📄 dbk32functions.pas
字号:
win32kaddress,win32size:dword;
begin
OutputDebugString('Protectme called');
result:=false;
if GetWin32KAddress(win32kAddress,win32size) then
if not InitializeDriver(win32kAddress,win32size) then exit;
if hdevice<>INVALID_HANDLE_VALUE then
begin
getmem(input,sizeof(tinput)+listsize);
try
input.processid:=ProtectedProcessID;
if denylist then
input.DenyList:=1 else input.DenyList:=0;
if globaldenylist then
input.GlobalDenyList:=1 else input.GlobalDenyList:=0;
input.ListSize:=listsize;
copymemory(pointer(dword(@input.listsize)+4),list,listsize);
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0809, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
result:=deviceiocontrol(hdevice,cc,input,sizeof(tinput)+listsize,input,4,x,nil);
finally
freemem(input);
end;
Iamprotected:=result;
end;
end;
function UnprotectMe:bool; stdcall;
var cc,x: dword;
begin
result:=false;
if (hdevice<>INVALID_HANDLE_VALUE) and (Iamprotected) then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $080e, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
result:=deviceiocontrol(hdevice,cc,@x,0,@x,0,x,nil);
end;
end;
function DBKSuspendThread(ThreadID:dword):boolean; stdcall;
var cc,x: dword;
begin
outputdebugstring('DBKSuspendThread');
result:=false;
x:=ThreadId;
if (hdevice<>INVALID_HANDLE_VALUE) then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0822, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
result:=deviceiocontrol(hdevice,cc,@x,sizeof(x),nil,0,x,nil);
end;
end;
function DBKResumeThread(ThreadID:dword):boolean; stdcall;
var cc,x: dword;
begin
outputdebugstring('DBKResumeThread');
result:=false;
x:=threadid;
if (hdevice<>INVALID_HANDLE_VALUE) then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0823, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
result:=deviceiocontrol(hdevice,cc,@x,sizeof(x),nil,0,x,nil);
end;
end;
function DBKSuspendProcess(ProcessID:dword):boolean; stdcall;
var cc,x: dword;
begin
result:=false;
x:=ProcessID;
if (hdevice<>INVALID_HANDLE_VALUE) then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0824, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
result:=deviceiocontrol(hdevice,cc,@x,sizeof(x),nil,0,x,nil);
end;
end;
function DBKResumeProcess(ProcessID:dword):boolean; stdcall;
var cc,x: dword;
begin
result:=false;
x:=ProcessID;
if (hdevice<>INVALID_HANDLE_VALUE) then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0825, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
result:=deviceiocontrol(hdevice,cc,@x,sizeof(x),nil,0,x,nil);
end;
end;
function GetPhysicalAddress(hProcess:THandle;lpBaseAddress:pointer;var Address:int64): BOOL; stdcall;
type TInputstruct=record
ProcessID: dword;
BaseAddress: dword;
end;
var cc: dword;
input: TInputStruct;
physicaladdress: int64 absolute input;
x: dword;
i: integer;
begin
result:=false;
if hdevice<>INVALID_HANDLE_VALUE then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0808, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
for i:=0 to length(handlelist)-1 do
if handlelist[i].processhandle=hProcess then
begin
input.ProcessID:=handlelist[i].processid;
input.BaseAddress:=dword(lpBaseAddresS);
result:=deviceiocontrol(hdevice,cc,@input,8,@input,8,x,nil);
if result then address:=physicaladdress else address:=0;
end;
end;
end;
function WritePhysicalMemory(hProcess:THANDLE;lpBaseAddress:pointer;lpBuffer:pointer;nSize:DWORD;var NumberOfBytesWritten:DWORD):BOOL; stdcall;
type TInputstruct=record
startaddress: dword;
bytestowrite: dword;
end;
var ao: array [0..511] of byte;
input: TInputstruct absolute ao[0];
cc:dword;
i: integer;
ok: boolean;
br: dword;
mempointer: dword;
bufpointer: dword;
bufpointer2: pointer;
towrite: dword;
begin
result:=false;
NumberOfByteswritten:=0;
//find the hprocess in the handlelist, if it isn't use the normal method (I could of course use NtQueryProcessInformation but it's undocumented and I'm too lazy to dig it up
if hdevice<>INVALID_HANDLE_VALUE then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0807, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
mempointer:=dword(lpBaseAddress);
bufpointer:=dword(lpbuffer);
ok:=true;
while ok do
begin
zeromemory(@ao[0],512);
if nSize-NumberOfByteswritten>=(512-sizeof(TInputstruct)) then
towrite:=(512-sizeof(TInputstruct))
else
towrite:=nSize-NumberOfByteswritten;
input.bytestowrite:=towrite;
input.startaddress:=mempointer;
bufpointer2:=pointer(bufpointer);
copymemory(@ao[sizeof(tinputstruct)],bufpointer2,towrite);
if not deviceiocontrol(hdevice,cc,@ao[0],512,@ao[0],512,br,nil) then exit;
inc(mempointer,towrite);
inc(bufpointer,towrite);
inc(NumberOfByteswritten,towrite);
if NumberOfByteswritten=nSize then
begin
result:=true;
exit;
end;
end;
end;
end;
function ReadPhysicalMemory(hProcess:THANDLE;lpBaseAddress:pointer;lpBuffer:pointer;nSize:DWORD;var NumberOfBytesRead:DWORD):BOOL; stdcall;
type TInputstruct=record
startaddress: dword;
bytestoread: dword
end;
var ao: array [0..600] of byte;
input: TInputstruct absolute ao[0];
br: dword;
cc:dword;
ok:boolean;
toread:dword;
toread2: dword;
mempointeR:dword;
bufpointer:dword;
begin
//processhandle is just there for compatibility in case I want to quickly wrap it over read/writeprocessmemory
result:=false;
numberofbytesread:=0;
if hdevice<>INVALID_HANDLE_VALUE then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0806, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
toread:=nSize;
mempointer:=dword(lpBaseAddress);
bufpointer:=dword(lpBuffer);
ok:=true;
while ok and (toread>0) do
begin
if toread>512 then
toread2:=512
else
toread2:=toread;
dec(toread,toread2);
input.bytestoread:=toread2;
input.startaddress:=mempointer;
if deviceiocontrol(hdevice,cc,@ao[0],512,@ao[0],512,br,nil) then
begin
copymemory(pointer(bufpointer),@ao[0],toread2);
inc(numberofbytesread,toread2);
inc(bufpointer,toread2);
mempointer:=mempointer+toread2;
end
else
ok:=false;
end;
result:=ok;
end;
end;
Function GetPEThread(Threadid: dword):dword; stdcall;
var cc:dword;
x: dword;
pethread: dword;
begin
result:=0;
if hdevice<>INVALID_HANDLE_VALUE then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0821, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
pethread:=threadid;
if deviceiocontrol(hdevice,cc,@pethread,4,@pethread,4,x,nil) then result:=pethread;
end;
end;
Function GetPEProcess(ProcessID: dword):dword; stdcall;
var cc:dword;
x: dword;
peprocess: dword;
begin
result:=0;
if hdevice<>INVALID_HANDLE_VALUE then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0805, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
peprocess:=processid;
if deviceiocontrol(hdevice,cc,@peprocess,4,@peprocess,4,x,nil) then result:=peprocess else result:=0;
end;
end;
function DBKGetDC(window: HWND): HDC;
type TInputstruct=record
windowhandle: HWND;
getdc_callnumber: integer;
end;
var cc:dword;
x: dword;
input: TInputStruct;
output: HDC;
getdcaddress: pointer;
begin
result:=0;
if hdevice<>INVALID_HANDLE_VALUE then
begin
input.windowhandle:=window;
// input.getdc_callnumber
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0829, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
if deviceiocontrol(hdevice,cc,@input,sizeof(TInputStruct),@output,sizeof(output),x,nil) then result:=output else result:=0;
end;
end;
function IsValidHandle(hProcess:THandle):BOOL; stdcall;
var i: integer;
begin
result:=false;
for i:=0 to length(handlelist)-1 do
if handlelist[i].processhandle=hProcess then
begin
result:=handlelist[i].validhandle;
exit;
end;
end;
function {ReadProcessMemory}RPM(hProcess:THANDLE;lpBaseAddress:pointer;lpBuffer:pointer;nSize:DWORD;var NumberOfBytesRead:DWORD):BOOL; stdcall;
type TInputstruct=record
processid: dword;
startaddress: dword;
bytestoread: word;
end;
var ao: array [0..600] of byte; //give it some space
input: TInputstruct absolute ao[0];
cc:dword;
i: integer;
ok: boolean;
br: dword;
mempointer: dword;
bufpointer: dword;
bufpointer2: pointer;
toread: dword;
begin
result:=false;
numberofbytesread:=0;
//find the hprocess in the handlelist, if it isn't use the normal method (I could of course use NtQueryProcessInformation but it's undocumented and I'm too lazy to dig it up
for i:=0 to length(handlelist)-1 do
if handlelist[i].processhandle=hProcess then
begin
if hdevice<>INVALID_HANDLE_VALUE then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0800, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
mempointer:=dword(lpBaseAddress);
bufpointer:=dword(lpbuffer);
ok:=true;
while ok do
begin
input.processid:=handlelist[i].processid;
if nSize-numberofbytesread>=512 then
toread:=512
else
toread:=nSize-numberofbytesread;
input.bytestoread:=toread;
input.startaddress:=mempointer;
if deviceiocontrol(hdevice,cc,@ao[0],512,@ao[0],512,br,nil) then
begin
bufpointer2:=pointer(bufpointer);
copymemory(bufpointer2,@ao[0],toread);
//no check if it works or try except, it's up to the (retarded) user to do it right
end
else
begin
exit;
end;
inc(mempointer,toread);
inc(bufpointer,toread);
inc(numberofbytesread,toread);
if numberofbytesread=nSize then
begin
result:=true;
exit;
end;
end;
exit;
end else if not handlelist[i].validhandle then exit; //else use the normal method...
end;
//not found so ....
result:=windows.ReadProcessMemory(hProcess,lpBaseAddress,lpBuffer,nSize,NumberOfBytesRead);
end;
function {WriteProcessMemory}WPM(hProcess:THANDLE;lpBaseAddress:pointer;lpBuffer:pointer;nSize:DWORD;var NumberOfBytesWritten:DWORD):BOOL; stdcall;
type TInputstruct=record
processid: dword;
startaddress: dword;
bytestowrite: word;
end;
var ao: array [0..511] of byte;
input: TInputstruct absolute ao[0];
cc:dword;
i: integer;
ok: boolean;
br: dword;
mempointer: dword;
bufpointer: dword;
bufpointer2: pointer;
towrite: dword;
begin
result:=false;
NumberOfByteswritten:=0;
//find the hprocess in the handlelist, if it isn't use the normal method (I could of course use NtQueryProcessInformation but it's undocumented and I'm too lazy to dig it up
for i:=0 to length(handlelist)-1 do
if handlelist[i].processhandle=hProcess then
begin
if hdevice<>INVALID_HANDLE_VALUE then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0801, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
mempointer:=dword(lpBaseAddress);
bufpointer:=dword(lpbuffer);
ok:=true;
while ok do
begin
zeromemory(@ao[0],512);
input.processid:=handlelist[i].processid;
if nSize-NumberOfByteswritten>=(512-sizeof(TInputstruct)) then
towrite:=(512-sizeof(TInputstruct))
else
towrite:=nSize-NumberOfByteswritten;
input.bytestowrite:=towrite;
input.startaddress:=mempointer;
bufpointer2:=pointer(bufpointer);
copymemory(@ao[sizeof(tinputstruct)],bufpointer2,towrite);
if not deviceiocontrol(hdevice,cc,@ao[0],512,@ao[0],512,br,nil) then exit;
inc(mempointer,towrite);
inc(bufpointer,towrite);
inc(NumberOfByteswritten,towrite);
if NumberOfByteswritten=nSize then
begin
result:=true;
exit;
end;
end;
exit;
end else if not handlelist[i].validhandle then exit;
end;
//not found so ....
result:=windows.writeProcessMemory(hProcess,lpBaseAddress,lpBuffer,nSize,NumberOfByteswritten);
end;
function {OpenThread}OT(dwDesiredAccess:DWORD;bInheritHandle:BOOL;dwThreadId:DWORD):THANDLE; stdcall;
var
threadhandle: thandle;
cc,x: dword;
begin
result:=0;
if dwThreadId=0 then exit;
if hdevice<>INVALID_HANDLE_VALUE then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0818, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
threadhandle:=dwThreadId;
if deviceiocontrol(hdevice,cc,@threadhandle,4,@threadhandle,4,x,nil) then
result:=threadhandle
else
result:=0;
end;
end;
function {OpenProcess}OP(dwDesiredAccess:DWORD;bInheritHandle:BOOL;dwProcessId:DWORD):THANDLE; stdcall;
var valid:boolean;
Processhandle: thandle;
i:integer;
cc,x: dword;
begin
valid:=true;
if dwProcessId=0 then
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -