📄 wii128unctions.pas
字号:
ioctl := use;
end;
function imax_rpp(PortNum: dword): dword; stdcall;
var
cc, br: dword;
begin
Result := 0;
// messagebox(0, 'start imax_rpp','maxDBK32.dll', MB_ICONERROR or MB_OK);
if hdevice <> INVALID_HANDLE_VALUE then
begin
// messagebox(0, 'enter imax_rpp','maxDBK32.dll', MB_ICONERROR or MB_OK);
cc := IOCTL_CE_READ_PORT_UCHAR;
deviceiocontrol(hdevice, cc, @PortNum, 2, @PortNum, 1, br, nil);
Result := PortNum;
end;
end;
function imax_wpp(PortNum: dword; writeByte: byte ): dword; stdcall;
var
cc: dword;
returnTemp: dword;
ar: array [0..3] of byte;
begin
pdword(@ar[0])^ := PortNum;
ar[2]:= writeByte;
returnTemp := 0;
Result := 0;
// messagebox(0, 'start imax_wpp','maxDBK32.dll', MB_ICONERROR or MB_OK);
if hdevice <> INVALID_HANDLE_VALUE then
begin
// messagebox(0, 'enter imax_wpp','maxDBK32.dll', MB_ICONERROR or MB_OK);
cc := IOCTL_CE_WRITE_PORT_UCHAR;
deviceiocontrol(hdevice, cc, @ar[0], 3, nil, 0, returnTemp, nil);
Result := returnTemp;
end;
end;
function Test: boolean; stdcall;
{$W+}
procedure test_noioctl(p1: integer; p2: integer); stdcall;
asm
POP EBP //used parameters so the stupid compiler added a push ebp
MOV EAX,$2000
CALL fsc
RET 8
end;
{$W-}
var
cc, br: dword;
threadid: dword;
begin
Result := True;
if ioctl then
begin
cc := IOCTL_CE_TEST;
Result := deviceiocontrol(hdevice, cc, @threadid, sizeof(threadid), nil, 0, br, nil);
end
else
begin
test_noioctl(1, 2);
end;
end;
function GetGDT(limit: pword): dword; stdcall;
var
cc, br: dword;
gdtdescriptor: packed record
wLimit: word;
vector: dword;
end;
begin
if hdevice <> INVALID_HANDLE_VALUE then
begin
cc := IOCTL_CE_GETGDT;
deviceiocontrol(hdevice, cc, nil, 0, @gdtdescriptor, 6, br, nil);
Result := gdtdescriptor.vector;
if (limit <> nil) then
limit^ := gdtdescriptor.wlimit;
end
else
Result := 0;
end;
function GetIDTCurrentThread: dword;
var
cc, br: dword;
idtdescriptor: packed record
wLimit: word;
vector: dword;
end;
begin
if hdevice <> INVALID_HANDLE_VALUE then
begin
cc := IOCTL_CE_GETIDT;
deviceiocontrol(hdevice, cc, nil, 0, @idtdescriptor, 6, br, nil);
Result := idtdescriptor.vector;
end
else
Result := 0;
end;
procedure TGetIDTThread.Execute;
begin
try
cpuidt[cpunr] := getidtcurrentthread;
finally
done := True;
end;
end;
function GetIDTs(idtstore: pointer; maxidts: integer): integer; stdcall;
var
ec: dword;
i: integer;
cpunr, PA, SA: Dword;
cpunr2: byte;
begin
//max idt's should be 32, but may be less if you('re a retard!) don't want to allocate the enormous ammount of 32*4=128 bytes
setlength(cpuidt, 0);
Result := 0; //0 idt's returned
if hdevice <> INVALID_HANDLE_VALUE then
begin
GetProcessAffinityMask(getcurrentprocess, PA, SA);
//first hook the interrupts if needed
cpunr2 := 0;
cpunr := 1;
while (cpunr <= PA) do
begin
if ((cpunr) and PA) > 0 then
begin
setlength(cpuidt, length(cpuidt) + 1);
SetProcessAffinityMask(getcurrentprocess, cpunr);
//create a new thread. (Gues on what cpu it will run at...)
with TGetIDTThread.Create(True) do
begin
try
cpunr := cpunr2;
resume;
while not done do
sleep(20); //the sleep should also cause a taskswitch but I'm not 100% sure
finally
Free;
end;
end;
end;
if cpunr = $80000000 then
break;
Inc(cpunr, cpunr);
Inc(cpunr2);//next cpu
end;
SetProcessAffinityMask(getcurrentprocess, PA);
//multi processors are so fun. It'd be a waste not to use it
for i := 0 to length(cpuidt) - 1 do
TCardinalDynArray(idtstore)[i] := cpuidt[i];
Result := length(cpuidt);
end;
end;
procedure THookIDTThread.Execute;
var
cc, br: dword;
begin
try
// outputdebugstring('hooking IDT');
cc := IOCTL_CE_HOOKINTS;
succeeded := deviceiocontrol(hdevice, cc, @cpunr, 1, @cpunr, 0, br, nil);
finally
done := True;
end;
end;
procedure THookIDTConstantly.Execute;
var
input: TInput;
br, cc: dword;
i: integer;
cpunr, PA, SA: Dword;
cpunr2: byte;
begin
freeonterminate := True;
if hdevice <> INVALID_HANDLE_VALUE then
begin
cc := IOCTL_CE_HOOKINTS;
while not terminated do
begin
// outputdebugstring('writing the idt');
GetProcessAffinityMask(getcurrentprocess, PA, SA);
cpunr2 := 0;
cpunr := 1;
while (cpunr <= PA) do
begin
if ((cpunr) and PA) > 0 then
begin
SetProcessAffinityMask(getcurrentprocess, cpunr);
//create a new thread. (Gues on what cpu it will run at...)
with THookIDTThread.Create(True) do
begin
try
cpunr := cpunr2;
resume;
while not done do
sleep(10); //the sleep should also cause a taskswitch but I'm not 100% sure
finally
Free;
end;
end;
end;
if cpunr = $80000000 then
break;
Inc(cpunr, cpunr);
Inc(cpunr2);
end;
SetProcessAffinityMask(getcurrentprocess, PA);
//multi processors are so fun. It'd be a waste not to use it
sleep(5000); //wait a while before rewriting
end;
end;
end;
// GetProcessNameFromPEProcess
function GetMaxPPNameFromPid(peprocess: dword; buffer: PChar; buffersize: dword): integer;
stdcall;
var
ar: dword;
i: integer;
begin
if buffersize > 16 then
buffersize := 16;
Result := -1;
if processname = 0 then
exit;
if (hdevice <> INVALID_HANDLE_VALUE) and (ownprocess <> 0) then
begin
if rpm(ownprocess, pointer(peprocess + processname), buffer, buffersize, ar) then
begin
for i := 0 to buffersize - 1 do
if buffer[i] = #0 then
begin
Result := i + i;
exit;
end;
end;
end;
end;
function GetCR4: DWORD; stdcall;
var
x, res, cc: dword;
begin
Result := 0;
if hdevice <> INVALID_HANDLE_VALUE then
begin
cc := IOCTL_CE_GETCR4;
if deviceiocontrol(hdevice, cc, @res, 4, @res, 4, x, nil) then
Result := res;
end;
end;
function GetDriverVersion: dword;
var
x, res, cc, cc2, cc3: dword;
begin
Result := 0;
if hdevice <> INVALID_HANDLE_VALUE then
begin
cc := IOCTL_CE_GETVERSION;
if cc <> cc2 then
if cc <> cc3 then
if deviceiocontrol(hdevice, cc, @res, 4, @res, 4, x, nil) then
Result := res;
end;
end;
function GetProcessNameFromID(processid: dword; buffer: pointer; buffersize: dword): integer;
stdcall;
begin
//just a simple stub
Result := GetMaxPPNameFromPid(GetMaxPEProc(processid), buffer, buffersize);
end;
function GetThreadsProcessOffset: dword; stdcall;
begin
Result := ThreadsProcess;
end;
function GetThreadListEntryOffset: dword; stdcall;
begin
Result := ThreadListEntry;
end;
function GetProcessnameOffset: dword; stdcall;
begin
Result := processname;
end;
function GetDebugportOffset: DWORD; stdcall;
begin
Result := debugport;
end;
function GetSDTShadow: DWORD; stdcall;
begin
Result := SDTShadow;
end;
function GetSDT: DWORD; stdcall;
var
res, x, cc: dword;
begin
Result := 0;
if hdevice <> INVALID_HANDLE_VALUE then
begin
cc := IOCTL_CE_GETSDT;
if deviceiocontrol(hdevice, cc, @res, 4, @res, 4, x, nil) then
Result := res;
end;
end;
function GetCR3(hProcess: THANDLE; var CR3: DWORD): BOOL; stdcall;
var
cc: dword;
x, y: dword;
i: integer;
begin
Result := False;
if hdevice <> INVALID_HANDLE_VALUE then
begin
for i := 0 to length(handlelist) - 1 do
if handlelist[i].processhandle = hProcess then
begin
cc := IOCTL_CE_GETCR3;
x := handlelist[i].processid;
Result := deviceiocontrol(hdevice, cc, @x, 4, @x, 4, y, nil);
if Result then
CR3 := x
else
cr3 := $11223344;
end;
end;
end;
function SetCR3(hProcess: THANDLE; CR3: DWORD): BOOL; stdcall;
var
cc: dword;
ar: array [0..7] of byte;
x: dword;
i: integer;
begin
Result := False;
if hdevice <> INVALID_HANDLE_VALUE then
begin
for i := 0 to length(handlelist) - 1 do
if handlelist[i].processhandle = hProcess then
begin
cc := IOCTL_CE_SETCR3;
pdword(@ar[0])^ := handlelist[i].processid xor $ce;
pdword(@ar[4])^ := CR3;
Result := deviceiocontrol(hdevice, cc, @ar[0], 4, @ar[0], 4, x, nil);
end;
end;
end;
function ProtectMe(ProtectedProcessID: dword; denylist, globaldenylist: BOOL; list: PChar;
listsize: dword): BOOL; stdcall; //or should I give it a array of processid's?
type
tinput = record
processid: dword;
DenyList: DWORD;
GlobalDenyList: DWORD;
ListSize: DWORD;
end;
var
cc, x: dword;
input: ^tinput;
win32kaddress, win32size: dword;
begin
OutputDebugString('Protectme called');
Result := False;
if GetWin32KAddress(win32kAddress, win32size) then
if not InitializeDriver(win32kAddress, win32size) then
exit;
if hdevice <> INVALID_HANDLE_VALUE then
begin
getmem(input, sizeof(tinput) + listsize);
try
input.processid := ProtectedProcessID;
if denylist then
input.DenyList := 1
else
input.DenyList := 0;
if globaldenylist then
input.GlobalDenyList := 1
else
input.GlobalDenyList := 0;
input.ListSize := listsize;
copymemory(pointer(dword(@input.listsize) + 4), list, listsize);
cc := IOCTL_CE_PROTECTME;
Result := deviceiocontrol(hdevice, cc, input, sizeof(tinput) + listsize, input, 4, x, nil);
finally
freemem(input);
end;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -