📄 dbk32functions.pas
字号:
begin
result:=0;
exit;
end;
if hdevice<>INVALID_HANDLE_VALUE then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0802, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
processhandle:=dwProcessId; //rest is ignored
if deviceiocontrol(hdevice,cc,@processhandle,4,@processhandle,4,x,nil) then
begin
result:=processhandle
end
else
result:=0;
end else result:=windows.OpenProcess(dwDesiredAccess,bInheritHandle,dwProcessID);
if result=0 then //you can still access memory using the low level stuff, just not normal stuff
begin
valid:=false;
//openprocess isn't working
if length(handlelist)=0 then result:=100+random(32000)
else
result:=handlelist[length(handlelist)-1].processhandle+1;
end;
//check for a duplicate handle and replace it (closehandle/openproces gets you the same handle)
for i:=0 to length(handlelist)-1 do
begin
if handlelist[i].processhandle=result then
begin
handlelist[i].processid:=dwProcessID;
handlelist[i].validhandle:=valid;
exit;
end;
end;
setlength(handlelist,length(handlelist)+1);
handlelist[length(handlelist)-1].processhandle:=result;
handlelist[length(handlelist)-1].processid:=dwProcessID;
handlelist[length(handlelist)-1].validhandle:=valid;
end;
Function {NtOpenThread}NtOT(var Handle: THandle; AccessMask: dword; objectattributes: pointer; clientid: PClient_ID):DWORD; stdcall;
begin
handle:=OP(STANDARD_RIGHTS_REQUIRED or windows.synchronize or $3ff,true,clientid.processid);
if handle<>0 then result:=0 else result:=$c000000e;
end;
Function {NtOpenProcess}NOP(var Handle: THandle; AccessMask: dword; objectattributes: pointer; clientid: PClient_ID):DWORD; stdcall;
begin
Handle:=OP(process_all_access,true,clientid.processid);
if handle<>0 then result:=0 else result:=$C000000E;
end;
function {VirtualQueryEx}VQE(hProcess: THandle; address: pointer; var mbi: _MEMORY_BASIC_INFORMATION; bufsize: DWORD):dword; stdcall;
type TOUTP=record
length : DWORD ;
protection : DWORD ;
end;
var buf: TOUTP;
i: integer;
br,cc: dword;
begin
result:=0;
for i:=0 to length(handlelist)-1 do
if handlelist[i].processhandle=hProcess then
begin
if hdevice<>INVALID_HANDLE_VALUE then
begin
buf.length:=handlelist[i].processid;
buf.protection:=dword(address);
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0803, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
if deviceiocontrol(hdevice,cc,@buf,sizeof(buf),@buf,sizeof(buf),br,nil) then
begin
mbi.BaseAddress:=pointer((dword(address) div $1000) *$1000);
mbi.AllocationBase:=mbi.BaseAddress;
mbi.AllocationProtect:=buf.protection;
mbi.RegionSize:=buf.length;
mbi.State:=MEM_COMMIT;
mbi.Protect:=buf.protection;
mbi.Type_9:=MEM_PRIVATE;
result:=sizeof(mbi);
end;
exit; //we're done here
end;
end;
result:=windows.VirtualQueryEx(hProcess,address,mbi,bufsize);
end;
Function {VirtualAllocEx}VAE(hProcess: THandle; lpAddress: Pointer; dwSize, flAllocationType: DWORD; flProtect: DWORD): Pointer; stdcall;
var i: integer;
br,cc: dword;
x: record
processid: dword;
baseaddress: pointer;
size: dword;
AllocationType: dword;
Protect: dword;
end;
r: pointer;
begin
result:=0;
for i:=0 to length(handlelist)-1 do
if handlelist[i].processhandle=hProcess then
begin
if hdevice<>INVALID_HANDLE_VALUE then
begin
x.processid:=handlelist[i].processid;
x.baseaddress:=lpAddress;
x.size:=dwsize;
x.AllocationType:=flAllocationType;
x.Protect:=flProtect;
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $081f, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
deviceiocontrol(hdevice,cc,@x,sizeof(x),@r,sizeof(r),br,nil);
result:=r;
exit; //we're done here
end;
end;
//still here
result:=VirtualAllocEx(hprocess,lpAddress,dwSize,flAllocationType,flProtect);
end;
procedure testapc( NormalContext:pointer; SystemArgument1:pointer; SystemArgument2:pointer);stdcall;
var tid: dword;
s: string;
begin
s:=inttohex(dword(NormalContext),8)+' - '+inttohex(dword(SystemArgument1),8)+' - '+inttohex(dword(SystemArgument2),8);
//CreateThread(nil,0,systemArgument1,SystemArgument2,false,@tid);
messagebox(0,pchar(s),'APC rules',mb_ok);
end;
Function CreateRemoteAPC(threadid: dword; lpStartAddress: TFNAPCProc): THandle; stdcall;
var i: integer;
br,cc: dword;
x:record
threadid: dword;
addresstoexecute: pointer;
end;
begin
result:=0;
if hdevice<>INVALID_HANDLE_VALUE then
begin
x.addresstoexecute:=lpStartAddress;
x.threadid:=threadid;
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0820, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
if deviceiocontrol(hdevice,cc,@x,sizeof(x),nil,0,br,nil) then
result:=666 //sorry dude, no threadid returned, and no way of checking if it succeeded or not
else
result:=0;
end;
end;
function setAlternateDebugMethod(var int1apihook:dword; var OriginalInt1handler:dword):BOOL; stdcall;
var
x:record
int1apihook: dword;
Originalint1handler: dword;
end;
br,cc: dword;
i:integer;
begin
outputdebugstring('setAlternateDebugMethod');
result:=false;
if hdevice<>INVALID_HANDLE_VALUE then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $081d, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
if deviceiocontrol(hdevice,cc,nil,0,@x,sizeof(x),br,nil) then
begin
//this data will be send to cheat engine. it will know what to do with it...
int1apihook:=x.int1apihook;
OriginalInt1handler:=x.Originalint1handler;
result:=true;
end;
usealternatedebugmethod:=result; //once set you can't unset it
end;
end;
function getAlternateDebugMethod:BOOL; stdcall;
var
x: boolean;
br,cc: dword;
begin
outputdebugstring('getAlternateDebugMethod');
//check the kernel if this method has been set
result:=false;
if hdevice<>INVALID_HANDLE_VALUE then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $081e, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
if deviceiocontrol(hdevice,cc,nil,0,@x,sizeof(x),br,nil) then
result:=x;
usealternatedebugmethod:=x;
end else result:=false;
end;
function StartCEKernelDebug:BOOL; stdcall;
var
br,cc: dword;
i:integer;
cpunr,PA,SA:Dword;
cpunr2:byte;
begin
result:=false;
outputdebugstring('DebugProcess function');
if usealternatedebugmethod then
begin
result:=true;
exit;
end;
if hdevice<>INVALID_HANDLE_VALUE then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0810, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
GetProcessAffinityMask(getcurrentprocess,PA,SA);
//first hook the interrupts if needed
cpunr2:=0;
cpunr:=1;
while (cpunr<=PA) do
begin
if ((cpunr) and PA)>0 then
begin
SetProcessAffinityMask(getcurrentprocess,cpunr);
//create a new thread. (Gues on what cpu it will run at...)
with THookIDTThread.Create(true) do
begin
try
cpunr:=cpunr2;
resume;
while not done do sleep(10); //the sleep should also cause a taskswitch but I'm not 100% sure
if not succeeded then
begin
SetProcessAffinityMask(getcurrentprocess,PA);
messagebox(0,pchar('Failure when changing the interrupt handler on CPU '+inttostr(cpunr)),'',mb_ok);
exit;
end;
finally
free;
end;
end;
end;
if cpunr=$80000000 then break;
inc(cpunr,cpunr);
inc(cpunr2);
end;
SetProcessAffinityMask(getcurrentprocess,PA); //multi processors are so fun. It'd be a waste not to use it
outputdebugstring('going to start the hooker');
hooker:=thookidtconstantly.Create(false);
result:=true;
end;
end;
function SetMemoryAccessWatch(processid:dword;address:DWORD;size: byte;debugtype:byte):BOOL; stdcall;
type Tinput=record
ProcessID:DWORD;
Address:DWORD;
Length:BYTE;
RWE:BYTE;
end;
var input:TInput;
br,cc: dword;
begin
if hdevice<>INVALID_HANDLE_VALUE then
begin
result:=StartCEKernelDebug;
input.Processid:=processid;
input.Address:=address;
input.length:=size;
input.RWE:=debugtype;
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0811, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
result:=result and deviceiocontrol(hdevice,cc,@input,sizeof(input),@input,0,br,nil);
end;
end;
function StopRegisterChange(regnr:integer):BOOL; stdcall;
var x,cc: dword;
begin
outputdebugstring('DBK32: StopRegisterChange called');
result:=false;
if hdevice<>INVALID_HANDLE_VALUE then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $081c, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
result:=deviceiocontrol(hdevice,cc,@regnr,4,nil,0,x,nil);
end;
end;
function StopDebugging:BOOL; stdcall;
var x,cc: dword;
begin
outputdebugstring('DBK32: StopDebugging called');
result:=false;
if hdevice<>INVALID_HANDLE_VALUE then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $081b, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
result:=deviceiocontrol(hdevice,cc,nil,0,nil,0,x,nil);
end;
end;
function DebugProcess(processid:dword;address:DWORD;size: byte;debugtype:byte):BOOL; stdcall;
begin
if hdevice<>INVALID_HANDLE_VALUE then
begin
result:=StartCEKernelDebug;
result:=result and SetMemoryAccessWatch(processid,address,size,debugtype);
end;
end;
function ChangeRegOnBP(Processid:dword; address: dword; debugreg: integer; changeEAX,changeEBX,changeECX,changeEDX,changeESI,changeEDI,changeEBP,changeESP,changeEIP,changeCF,changePF,changeAF,changeZF,changeSF,changeOF:BOOLEAN; newEAX,newEBX,newECX,newEDX,newESI,newEDI,newEBP,newESP,newEIP:DWORD; newCF,newPF,newAF,newZF,newSF,newOF:BOOLEAN):BOOLEAN; stdcall;
type TChangeReg=record
BreakAddress: DWORD;
newEAX,newEBX,newECX,newEDX,newESI,newEDI,newEBP,newESP,newEIP: DWORD;
newCF,newPF,newAF,newZF,newSF,newOF:BOOLEAN;
changeEAX,changeEBX,changeECX,changeEDX,changeESI,changeEDI,changeEBP,changeESP,changeEIP:BOOLEAN;
changeCF,changePF,changeAF,changeZF,changeSF,changeOF:BOOLEAN;
Active:BOOLEAN;
end;
type TBuf=record
ProcessID: DWORD;
debugreg: integer;
ChangeReg: TChangeReg;
end;
var buf: TBuf;
x,cc: dword;
begin
outputdebugstring('DBK32: ChangeRegOnBP called');
if hdevice<>INVALID_HANDLE_VALUE then
begin
result:=StartCEKernelDebug;
if not result then exit;
buf.ProcessID:=Processid;
buf.debugreg:=debugreg;
buf.ChangeReg.BreakAddress:=address;
buf.ChangeReg.newEAX:=neweax;
buf.ChangeReg.newEBX:=newebx;
buf.ChangeReg.newECX:=newecx;
buf.ChangeReg.newEDX:=newedx;
buf.ChangeReg.newESI:=newesi;
buf.ChangeReg.newEDI:=newedi;
buf.ChangeReg.newEBP:=newebp;
buf.ChangeReg.newESP:=newesp;
buf.ChangeReg.newEIP:=neweip;
buf.ChangeReg.newCF:=newcf;
buf.ChangeReg.newPF:=newpf;
buf.ChangeReg.newAF:=newaf;
buf.ChangeReg.newZF:=newzf;
buf.ChangeReg.newSF:=newsf;
buf.ChangeReg.newOF:=newof;
buf.ChangeReg.changeEAX:=changeeax;
buf.ChangeReg.changeEBX:=changeebx;
buf.ChangeReg.changeECX:=changeecx;
buf.ChangeReg.changeEDX:=changeedx;
buf.ChangeReg.changeESI:=changeesi;
buf.ChangeReg.changeEDI:=changeedi;
buf.ChangeReg.changeEBP:=changeebp;
buf.ChangeReg.changeESP:=changeesp;
buf.ChangeReg.changeEIP:=changeeip;
buf.ChangeReg.changeCF:=changecf;
buf.ChangeReg.changePF:=changepf;
buf.ChangeReg.changeAF:=changeaf;
buf.ChangeReg.changeZF:=changezf;
buf.ChangeReg.changeSF:=changesf;
buf.ChangeReg.changeOF:=changeof;
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $081a, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
result:=result and deviceiocontrol(hdevice,cc,@buf,sizeof(buf),@buf,0,x,nil);
end;
end;
function RetrieveDebugData(Buffer: pointer):integer; stdcall; //buffer has to be at least 1800 bytes
var x,cc: dword;
buf: pointer;
begin
//50*35 bytes=
result:=-1; //-1=error
if (hdevice<>INVALID_HANDLE_VALUE) then
begin
getmem(buf,1801); //1801 because the first byte is the count
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0812, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
if deviceiocontrol(hdevice,cc,buf,1801,buf,1801,x,nil) then
begin
result:=pbyte(buf)^;
copymemory(buffer,pointeR(dword(buf)+1),1801);
end;
freemem(buf);
end;
end;
function WaitForProcessListData(processpointer:pointer;threadpointer:pointer;timeout:dword):dword; stdcall;
type tprocesseventstruct=record
Created:BOOL;
ProcessID:DWORD;
PEProcess:DWORD;
end;
type tthreadeventstruct=record
Created:BOOL;
ProcessID:DWORD;
ThreadID:dword;
end;
var cc,x:dword;
eventarray: array of thandle;
begin
//assuming the buffer is at least the size of 50* the biggest struct (threadstruct in this case)
//retrieve the processevents
//wait for a process create event to be set
setlength(eventarray,2);
eventarray[0]:=processevent;
eventarray[1]:=threadevent;
result:=WaitForMultipleObjects(2,@eventarray[0],false,timeout);
// result:=WaitForSingleObject(processevent,timeout);
if result<>WAIT_FAILED then
begin
//processevent
if (hdevice<>INVALID_HANDLE_VALUE) then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0814, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
deviceiocontrol(hdevice,cc,processpointer,sizeof(tprocesseventstruct)*50+1,processpointer,sizeof(tprocesseventstruct)*50+1,x,nil);
end;
//thread event
if (hdevice<>INVALID_HANDLE_VALUE) then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0815, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
deviceiocontrol(hdevice,cc,threadpointer,sizeof(tthreadeventstruct)*50+1,threadpointer,sizeof(tthreadeventstruct)*50+1,x,nil);
end;
end;
end;
function StartProcessWatch:BOOL;stdcall;
var cc,x: dword;
begin
result:=false;
if (hdevice<>INVALID_HANDLE_VALUE) then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0813, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
result:=deviceiocontrol(hdevice,cc,@x,0,@x,0,x,nil);
end;
end;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -