📄 w2k_call.c
字号:
}
else
{
SetLastError (ERROR_GEN_FAILURE);
}
}
return fOk;
}
// -----------------------------------------------------------------
BOOL WINAPI w2kSpyRead (PVOID pBuffer,
PVOID pAddress,
DWORD dBytes)
{
SPY_MEMORY_BLOCK smb;
BOOL fOk = FALSE;
if ((pBuffer != NULL) && (pAddress != NULL) && dBytes)
{
ZeroMemory (pBuffer, dBytes);
smb.pAddress = pAddress;
smb.dBytes = dBytes;
fOk = w2kSpyControl (SPY_IO_MEMORY_BLOCK,
&smb, SPY_MEMORY_BLOCK_,
pBuffer, dBytes);
}
return fOk;
}
// -----------------------------------------------------------------
PVOID WINAPI w2kSpyClone (PVOID pAddress,
DWORD dBytes)
{
PVOID pBuffer = NULL;
if ((pAddress != NULL) && dBytes &&
((pBuffer = w2kMemoryCreate (dBytes)) != NULL) &&
(!w2kSpyRead (pBuffer, pAddress, dBytes)))
{
pBuffer = w2kMemoryDestroy (pBuffer);
}
return pBuffer;
}
// =================================================================
// UNICODE STRING MANAGEMENT
// =================================================================
PANSI_STRING WINAPI w2kStringAnsi (DWORD dSize)
{
PANSI_STRING pasData = NULL;
if ((pasData = w2kMemoryCreate (ANSI_STRING_ + dSize))
!= NULL)
{
pasData->Length = 0;
pasData->MaximumLength = (WORD) dSize;
pasData->Buffer = PTR_ADD (pasData, ANSI_STRING_);
if (dSize) pasData->Buffer [0] = 0;
}
return pasData;
}
// -----------------------------------------------------------------
PUNICODE_STRING WINAPI w2kStringUnicode (DWORD dSize)
{
DWORD dSize1 = dSize * WORD_;
PUNICODE_STRING pusData = NULL;
if ((pusData = w2kMemoryCreate (UNICODE_STRING_ + dSize1))
!= NULL)
{
pusData->Length = 0;
pusData->MaximumLength = (WORD) dSize1;
pusData->Buffer = PTR_ADD (pusData, UNICODE_STRING_);
if (dSize) pusData->Buffer [0] = 0;
}
return pusData;
}
// -----------------------------------------------------------------
PUNICODE_STRING WINAPI w2kStringClone (PUNICODE_STRING pusSource)
{
DWORD dSize;
UNICODE_STRING usCopy;
PUNICODE_STRING pusData = NULL;
if (w2kSpyRead (&usCopy, pusSource, UNICODE_STRING_))
{
dSize = max (usCopy.Length + WORD_,
usCopy.MaximumLength) / WORD_;
if (((pusData = w2kStringUnicode (dSize)) != NULL) &&
usCopy.Length && (usCopy.Buffer != NULL))
{
if (w2kSpyRead (pusData->Buffer, usCopy.Buffer,
usCopy.Length))
{
pusData->Length = usCopy.Length;
pusData->Buffer [usCopy.Length / WORD_] = 0;
}
else
{
pusData = w2kMemoryDestroy (pusData);
}
}
}
return pusData;
}
// -----------------------------------------------------------------
PWORD WINAPI w2kStringCopy (PUNICODE_STRING pusSource,
PUNICODE_STRING pusTarget,
PWORD pwBuffer)
{
DWORD dLength = 0;
PWORD pwNext = NULL;
if (pwBuffer != NULL)
{
if ((pusSource != NULL) && (pusSource->Buffer != NULL) &&
(dLength = pusSource->Length) &&
(!w2kSpyRead (pwBuffer, pusSource->Buffer, dLength)))
{
dLength = 0;
}
pwNext = pwBuffer + (dLength / WORD_) + 1;
pwNext [-1] = 0;
}
if (pusTarget != NULL)
{
if (pwBuffer != NULL)
{
pusTarget->Length = (WORD) dLength;
pusTarget->MaximumLength = (WORD) dLength + WORD_;
pusTarget->Buffer = pwBuffer;
}
else
{
pusTarget->Length = 0;
pusTarget->MaximumLength = 0;
pusTarget->Buffer = L"";
}
}
return pwNext;
}
// =================================================================
// KERNEL CALL INTERFACE
// =================================================================
BOOL WINAPI w2kCallInfo (PW2K_CALL_INFO pwci)
{
BOOL fOk = FALSE;
if (pwci != NULL)
{
w2kSpyLock ();
pwci->hDevice = ghDevice;
pwci->pwDevice = awSpyDisplay;
lstrcpyn (pwci->awDriver, awDriver, MAX_PATH);
w2kSpyUnlock ();
fOk = TRUE;
}
return fOk;
}
// -----------------------------------------------------------------
BOOL WINAPI w2kCallExecute (PSPY_CALL_INPUT psci,
PSPY_CALL_OUTPUT psco)
{
BOOL fOk = FALSE;
SetLastError (ERROR_INVALID_PARAMETER);
if (psco != NULL)
{
psco->uliResult.QuadPart = 0;
if ((psci != NULL)
&&
((psci->pbSymbol != NULL) ||
(psci->pEntryPoint != NULL)))
{
fOk = w2kSpyControl (SPY_IO_CALL,
psci, SPY_CALL_INPUT_,
psco, SPY_CALL_OUTPUT_);
}
}
return fOk;
}
// -----------------------------------------------------------------
BOOL WINAPI w2kCall (PULARGE_INTEGER puliResult,
PBYTE pbSymbol,
PVOID pEntryPoint,
BOOL fFastCall,
DWORD dArgumentBytes,
PVOID pArguments)
{
SPY_CALL_INPUT sci;
SPY_CALL_OUTPUT sco;
BOOL fOk = FALSE;
sci.fFastCall = fFastCall;
sci.dArgumentBytes = dArgumentBytes;
sci.pArguments = pArguments;
sci.pbSymbol = pbSymbol;
sci.pEntryPoint = pEntryPoint;
fOk = w2kCallExecute (&sci, &sco);
if (puliResult != NULL) *puliResult = sco.uliResult;
return fOk;
}
// -----------------------------------------------------------------
BOOL WINAPI w2kCallV (PULARGE_INTEGER puliResult,
PBYTE pbSymbol,
BOOL fFastCall,
DWORD dArgumentBytes,
...)
{
return w2kCall (puliResult, pbSymbol, NULL, fFastCall,
dArgumentBytes, &dArgumentBytes + 1);
}
// -----------------------------------------------------------------
NTSTATUS WINAPI w2kCallNT (PBYTE pbSymbol,
DWORD dArgumentBytes,
...)
{
ULARGE_INTEGER uliResult;
return (w2kCall (&uliResult, pbSymbol, NULL, FALSE,
dArgumentBytes, &dArgumentBytes + 1)
? uliResult.LowPart
: STATUS_IO_DEVICE_ERROR);
}
// -----------------------------------------------------------------
BYTE WINAPI w2kCall08 (BYTE bDefault,
PBYTE pbSymbol,
BOOL fFastCall,
DWORD dArgumentBytes,
...)
{
ULARGE_INTEGER uliResult;
return (w2kCall (&uliResult, pbSymbol, NULL, fFastCall,
dArgumentBytes, &dArgumentBytes + 1)
? (BYTE) uliResult.LowPart
: bDefault);
}
// -----------------------------------------------------------------
WORD WINAPI w2kCall16 (WORD wDefault,
PBYTE pbSymbol,
BOOL fFastCall,
DWORD dArgumentBytes,
...)
{
ULARGE_INTEGER uliResult;
return (w2kCall (&uliResult, pbSymbol, NULL, fFastCall,
dArgumentBytes, &dArgumentBytes + 1)
? (WORD) uliResult.LowPart
: wDefault);
}
// -----------------------------------------------------------------
DWORD WINAPI w2kCall32 (DWORD dDefault,
PBYTE pbSymbol,
BOOL fFastCall,
DWORD dArgumentBytes,
...)
{
ULARGE_INTEGER uliResult;
return (w2kCall (&uliResult, pbSymbol, NULL, fFastCall,
dArgumentBytes, &dArgumentBytes + 1)
? uliResult.LowPart
: dDefault);
}
// -----------------------------------------------------------------
QWORD WINAPI w2kCall64 (QWORD qDefault,
PBYTE pbSymbol,
BOOL fFastCall,
DWORD dArgumentBytes,
...)
{
ULARGE_INTEGER uliResult;
return (w2kCall (&uliResult, pbSymbol, NULL, fFastCall,
dArgumentBytes, &dArgumentBytes + 1)
? uliResult.QuadPart
: qDefault);
}
// -----------------------------------------------------------------
PVOID WINAPI w2kCallP (PVOID pDefault,
PBYTE pbSymbol,
BOOL fFastCall,
DWORD dArgumentBytes,
...)
{
ULARGE_INTEGER uliResult;
return (w2kCall (&uliResult, pbSymbol, NULL, fFastCall,
dArgumentBytes, &dArgumentBytes + 1)
? (PVOID) uliResult.LowPart
: pDefault);
}
// =================================================================
// KERNEL COPY INTERFACE
// =================================================================
BOOL WINAPI w2kCopy (PULARGE_INTEGER puliResult,
PBYTE pbSymbol,
PVOID pEntryPoint,
DWORD dBytes)
{
return w2kCall (puliResult, pbSymbol, pEntryPoint, FALSE,
0xFFFFFFFF - dBytes, NULL);
}
// -----------------------------------------------------------------
BYTE WINAPI w2kCopy08 (BYTE bDefault,
PBYTE pbSymbol)
{
ULARGE_INTEGER uliResult;
return (w2kCopy (&uliResult, pbSymbol, NULL, 1)
? (BYTE) uliResult.LowPart
: bDefault);
}
// -----------------------------------------------------------------
WORD WINAPI w2kCopy16 (WORD wDefault,
PBYTE pbSymbol)
{
ULARGE_INTEGER uliResult;
return (w2kCopy (&uliResult, pbSymbol, NULL, 2)
? (WORD) uliResult.LowPart
: wDefault);
}
// -----------------------------------------------------------------
DWORD WINAPI w2kCopy32 (DWORD dDefault,
PBYTE pbSymbol)
{
ULARGE_INTEGER uliResult;
return (w2kCopy (&uliResult, pbSymbol, NULL, 4)
? uliResult.LowPart
: dDefault);
}
// -----------------------------------------------------------------
QWORD WINAPI w2kCopy64 (QWORD qDefault,
PBYTE pbSymbol)
{
ULARGE_INTEGER uliResult;
return (w2kCopy (&uliResult, pbSymbol, NULL, 8)
? uliResult.QuadPart
: qDefault);
}
// -----------------------------------------------------------------
PVOID WINAPI w2kCopyP (PVOID pDefault,
PBYTE pbSymbol)
{
ULARGE_INTEGER uliResult;
return (w2kCopy (&uliResult, pbSymbol, NULL, 4)
? (PVOID) uliResult.LowPart
: pDefault);
}
// -----------------------------------------------------------------
PVOID WINAPI w2kCopyEP (PVOID pDefault,
PBYTE pbSymbol)
{
ULARGE_INTEGER uliResult;
return (w2kCopy (&uliResult, pbSymbol, NULL, 0)
? (PVOID) uliResult.LowPart
: pDefault);
}
// =================================================================
// EXTENDED KERNEL CALL INTERFACE
// =================================================================
BOOL WINAPI w2kXCall (PULARGE_INTEGER puliResult,
PBYTE pbSymbol,
DWORD dArgumentBytes,
PVOID pArguments)
{
PIMG_TABLE pit;
PIMG_ENTRY pie;
BOOL fOk = FALSE;
if (((pit = w2kSymbolsGlobal (NULL)) != NULL) &&
((pie = imgTableResolve (pit, pbSymbol)) != NULL) &&
(pie->pAddress != NULL))
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -