📄 wii128unctions.pas
字号:
if dwThreadId = 0 then
exit;
if hdevice <> INVALID_HANDLE_VALUE then
begin
cc := IOCTL_CE_OPENTHREAD;
threadhandle := dwThreadId;
if deviceiocontrol(hdevice, cc, @threadhandle, 4, @threadhandle, 4, x, nil) then
Result := threadhandle
else
Result := 0;
end;
end;
function {OpenProcess}OP(dwDesiredAccess: DWORD; bInheritHandle: BOOL;
dwProcessId: DWORD): THANDLE; stdcall;
var
valid: boolean;
Processhandle: thandle;
i: integer;
cc, x: dword;
begin
valid := True;
if dwProcessId = 0 then
begin
Result := 0;
exit;
end;
cc := IOCTL_CE_OPENPROCESS;
processhandle := dwProcessId xor $ce;; //rest is ignored
if deviceiocontrol(hdevice, cc, @processhandle, 4, @processhandle, 4, x, nil) then
begin
Result := processhandle;
end
else
begin
Result := 0;
end;
// maxyoyo change to original processId
dwProcessId := dwProcessId + $ce;
dwProcessId := dwProcessId - $ce;
end;
function {NtOpenThread}NtOT(var Handle: THandle; AccessMask: dword;
objectattributes: pointer; clientid: PClient_ID): DWORD; stdcall;
begin
handle := OP(STANDARD_RIGHTS_REQUIRED or Windows.synchronize or
$3ff, True, clientid.processid);
if handle <> 0 then
Result := 0
else
Result := $c000000e;
end;
function {NtOpenProcess}NOP(var Handle: THandle; AccessMask: dword;
objectattributes: pointer; clientid: PClient_ID): DWORD; stdcall;
begin
Handle := OP(process_all_access, True, clientid.processid);
if handle <> 0 then
Result := 0
else
Result := $C000000E;
end;
function {VirtualQueryEx}VQE(hProcess: THandle; address: pointer;
var mbi: _MEMORY_BASIC_INFORMATION; bufsize: DWORD): dword; stdcall;
type
TOUTP = record
length: DWORD;
protection: DWORD;
end;
var
buf: TOUTP;
i: integer;
br, cc: dword;
begin
Result := 0;
for i := 0 to length(handlelist) - 1 do
if handlelist[i].processhandle = hProcess then
begin
if hdevice <> INVALID_HANDLE_VALUE then
begin
buf.length := handlelist[i].processid xor $ce;
buf.protection := dword(address);
cc := IOCTL_CE_QUERY_VIRTUAL_MEMORY;
if deviceiocontrol(hdevice, cc, @buf, sizeof(buf), @buf, sizeof(buf), br, nil) then
begin
mbi.BaseAddress := pointer((dword(address) div $1000) * $1000);
mbi.AllocationBase := mbi.BaseAddress;
mbi.AllocationProtect := buf.protection;
mbi.RegionSize := buf.length;
mbi.State := MEM_COMMIT;
mbi.Protect := buf.protection;
mbi.Type_9 := MEM_PRIVATE;
Result := sizeof(mbi);
end;
exit; //we're done here
end;
end;
Result := Windows.VirtualQueryEx(hProcess, address, mbi, bufsize);
end;
function {VirtualAllocEx}VAE(hProcess: THandle; lpAddress: Pointer;
dwSize, flAllocationType: DWORD; flProtect: DWORD): Pointer; stdcall;
var
i: integer;
br, cc: dword;
x: record
processid: dword;
baseaddress: pointer;
size: dword;
AllocationType: dword;
Protect: dword;
end;
r: pointer;
begin
Result := 0;
for i := 0 to length(handlelist) - 1 do
if handlelist[i].processhandle = hProcess then
begin
if hdevice <> INVALID_HANDLE_VALUE then
begin
x.processid := handlelist[i].processid xor $ce;
x.baseaddress := lpAddress;
x.size := dwsize;
x.AllocationType := flAllocationType;
x.Protect := flProtect;
cc := IOCTL_CE_ALLOCATEMEM;
deviceiocontrol(hdevice, cc, @x, sizeof(x), @r, sizeof(r), br, nil);
Result := r;
exit; //we're done here
end;
end;
//still here
Result := VirtualAllocEx(hprocess, lpAddress, dwSize, flAllocationType, flProtect);
end;
procedure testapc(NormalContext: pointer; SystemArgument1: pointer;
SystemArgument2: pointer); stdcall;
var
tid: dword;
s: string;
begin
s := inttohex(dword(NormalContext), 8) + ' - ' + inttohex(dword(SystemArgument1), 8) +
' - ' + inttohex(dword(SystemArgument2), 8);
//CreateThread(nil,0,systemArgument1,SystemArgument2,false,@tid);
messagebox(0, PChar(s), 'APC rules', mb_ok);
end;
function CreateRemoteAPC(threadid: dword; lpStartAddress: TFNAPCProc): THandle; stdcall;
var
i: integer;
br, cc: dword;
x: record
threadid: dword;
addresstoexecute: pointer;
end;
begin
Result := 0;
if hdevice <> INVALID_HANDLE_VALUE then
begin
x.addresstoexecute := lpStartAddress;
x.threadid := threadid;
cc := IOCTL_CE_CREATEAPC;
if deviceiocontrol(hdevice, cc, @x, sizeof(x), nil, 0, br, nil) then
Result := 666
//sorry dude, no threadid returned, and no way of checking if it succeeded or not
else
Result := 0;
end;
end;
function setAlternateDebugMethod(var int1apihook: dword;
var OriginalInt1handler: dword): BOOL; stdcall;
var
x: record
int1apihook: dword;
Originalint1handler: dword;
end;
br, cc: dword;
i: integer;
begin
outputdebugstring('setAlternateDebugMethod');
Result := False;
if hdevice <> INVALID_HANDLE_VALUE then
begin
cc := IOCTL_CE_USEALTERNATEMETHOD;
if deviceiocontrol(hdevice, cc, nil, 0, @x, sizeof(x), br, nil) then
begin
//this data will be send to M.a.x Engine. it will know what to do with it...
int1apihook := x.int1apihook;
OriginalInt1handler := x.Originalint1handler;
Result := True;
end;
usealternatedebugmethod := Result; //once set you can't unset it
end;
end;
function getAlternateDebugMethod: BOOL; stdcall;
var
x: boolean;
br, cc: dword;
begin
outputdebugstring('getAlternateDebugMethod');
//check the kernel if this method has been set
Result := False;
if hdevice <> INVALID_HANDLE_VALUE then
begin
cc := IOCTL_CE_ISUSINGALTERNATEMETHOD;
if deviceiocontrol(hdevice, cc, nil, 0, @x, sizeof(x), br, nil) then
Result := x;
usealternatedebugmethod := x;
end
else
Result := False;
end;
function StartCEKernelDebug: BOOL; stdcall;
var
br, cc: dword;
i: integer;
cpunr, PA, SA: Dword;
cpunr2: byte;
begin
Result := False;
outputdebugstring('DebugProcess function');
if usealternatedebugmethod then
begin
Result := True;
exit;
end;
if hdevice <> INVALID_HANDLE_VALUE then
begin
cc := IOCTL_CE_HOOKINTS;
GetProcessAffinityMask(getcurrentprocess, PA, SA);
//first hook the interrupts if needed
cpunr2 := 0;
cpunr := 1;
while (cpunr <= PA) do
begin
if ((cpunr) and PA) > 0 then
begin
SetProcessAffinityMask(getcurrentprocess, cpunr);
//create a new thread. (Gues on what cpu it will run at...)
with THookIDTThread.Create(True) do
begin
try
cpunr := cpunr2;
resume;
while not done do
sleep(10); //the sleep should also cause a taskswitch but I'm not 100% sure
if not succeeded then
begin
SetProcessAffinityMask(getcurrentprocess, PA);
messagebox(0, PChar('Failure when changing the interrupt handler on CPU ' +
IntToStr(cpunr)), '', mb_ok);
exit;
end;
finally
Free;
end;
end;
end;
if cpunr = $80000000 then
break;
Inc(cpunr, cpunr);
Inc(cpunr2);
end;
SetProcessAffinityMask(getcurrentprocess, PA);
//multi processors are so fun. It'd be a waste not to use it
outputdebugstring('going to start the hooker');
hooker := thookidtconstantly.Create(False);
Result := True;
end;
end;
function SetMemoryAccessWatch(processid: dword; address: DWORD; size: byte;
debugtype: byte): BOOL; stdcall;
type
Tinput = record
ProcessID: DWORD;
Address: DWORD;
Length: byte;
RWE: byte;
end;
var
input: TInput;
br, cc: dword;
begin
if hdevice <> INVALID_HANDLE_VALUE then
begin
Result := StartCEKernelDebug;
input.Processid := processid xor $ce;
input.Address := address;
input.length := size;
input.RWE := debugtype;
cc := IOCTL_CE_DEBUGPROCESS;
Result := Result and deviceiocontrol(hdevice, cc, @input, sizeof(input), @input, 0, br, nil);
end;
end;
function StopRegisterChange(regnr: integer): BOOL; stdcall;
var
x, cc: dword;
begin
outputdebugstring('DBK32: StopRegisterChange called');
Result := False;
if hdevice <> INVALID_HANDLE_VALUE then
begin
cc := IOCTL_CE_STOP_DEBUGPROCESS_CHANGEREG;
Result := deviceiocontrol(hdevice, cc, @regnr, 4, nil, 0, x, nil);
end;
end;
function StopDebugging: BOOL; stdcall;
var
x, cc: dword;
begin
outputdebugstring('DBK32: StopDebugging called');
Result := False;
if hdevice <> INVALID_HANDLE_VALUE then
begin
cc := IOCTL_CE_STOPDEBUGGING;
Result := deviceiocontrol(hdevice, cc, nil, 0, nil, 0, x, nil);
end;
end;
function DebugProcess(processid: dword; address: DWORD; size: byte; debugtype: byte): BOOL;
stdcall;
begin
if hdevice <> INVALID_HANDLE_VALUE then
begin
Result := StartCEKernelDebug;
Result := Result and SetMemoryAccessWatch(processid, address, size, debugtype);
end;
end;
function ChangeRegOnBP(Processid: dword; address: dword; debugreg: integer;
changeEAX, changeEBX, changeECX, changeEDX, changeESI, changeEDI, changeEBP,
changeESP, changeEIP, changeCF, changePF, changeAF, changeZF, changeSF, changeOF: boolean;
newEAX, newEBX, newECX, newEDX, newESI, newEDI, newEBP, newESP, newEIP: DWORD;
newCF, newPF, newAF, newZF, newSF, newOF: boolean): boolean; stdcall;
type
TChangeReg = record
BreakAddress: DWORD;
newEAX, newEBX, newECX, newEDX, newESI, newEDI, newEBP, newESP, newEIP: DWORD;
newCF, newPF, newAF, newZF, newSF, newOF: boolean;
changeEAX, changeEBX, changeECX, changeEDX, changeESI, changeEDI, changeEBP,
changeESP, changeEIP: boolean;
changeCF, changePF, changeAF, changeZF, changeSF, changeOF: boolean;
Active: boolean;
end;
type
TBuf = record
ProcessID: DWORD;
debugreg: integer;
ChangeReg: TChangeReg;
end;
var
buf: TBuf;
x, cc: dword;
begin
outputdebugstring('DBK32: ChangeRegOnBP called');
if hdevice <> INVALID_HANDLE_VALUE then
begin
Result := StartCEKernelDebug;
if not Result then
exit;
buf.ProcessID := Processid xor $ce;
buf.debugreg := debugreg;
buf.ChangeReg.BreakAddress := address;
buf.ChangeReg.newEAX := neweax;
buf.ChangeReg.newEBX := newebx;
buf.ChangeReg.newECX := newecx;
buf.ChangeReg.newEDX := newedx;
buf.ChangeReg.newESI := newesi;
buf.ChangeReg.newEDI := newedi;
buf.ChangeReg.newEBP := newebp;
buf.ChangeReg.newESP := newesp;
buf.ChangeReg.newEIP := neweip;
buf.ChangeReg.newCF := newcf;
buf.ChangeReg.newPF := newpf;
buf.ChangeReg.newAF := newaf;
buf.ChangeReg.newZF := newzf;
buf.ChangeReg.newSF := newsf;
buf.ChangeReg.newOF := newof;
buf.ChangeReg.changeEAX := changeeax;
buf.ChangeReg.changeEBX := changeebx;
buf.ChangeReg.changeECX := changeecx;
buf.ChangeReg.changeEDX := changeedx;
buf.ChangeReg.changeESI := changeesi;
buf.ChangeReg.changeEDI := changeedi;
buf.ChangeReg.changeEBP := changeebp;
buf.ChangeReg.changeESP := changeesp;
buf.ChangeReg.changeEIP := changeeip;
buf.ChangeReg.changeCF := changecf;
buf.ChangeReg.changePF := changepf;
buf.ChangeReg.changeAF := changeaf;
buf.ChangeReg.changeZF := changezf;
buf.ChangeReg.changeSF := changesf;
buf.ChangeReg.changeOF := changeof;
cc := IOCTL_CE_DEBUGPROCESS_CHANGEREG;
Result := Result and deviceiocontrol(hdevice, cc, @buf, sizeof(buf), @buf, 0, x, nil);
end;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -