📄 wii128unctions.pas
字号:
Iamprotected := Result;
end;
end;
function UnprotectMe: bool; stdcall;
var
cc, x: dword;
begin
Result := False;
if (hdevice <> INVALID_HANDLE_VALUE) and (Iamprotected) then
begin
cc := IOCTL_CE_DONTPROTECTME;
Result := deviceiocontrol(hdevice, cc, @x, 0, @x, 0, x, nil);
end;
end;
function DBKSuspendThread(ThreadID: dword): boolean; stdcall;
var
cc, x: dword;
begin
outputdebugstring('DBKSuspendThread');
Result := False;
x := ThreadId;
if (hdevice <> INVALID_HANDLE_VALUE) then
begin
cc := IOCTL_CE_SUSPENDTHREAD;
Result := deviceiocontrol(hdevice, cc, @x, sizeof(x), nil, 0, x, nil);
end;
end;
function DBKResumeThread(ThreadID: dword): boolean; stdcall;
var
cc, x: dword;
begin
outputdebugstring('DBKResumeThread');
Result := False;
x := threadid;
if (hdevice <> INVALID_HANDLE_VALUE) then
begin
cc := IOCTL_CE_RESUMETHREAD;
Result := deviceiocontrol(hdevice, cc, @x, sizeof(x), nil, 0, x, nil);
end;
end;
function DBKSuspendProcess(ProcessID: dword): boolean; stdcall;
var
cc, x: dword;
begin
Result := False;
x := ProcessID xor $ce;
if (hdevice <> INVALID_HANDLE_VALUE) then
begin
cc := IOCTL_CE_SUSPENDPROCESS;
Result := deviceiocontrol(hdevice, cc, @x, sizeof(x), nil, 0, x, nil);
end;
end;
function DBKResumeProcess(ProcessID: dword): boolean; stdcall;
var
cc, x: dword;
begin
Result := False;
x := ProcessID xor $ce;
if (hdevice <> INVALID_HANDLE_VALUE) then
begin
cc := IOCTL_CE_RESUMEPROCESS;
Result := deviceiocontrol(hdevice, cc, @x, sizeof(x), nil, 0, x, nil);
end;
end;
function GetPhysicalAddress(hProcess: THandle; lpBaseAddress: pointer;
var Address: int64): BOOL; stdcall;
type
TInputstruct = record
ProcessID: dword;
BaseAddress: dword;
end;
var
cc: dword;
input: TInputStruct;
physicaladdress: int64 absolute input;
x: dword;
i: integer;
begin
Result := False;
if hdevice <> INVALID_HANDLE_VALUE then
begin
cc := IOCTL_CE_GETPHYSICALADDRESS;
for i := 0 to length(handlelist) - 1 do
if handlelist[i].processhandle = hProcess then
begin
input.ProcessID := handlelist[i].processid xor $ce;
input.BaseAddress := dword(lpBaseAddresS);
Result := deviceiocontrol(hdevice, cc, @input, 8, @input, 8, x, nil);
if Result then
address := physicaladdress
else
address := 0;
end;
end;
end;
function WritePhysicalMemory(hProcess: THANDLE; lpBaseAddress: pointer;
lpBuffer: pointer; nSize: DWORD; var NumberOfBytesWritten: DWORD): BOOL; stdcall;
type
TInputstruct = record
startaddress: dword;
bytestowrite: dword;
end;
var
ao: array [0..512] of byte;
input: TInputstruct absolute ao[0];
cc: dword;
i: integer;
ok: boolean;
br: dword;
mempointer: dword;
bufpointer: dword;
bufpointer2: pointer;
towrite: dword;
begin
Result := False;
NumberOfByteswritten := 0;
//find the hprocess in the handlelist, if it isn't use the normal method (I could of course use NtQueryProcessInformation but it's undocumented and I'm too lazy to dig it up
if hdevice <> INVALID_HANDLE_VALUE then
begin
cc := IOCTL_CE_WRITEPHYSICALMEMORY;
mempointer := dword(lpBaseAddress);
bufpointer := dword(lpbuffer);
ok := True;
while ok do
begin
zeromemory(@ao[0], 512);
if nSize - NumberOfByteswritten >= (512 - sizeof(TInputstruct)) then
towrite := (512 - sizeof(TInputstruct))
else
towrite := nSize - NumberOfByteswritten;
input.bytestowrite := towrite;
input.startaddress := mempointer;
bufpointer2 := pointer(bufpointer);
copymemory(@ao[sizeof(tinputstruct)], bufpointer2, towrite);
if not deviceiocontrol(hdevice, cc, @ao[0], 512, @ao[0], 512, br, nil) then
exit;
Inc(mempointer, towrite);
Inc(bufpointer, towrite);
Inc(NumberOfByteswritten, towrite);
if NumberOfByteswritten = nSize then
begin
Result := True;
exit;
end;
end;
end;
end;
function ReadPhysicalMemory(hProcess: THANDLE; lpBaseAddress: pointer;
lpBuffer: pointer; nSize: DWORD; var NumberOfBytesRead: DWORD): BOOL; stdcall;
type
TInputstruct = record
startaddress: dword;
bytestoread: dword
end;
var
ao: array [0..600] of byte;
input: TInputstruct absolute ao[0];
br: dword;
cc: dword;
ok: boolean;
toread: dword;
toread2: dword;
mempointeR: dword;
bufpointer: dword;
begin
//processhandle is just there for compatibility in case I want to quickly wrap it over read/writeprocessmemory
Result := False;
numberofbytesread := 0;
if hdevice <> INVALID_HANDLE_VALUE then
begin
cc := IOCTL_CE_READPHYSICALMEMORY;
toread := nSize;
mempointer := dword(lpBaseAddress);
bufpointer := dword(lpBuffer);
ok := True;
while ok and (toread > 0) do
begin
if toread > 512 then
toread2 := 512
else
toread2 := toread;
Dec(toread, toread2);
input.bytestoread := toread2;
input.startaddress := mempointer;
if deviceiocontrol(hdevice, cc, @ao[0], 512, @ao[0], 512, br, nil) then
begin
copymemory(pointer(bufpointer), @ao[0], toread2);
Inc(numberofbytesread, toread2);
Inc(bufpointer, toread2);
mempointer := mempointer + toread2;
end
else
ok := False;
end;
Result := ok;
end;
end;
function GetPEThread(Threadid: dword): dword; stdcall;
var
cc: dword;
x: dword;
pethread: dword;
begin
Result := 0;
if hdevice <> INVALID_HANDLE_VALUE then
begin
cc := IOCTL_CE_GETPETHREAD;
pethread := threadid;
if deviceiocontrol(hdevice, cc, @pethread, 4, @pethread, 4, x, nil) then
Result := pethread;
end;
end;
function GetMaxPEProc(ProcessID: dword): dword; stdcall;
var
cc: dword;
x: dword;
peprocess: dword;
begin
Result := 0;
if hdevice <> INVALID_HANDLE_VALUE then
begin
cc := IOCTL_CE_GETPEPROCESS;
processid := processid xor $ce;
peprocess := processid;
if deviceiocontrol(hdevice, cc, @peprocess, 4, @peprocess, 4, x, nil) then
Result := peprocess
else
Result := 0;
end;
end;
function IsValidHandle(hProcess: THandle): BOOL; stdcall;
var
i: integer;
begin
Result := False;
for i := 0 to length(handlelist) - 1 do
if handlelist[i].processhandle = hProcess then
begin
Result := handlelist[i].validhandle;
exit;
end;
end;
function {ReadProcessMemory}RPM(hProcess: THANDLE; lpBaseAddress: pointer;
lpBuffer: pointer; nSize: DWORD; var NumberOfBytesRead: DWORD): BOOL; stdcall;
type TInputstruct=record
processid: dword;
startaddress: dword;
bytestoread: word;
end;
var
input: TInputstruct;
cc:dword;
i: integer;
ok: boolean;
br: dword;
mempointer: dword;
bufpointer: dword;
bufpointer2: pointer;
toread: dword;
begin
result:=false;
numberofbytesread:=0;
for i:=0 to length(handlelist)-1 do
if handlelist[i].processhandle=hProcess then
begin
if hdevice<>INVALID_HANDLE_VALUE then
begin
cc:= IOCTL_CE_READMEMORY; // Don't forget that
mempointer:=dword(lpBaseAddress);
bufpointer:=dword(lpbuffer);
ok:=true;
while ok do
begin
input.processid:=handlelist[i].processid xor $ce;
if (mempointer and $fff) > 0 then //uneven
begin
toread:=8192-(mempointer and $fff);
if toread>(nSize-numberofbytesread) then toread:=nSize-numberofbytesread;
end
else
begin
if nSize-numberofbytesread>=8192 then
toread:=8192
else
toread:=nSize-numberofbytesread;
end;
input.bytestoread:=toread;
input.startaddress:=mempointer;
if not deviceiocontrol(hdevice,cc,@input,sizeof(input),pointer(bufpointer),toread,br,nil) then
exit;
inc(mempointer,toread);
inc(bufpointer,toread);
inc(numberofbytesread,toread);
if numberofbytesread=nSize then
begin
result:=true;
exit;
end;
end;
exit;
end else if not handlelist[i].validhandle then exit; //else use the normal method...
end;
//not found so ....
result:=windows.ReadProcessMemory(hProcess,lpBaseAddress,lpBuffer,nSize,NumberOfBytesRead);
end;
function {WriteProcessMemory}WPM(hProcess: THANDLE; lpBaseAddress: pointer;
lpBuffer: pointer; nSize: DWORD; var NumberOfBytesWritten: DWORD): BOOL; stdcall;
type
TInputstruct = record
processid: dword;
startaddress: dword;
bytestowrite: word;
end;
var
ao: array [0..511] of byte;
input: TInputstruct absolute ao[0];
cc: dword;
i: integer;
ok: boolean;
br: dword;
mempointer: dword;
bufpointer: dword;
bufpointer2: pointer;
towrite: dword;
begin
Result := False;
NumberOfByteswritten := 0;
//find the hprocess in the handlelist, if it isn't use the normal method (I could of course use NtQueryProcessInformation but it's undocumented and I'm too lazy to dig it up
for i := 0 to length(handlelist) - 1 do
if handlelist[i].processhandle = hProcess then
begin
if hdevice <> INVALID_HANDLE_VALUE then
begin
cc := IOCTL_CE_WRITEMEMORY;
mempointer := dword(lpBaseAddress);
bufpointer := dword(lpbuffer);
ok := True;
while ok do
begin
zeromemory(@ao[0], 512);
input.processid := handlelist[i].processid xor $ce;
if nSize - NumberOfByteswritten >= (512 - sizeof(TInputstruct)) then
towrite := (512 - sizeof(TInputstruct))
else
towrite := nSize - NumberOfByteswritten;
input.bytestowrite := towrite;
input.startaddress := mempointer;
bufpointer2 := pointer(bufpointer);
copymemory(@ao[sizeof(tinputstruct)], bufpointer2, towrite);
if not deviceiocontrol(hdevice, cc, @ao[0], 514, @ao[0], 514, br, nil) then
exit;
Inc(mempointer, towrite);
Inc(bufpointer, towrite);
Inc(NumberOfByteswritten, towrite);
if NumberOfByteswritten = nSize then
begin
Result := True;
exit;
end;
end;
exit;
end
else if not handlelist[i].validhandle then
exit;
end;
//not found so ....
Result := Windows.writeProcessMemory(hProcess, lpBaseAddress, lpBuffer,
nSize, NumberOfByteswritten);
end;
function {OpenThread}OT(dwDesiredAccess: DWORD; bInheritHandle: BOOL;
dwThreadId: DWORD): THANDLE; stdcall;
var
threadhandle: thandle;
cc, x: dword;
begin
Result := 0;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -