📄 dbk32functions.pas
字号:
function MakeWritable(Address,Size:dword;copyonwrite:boolean): boolean; stdcall;
type TMemoryDesignation=record
StartAddress:DWORD;
Size: DWORD;
CopyOnWrite: BYTE;
end;
var cc: dword;
x: TMemoryDesignation;
begin
result:=false;
x.StartAddress:=Address;
x.Size:=Size;
if copyonwrite then x.CopyOnWrite:=1 else x.CopyOnWrite:=0;
if (hdevice<>INVALID_HANDLE_VALUE) then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0819, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
result:=deviceiocontrol(hdevice,cc,@x,sizeof(x),@x,0,cc,nil);
end;
end;
function KernelAlloc(size: dword):pointer; stdcall;
type TInput=record
Size: DWORD;
end;
var cc: dword;
x: TInput;
output: pointer;
begin
result:=nil;
x.Size:=size;
if (hdevice<>INVALID_HANDLE_VALUE) then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0826, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
if deviceiocontrol(hdevice,cc,@x,sizeof(x),@output,sizeof(output),cc,nil) then
result:=output;
end;
end;
function GetKProcAddress(s: pwidechar):pointer; stdcall;
var cc: dword;
output: pointer;
d: dword;
err: integer;
st: string;
begin
result:=nil;
st:=s;
if length(st)<4 then exit;
val('$'+st,d,err);
if err=0 then exit;
if (hdevice<>INVALID_HANDLE_VALUE) then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0827, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
output:=0;
if deviceiocontrol(hdevice,cc,@s,sizeof(s),@output,sizeof(output),cc,nil) then
result:=output;
end;
end;
function Protect2(var testprotect:dword; var NewObOpenObjectByPointer: dword; var OriginalObOpenObjectByPointer: dword):boolean; stdcall;
type toutput=record
testprotect: dword;
NewObOpenObjectByPointer: dword;
OriginalObOpenObjectByPointer: dword;
end;
var cc: dword;
output: toutput;
begin
result:=false;
if (hdevice<>INVALID_HANDLE_VALUE) then
begin
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $0828, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
zeromemory(@output,sizeof(output));
if deviceiocontrol(hdevice,cc,nil,0,@output,sizeof(output),cc,nil) then
begin
testprotect:=output.testprotect;
NewObOpenObjectByPointer:=output.NewObOpenObjectByPointer;
OriginalObOpenObjectByPointer:=output.OriginalObOpenObjectByPointer;
result:=true;
end;
end;
end;
function RewriteKernel32:boolean; stdcall;
begin
//modifies the code of NtOpenProcess,NtOpenThread,OpenProcess,OpenThread to point to this dll's functions
end;
function RestoreKernel32: boolean; stdcall;
begin
end;
function CTL_CODE(DeviceType, Func, Method, Access : integer) : integer;
begin
Result := (DeviceType shl 16) or (Access shl 14) or (Func shl 2) or Method;
end;
function InitializeDriver(Address,size:dword):BOOL; stdcall;
type tinput=record
address: dword;
size:dword;
NtUserBuildHwndList_callnumber: Dword;
NtUserQueryWindow_callnumber:dword;
NtUserFindWindowEx_callnumber:DWORD;
NtUserGetForegroundWindow_callnumber:DWORD;
activelinkoffset: dword;
processnameoffset:dword;
debugportoffset:dword;
end;
var cc: dword;
buf: tinput;
res: dword absolute buf;
x:dword;
callnumberfile: tfilestream;
windowsversion:_osversioninfoa;
majorversion,minorversion,buildnumber: dword;
CSDVersion: array [0..127] of char;
a: boolean;
i: integer;
begin
result:=false;
sdtshadow:=0;
if hdevice<>INVALID_HANDLE_VALUE then
begin
processevent:=OpenEvent(SYNCHRONIZE,false,pchar(processeventname));
threadevent:=OpenEvent(SYNCHRONIZE,false,pchar(threadeventname));
zeromemory(@buf,sizeof(buf));
buf.address:=address;
buf.size:=size;
buf.NtUserBuildHwndList_callnumber:=0;
buf.NtUserQueryWindow_callnumber:=0;
buf.NtUserFindWindowEx_callnumber:=0;
buf.NtUserGetForegroundWindow_callnumber:=0;
buf.activelinkoffset:=0;
buf.processnameoffset:=0;
buf.debugportoffset:=0;
//check if there is a callnumber.txt file in the rootdir, and if so use it
if fileexists(extractfilepath(driverloc)+'kerneldata.dat') then
begin
//read the file, first 4 bytes is the callnumber of NtUserBuildHwndList_callnumber
try
callnumberfile:=tfilestream.create(extractfilepath(driverloc)+'kerneldata.dat',fmOpenRead,fmShareDenyNone );
try
windowsversion.dwOSVersionInfoSize:=sizeof(windowsversion);
getversionex(windowsversion);
callnumberfile.ReadBuffer(MajorVersion,4);
callnumberfile.ReadBuffer(MinorVersion,4);
callnumberfile.ReadBuffer(BuildNumber,4);
callnumberfile.ReadBuffer(CSDVersion,128);
// a:=comparemem(@CSDVersion[0],@windowsversion.szCSDVersion[0],128);
a:=true;
i:=0;
while a and (i<128) and (windowsversion.szCSDVersion[i]<>#0) and (CSDVersion[i]<>#0) do
begin
a:=CSDVersion[i]=windowsversion.szCSDVersion[i];
inc(i);
end;
if (not a) or (majorversion<>windowsversion.dwMajorVersion) or (MinorVersion<>windowsversion.dwMinorVersion) or (buildnumber<>windowsversion.dwBuildNumber) then
begin
//not a valid kerneldata.dat file
end
else
begin
callnumberfile.ReadBuffer(x,4);
buf.NtUserBuildHwndList_callnumber:=x;
callnumberfile.ReadBuffer(x,4);
buf.NtUserQueryWindow_callnumber:=x;
callnumberfile.ReadBuffer(x,4);
buf.NtUserFindWindowEx_callnumber:=x;
callnumberfile.ReadBuffer(x,4);
buf.NtUserGetForegroundWindow_callnumber:=x;
callnumberfile.ReadBuffer(buf.activelinkoffset,4);
callnumberfile.ReadBuffer(buf.processnameoffset,4);
callnumberfile.ReadBuffer(buf.debugportoffset,4);
debugport:=buf.debugportoffset;
processname:=buf.processnameoffset;
//----------------Add this part to the file---------
ThreadsProcess:=$220;
ThreadListEntry:=$3c;
end;
finally
callnumberfile.free;
end;
except
end;
end;
cc:=CTL_CODE(IOCTL_UNKNOWN_BASE, $080d, METHOD_BUFFERED, FILE_READ_ACCESS or FILE_WRITE_ACCESS);
if deviceiocontrol(hdevice,cc,@buf,sizeof(tinput),@buf,sizeof(tinput),x,nil) then
begin
result:=true;
SDTShadow:=res;
end;
ownprocess:=OP(PROCESS_ALL_ACCESS,false,getcurrentprocessid);
end;
end;
function GetWin32KAddress(var address:DWORD;var size:dworD):boolean;
var need:dword;
p: pointer;
oldx: dword;
x: array of pointer;
i,j: integer;
count: integer;
drivername: pchar;
nearest: dword; //nearest other driver (AFTER win32k.sys)
begin
result:=false;
copymemory(@oldx,@x,4);
EnumDevicedrivers(nil,0,need);
count:=need div 4;
getmem(p,need);
try
if enumDevicedrivers(p,need,need) then
begin
getmem(drivername,200);
copymemory(@x,@p,4);
try
for i:=0 to count-1 do
begin
GetDevicedriverBaseName(x[i],drivername,200);
if lowercase(drivername)='win32k.sys' then
begin
address:=dword(x[i]);
nearest:=$ffffffff;
for j:=0 to count-1 do
if (dword(x[j])>dword(x[i])) and (dword(x[j])<nearest) then //it's bigger than winb32k.sys, but closer to it than the last closts I found
nearest:=dword(x[j]);
size:=nearest-address;
result:=true;
exit;
end;
end;
finally
copymemory(@x,@oldx,4);
freemem(drivername);
end;
end;
finally
freemem(p);
end;
end;
var hscManager: thandle;
hservicE: thandle;
var sav: pchar;
apppath: pchar;
win32kaddress,win32size:dword;
servicename,sysfile: string;
dataloc: string;
reg: tregistry;
driverdat: textfile;
// servicestatus: _service_status;
initialization
begin
ioctl:=true;
kernel32dll:=loadlibrary('kernel32.dll');
usealternatedebugmethod:=false;
Successfullyloaded:=false;
iamprotected:=false;
apppath:=nil;
hooker:=nil;
setlength(handlelist,0);
hSCManager := OpenSCManager(nil, nil, GENERIC_READ or GENERIC_WRITE);
try
getmem(apppath,250);
GetModuleFileName(0,apppath,250);
dataloc:=extractfilepath(apppath)+'driver.dat';
if not fileexists(dataloc) then
begin
servicename:='CEDRIVER52';
processeventname:='DBKProcList51';
threadeventname:='DBKThreadList51';
sysfile:='dbk32.sys';
end
else
begin
assignfile(driverdat,dataloc);
reset(driverdat);
readln(driverdat,servicename);
readln(driverdat,processeventname);
readln(driverdat,threadeventname);
readln(driverdat,sysfile);
closefile(driverdat);
end;
driverloc:=extractfilepath(apppath)+sysfile;
finally
freemem(apppath);
end;
if not fileexists(driverloc) then
begin
messagebox(0,'You are missing the driver. Try reinstalling cheat engine, and try to disable your anti-virus before doing so.','Driver error',MB_ICONERROR or mb_ok);
hDevice:=INVALID_HANDLE_VALUE;
exit;
end;
if hscmanager<>0 then
begin
hService := OpenService(hSCManager, pchar(servicename), SERVICE_ALL_ACCESS);
if hService=0 then
begin
hService:=CreateService(
hSCManager, // SCManager database
pchar(servicename), // name of service
pchar(servicename), // name to display
SERVICE_ALL_ACCESS, // desired access
SERVICE_KERNEL_DRIVER,// service type
SERVICE_DEMAND_START, // start type
SERVICE_ERROR_NORMAL, // error control type
pchar(driverloc), // service's binary
nil, // no load ordering group
nil, // no tag identifier
nil, // no dependencies
nil, // LocalSystem account
nil // no password
);
end
else
begin
//make sure the service points to the right file
ChangeServiceConfig(hservice,
SERVICE_KERNEL_DRIVER,
SERVICE_DEMAND_START,
SERVICE_ERROR_NORMAL,
pchar(driverloc),
nil,
nil,
nil,
nil,
nil,
pchar(servicename));
end;
if hservice<>0 then
begin
sav:=nil;
//setup the configuration parameters before starting the driver
reg:=tregistry.Create;
reg.RootKey:=HKEY_LOCAL_MACHINE;
if not reg.OpenKey('\SYSTEM\CurrentControlSet\Services\'+servicename,false) then
begin
messagebox(0,'Failure to configure the driver','Driver Error',MB_ICONERROR or mb_ok);
hDevice:=INVALID_HANDLE_VALUE;
exit;
end;
reg.WriteString('A','\Device\'+servicename);
reg.WriteString('B','\DosDevices\'+servicename);
reg.WriteString('C','\BaseNamedObjects\'+processeventname);
reg.WriteString('D','\BaseNamedObjects\'+threadeventname);
startservice(hservice,0,sav);
closeservicehandle(hservice);
end else
begin
messagebox(0,'The service couldn''t get opened and also couldn''t get created.'+' Check if you have the needed rights to create a service, or call your system admin (Who''ll probably beat you up for even trying this). Untill this is fixed you won''t be able to make use of the enhancements the driver gives you','DBK32 Error',MB_ICONERROR or mb_ok);
hDevice:=INVALID_HANDLE_VALUE;
exit;
end;
hdevice:=0;
hDevice := CreateFile(pchar('\\.\'+servicename),
GENERIC_READ or GENERIC_WRITE,
FILE_SHARE_READ or FILE_SHARE_WRITE,
nil,
OPEN_EXISTING,
FILE_FLAG_OVERLAPPED,
0);
if hdevice=INVALID_HANDLE_VALUE then
messagebox(0,'The driver couldn''t be opened! It''s not loaded or not responding. I recommend to reboot your system and try again','DBK32.DLL Error',MB_ICONERROR or MB_OK)
else
begin
//Get the address of win32k.sys
if GetDriverVersion<>currentversion then
begin
closehandle(hdevice);
messagebox(0,'The driver that is currently loaded belongs to a previous version of Cheat Engine. Please unload this old driver or reboot.','DBK32.dll',MB_ICONERROR or MB_OK);
hdevice:=INVALID_HANDLE_VALUE;
end
else
begin
if GetWin32KAddress(win32kAddress,win32size) then
begin
if not InitializeDriver(win32kAddress,win32size) then
begin
messagebox(0,'The driver failed to successfully initialize. Some functions may not completly work','DBK32.dll',MB_ICONERROR or MB_OK);
end;
end
else
messagebox(0,'There was an error while trying to find the win32k.sys device driver. This means that some functions will not work','DBK32.dll',MB_ICONERROR or MB_OK);
Successfullyloaded:=true;
end;
end;
//successfully initialized, say goodbye to the init params
reg.DeleteValue('A');
reg.DeleteValue('B');
reg.DeleteValue('C');
reg.DeleteValue('D');
closeservicehandle(hscmanager);
end;
end;
finalization
begin
closehandle(ownprocess);
if hooker<>nil then hooker.Terminate;
freelibrary(kernel32dll);
end;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -