcolor(
" "" "
"PRESS ANY KEY TO EXIT .."" "
,0x70);
getch();
}
// -----------------------------------------------------------------
BOOL JiurlReadProcessMemory(
HANDLE hDevice,
DWORD pid,
LPVOID lpBaseAddress, // base of memory area
LPVOID lpBuffer, // data buffer
DWORD nSize, // number of bytes to read
LPDWORD lpNumberOfBytesRead // number of bytes read
)
{
MEMORY_INFO MemInfo;
MemInfo.ProcessId=pid;
MemInfo.StartVa=lpBaseAddress;
MemInfo.nBytes=nSize;
int ret;
ret=DeviceIoControl(
hDevice,
IOCTL_MEM_OUTPUT,
&MemInfo,
sizeof(MemInfo),
lpBuffer,
nSize,
lpNumberOfBytesRead,
NULL);
if(ret==0)
{
printf("DeviceIoControl Error: %d\n",GetLastError());
}
return ret;
}
// -----------------------------------------------------------------
BOOL JiurlGetProcessName(HANDLE hDevice, DWORD pid, LPVOID lpBuffer)
{
int ret;
DWORD NumberOfBytesRead;
ret=DeviceIoControl(
hDevice,
IOCTL_PROCESS_NAME_OUTPUT,
&pid,
sizeof(pid),
lpBuffer,
16,
&NumberOfBytesRead,
NULL);
if(ret==0)
{
printf("DeviceIoControl Error: %d\n",GetLastError());
}
if(NumberOfBytesRead!=16)
{
//printf("NumberOfBytesRead: %d\n",NumberOfBytesRead);//
ret=0;
}
return ret;
}
void JiurlMemDisplay(char* Data,DWORD nBytes,
DWORD DisplayBase,DWORD type)
{
#define LINEDWORD 4
#define LINEBYTE 16
unsigned int i;
unsigned int j;
char str[32];
switch(type)
{
case 0://BYTE Display
{
unsigned char* ByteData;
ByteData=(unsigned char*)Data;
for(i=0;i<nBytes;i++)
{
if(i%LINEBYTE==0)
printf("%08x:",DisplayBase+i*16);
printf(" %02x",ByteData[i]);
if((i+1)%LINEBYTE==0)
{
memcpy(str,(ByteData+i-15),16);
printf(" ");
for(j=0;j<16;j++)
{
if(str[j]>=32&&str[j]<=126)
printf("%c",str[j]);
else
printf(".");
}
printf("\n");
}
}
break;
}
case 1://DWORD Display
{
DWORD* DwordData;
DwordData=(DWORD*)Data;
for(i=0;i<nBytes/4;i++)
{
if(i%LINEDWORD==0)
printf("%08x:",DisplayBase+i*4);
printf(" %08x",DwordData[i]);
if((i+1)%LINEDWORD==0)
{
memcpy(str,(char*)(DwordData+i-3),16);
printf(" ");
for(j=0;j<16;j++)
{
if(str[j]>=32&&str[j]<=126)
printf("%c",str[j]);
else
printf(".");
}
printf("\n");
}
}
break;
}
}
}
// -----------------------------------------------------------------
void CmdManager(HANDLE hDevice)
{
char CmdStr1[256];
char* CmdUprStr1;
DWORD pid;
DWORD base;
DWORD size;
DWORD ret;
DWORD BytesReturned;
char buf[0x10000];
while(1)
{
printf(">");
scanf("%s",CmdStr1);
CmdUprStr1=strupr(CmdStr1);
switch(CmdUprStr1[0])
{
case 'D':
{
if(strcmp(CmdUprStr1,"DD")==0)
{
scanf("%d",&pid);
scanf("%x",&base);
scanf("%x",&size);
ret=JiurlReadProcessMemory(
hDevice,pid,(void*)base,buf,size,&BytesReturned);
if(ret==1)
JiurlMemDisplay(buf,BytesReturned,base,1);
if(BytesReturned==0)
printf("NOT VALID\n");
printf("\n");
//printf("BytesRequest: %d\n",size);
printf("BytesReturned: %d\n",BytesReturned);
break;
}
if(strcmp(CmdUprStr1,"DB")==0)
{
scanf("%d",&pid);
scanf("%x",&base);
scanf("%x",&size);
ret=JiurlReadProcessMemory(
hDevice,pid,(void*)base,buf,size,&BytesReturned);
if(ret==1)
JiurlMemDisplay(buf,BytesReturned,base,0);
if(BytesReturned==0)
printf("NOT VALID\n");
printf("\n");
//printf("BytesRequest: %d\n",size);
printf("BytesReturned: %d\n",BytesReturned);
break;
}
printf("Unknown Command\n\n");
}
case 'H':
{
CmdHelp();
break;
}
case 'Q':
{
return;
}
default:
{
printf("Unkown Command\n\n");
CmdHelp();
}
}
}
}
// -----------------------------------------------------------------
void CmdHelp()
{
printf("[");
printfcolor("\4",0x9);
printf("]");
printf(" Help\n\n");
printf("dd ProcessId StartAddress Size\n");
printf("db ProcessId StartAddress Size\n");
printf("\n");
printf("h - help\n");
printf("q - quit\n");
printf("\n");
}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -