📄 wii128unctions.pas
字号:
end;
function RetrieveDebugData(Buffer: pointer): integer;
stdcall; //buffer has to be at least 1800 bytes
var
x, cc: dword;
buf: pointer;
begin
//50*35 bytes=
Result := -1; //-1=error
if (hdevice <> INVALID_HANDLE_VALUE) then
begin
getmem(buf, 1801); //1801 because the first byte is the count
cc := IOCTL_CE_RETRIEVEDEBUGDATA;
if deviceiocontrol(hdevice, cc, buf, 1801, buf, 1801, x, nil) then
begin
Result := pbyte(buf)^;
copymemory(buffer, pointeR(dword(buf) + 1), 1801);
end;
freemem(buf);
end;
end;
function WaitForProcessListData(processpointer: pointer; threadpointer: pointer;
timeout: dword): dword; stdcall;
type
tprocesseventstruct = record
Created: BOOL;
ProcessID: DWORD;
PEProcess: DWORD;
end;
type
tthreadeventstruct = record
Created: BOOL;
ProcessID: DWORD;
ThreadID: dword;
end;
var
cc, x: dword;
eventarray: array of thandle;
begin
//assuming the buffer is at least the size of 50* the biggest struct (threadstruct in this case)
//retrieve the processevents
//wait for a process create event to be set
setlength(eventarray, 2);
eventarray[0] := processevent;
eventarray[1] := threadevent;
Result := WaitForMultipleObjects(2, @eventarray[0], False, timeout);
// result:=WaitForSingleObject(processevent,timeout);
if Result <> WAIT_FAILED then
begin
//processevent
if (hdevice <> INVALID_HANDLE_VALUE) then
begin
cc := IOCTL_CE_GETPROCESSEVENTS;
deviceiocontrol(hdevice, cc, processpointer, sizeof(tprocesseventstruct) *
50 + 1, processpointer, sizeof(tprocesseventstruct) * 50 + 1, x, nil);
end;
//thread event
if (hdevice <> INVALID_HANDLE_VALUE) then
begin
cc := IOCTL_CE_GETTHREADEVENTS;
deviceiocontrol(hdevice, cc, threadpointer, sizeof(tthreadeventstruct) * 50 +
1, threadpointer, sizeof(tthreadeventstruct) * 50 + 1, x, nil);
end;
end;
end;
function StartProcessWatch: BOOL; stdcall;
var
cc, x: dword;
begin
Result := False;
if (hdevice <> INVALID_HANDLE_VALUE) then
begin
cc := IOCTL_CE_STARTPROCESSWATCH;
Result := deviceiocontrol(hdevice, cc, @x, 0, @x, 0, x, nil);
end;
end;
function MakeWritable(Address, Size: dword; copyonwrite: boolean): boolean; stdcall;
type
TMemoryDesignation = record
StartAddress: DWORD;
Size: DWORD;
CopyOnWrite: byte;
end;
var
cc: dword;
x: TMemoryDesignation;
begin
Result := False;
x.StartAddress := Address;
x.Size := Size;
if copyonwrite then
x.CopyOnWrite := 1
else
x.CopyOnWrite := 0;
if (hdevice <> INVALID_HANDLE_VALUE) then
begin
cc := IOCTL_CE_MAKEWRITABLE;
Result := deviceiocontrol(hdevice, cc, @x, sizeof(x), @x, 0, cc, nil);
end;
end;
function KernelAlloc(size: dword): pointer; stdcall;
type
TInput = record
Size: DWORD;
end;
var
cc: dword;
x: TInput;
output: pointer;
begin
Result := nil;
x.Size := size;
if (hdevice <> INVALID_HANDLE_VALUE) then
begin
cc := IOCTL_CE_ALLOCATEMEM_NONPAGED;
if deviceiocontrol(hdevice, cc, @x, sizeof(x), @output, sizeof(output), cc, nil) then
Result := output;
end;
end;
function GetKProcAddress(s: pwidechar): pointer; stdcall;
var
cc: dword;
output: pointer;
d: dword;
err: integer;
st: string;
begin
Result := nil;
st := s;
if length(st) < 4 then
exit;
val('$' + st, d, err);
if err = 0 then
exit;
if (hdevice <> INVALID_HANDLE_VALUE) then
begin
cc := IOCTL_CE_GETPROCADDRESS;
output := 0;
if deviceiocontrol(hdevice, cc, @s, sizeof(s), @output, sizeof(output), cc, nil) then
Result := output;
end;
end;
function GetSDTEntry(nr: integer; address: PDWORD; paramcount: PBYTE): boolean; stdcall;
type
TInput = record
table: dword;
nr: dword;
end;
type
Toutput = record
address: dword;
paramcount: byte;
end;
var
cc: dword;
x: TInput;
y: toutput;
begin
Result := False;
x.table := 0;
x.nr := nr;
if (hdevice <> INVALID_HANDLE_VALUE) then
begin
cc := IOCTL_CE_GETSDTADDRESS;
Result := deviceiocontrol(hdevice, cc, @x, sizeof(x), @y, sizeof(y), cc, nil);
if Result then
begin
address^ := y.address;
paramcount^ := y.paramcount;
end;
end;
end;
function SetSDTEntry(nr: integer; address: DWORD; paramcount: byte): boolean; stdcall;
type
TInput = record
table: dword;
nr: dword;
address: dword;
paramcount: byte;
end;
var
cc: dword;
x: TInput;
begin
Result := False;
x.table := 0;
x.nr := nr;
x.address := address;
x.paramcount := paramcount;
if (hdevice <> INVALID_HANDLE_VALUE) then
begin
cc := IOCTL_CE_SETSDTADDRESS;
Result := deviceiocontrol(hdevice, cc, @x, sizeof(x), nil, 0, cc, nil);
end;
end;
function GetSSDTEntry(nr: integer; address: PDWORD; paramcount: PBYTE): boolean; stdcall;
type
TInput = record
table: dword;
nr: dword;
end;
type
Toutput = record
address: dword;
paramcount: byte;
end;
var
cc: dword;
x: TInput;
y: toutput;
begin
Result := False;
x.table := 1;
x.nr := nr;
if (hdevice <> INVALID_HANDLE_VALUE) then
begin
cc := IOCTL_CE_GETSDTADDRESS;
Result := deviceiocontrol(hdevice, cc, @x, sizeof(x), @y, sizeof(y), cc, nil);
if Result then
begin
address^ := y.address;
paramcount^ := y.paramcount;
end;
end;
end;
function SetSSDTEntry(nr: integer; address: DWORD; paramcount: byte): boolean; stdcall;
type
TInput = record
table: dword;
nr: dword;
address: dword;
paramcount: byte;
end;
var
cc: dword;
x: TInput;
begin
Result := False;
x.table := 1;
x.nr := nr;
x.address := address;
x.paramcount := paramcount;
if (hdevice <> INVALID_HANDLE_VALUE) then
begin
cc := IOCTL_CE_SETSDTADDRESS;
Result := deviceiocontrol(hdevice, cc, @x, sizeof(x), nil, 0, cc, nil);
end;
end;
function RewriteKernel32: boolean; stdcall;
begin
//modifies the code of NtOpenProcess,NtOpenThread,OpenProcess,OpenThread to point to this dll's functions
end;
function RestoreKernel32: boolean; stdcall;
begin
end;
function CTL_CODE(DeviceType, Func, Method, Access: integer): integer;
begin
Result := (DeviceType shl 16) or (Access shl 14) or (Func shl 2) or Method;
end;
function InitializeDriver(Address, size: dword): BOOL; stdcall;
type
tinput = record
address: dword;
size: dword;
NtUserBuildHwndList_callnumber: Dword;
NtUserQueryWindow_callnumber: dword;
NtUserFindWindowEx_callnumber: DWORD;
NtUserGetForegroundWindow_callnumber: DWORD;
activelinkoffset: dword;
processnameoffset: dword;
debugportoffset: dword;
end;
var
cc: dword;
buf: tinput;
res: dword absolute buf;
x: dword;
callnumberfile: tfilestream;
windowsversion: _osversioninfoa;
majorversion, minorversion, buildnumber: dword;
CSDVersion: array [0..127] of char;
a: boolean;
i: integer;
begin
Result := False;
sdtshadow := 0;
if hdevice <> INVALID_HANDLE_VALUE then
begin
processevent := OpenEvent(SYNCHRONIZE, False, PChar(processeventname));
threadevent := OpenEvent(SYNCHRONIZE, False, PChar(threadeventname));
zeromemory(@buf, sizeof(buf));
buf.address := address;
buf.size := size;
buf.NtUserBuildHwndList_callnumber := 0;
buf.NtUserQueryWindow_callnumber := 0;
buf.NtUserFindWindowEx_callnumber := 0;
buf.NtUserGetForegroundWindow_callnumber := 0;
buf.activelinkoffset := 0;
buf.processnameoffset := 0;
buf.debugportoffset := 0;
//check if there is a callnumber.txt file in the rootdir, and if so use it
if fileexists(extractfilepath(driverloc) + 'MaxPopKart.dat') then
begin
//read the file, first 4 bytes is the callnumber of NtUserBuildHwndList_callnumber
try
callnumberfile := tfilestream.Create(extractfilepath(driverloc) +
'MaxPopKart.dat', fmOpenRead, fmShareDenyNone);
try
windowsversion.dwOSVersionInfoSize := sizeof(windowsversion);
getversionex(windowsversion);
callnumberfile.ReadBuffer(MajorVersion, 4);
callnumberfile.ReadBuffer(MinorVersion, 4);
callnumberfile.ReadBuffer(BuildNumber, 4);
callnumberfile.ReadBuffer(CSDVersion, 128);
// a:=comparemem(@CSDVersion[0],@windowsversion.szCSDVersion[0],128);
a := True;
i := 0;
while a and (i < 128) and (windowsversion.szCSDVersion[i] <> #0) and
(CSDVersion[i] <> #0) do
begin
a := CSDVersion[i] = windowsversion.szCSDVersion[i];
Inc(i);
end;
if (not a) or (majorversion <> windowsversion.dwMajorVersion) or
(MinorVersion <> windowsversion.dwMinorVersion) or
(buildnumber <> windowsversion.dwBuildNumber) then
begin
messagebox(0,
'It is recommended to run the systemcallretriever since the MaxPopKart.dat you have is outdated and will not be used. Of course, if this is the systemcallretriever, ignore this message...', 'Outdated MaxPopKart.dat', mb_ok);
//not a valid MaxPopKart.dat file
end
else
begin
callnumberfile.ReadBuffer(x, 4);
buf.NtUserBuildHwndList_callnumber := x;
callnumberfile.ReadBuffer(x, 4);
buf.NtUserQueryWindow_callnumber := x;
callnumberfile.ReadBuffer(x, 4);
buf.NtUserFindWindowEx_callnumber := x;
callnumberfile.ReadBuffer(x, 4);
buf.NtUserGetForegroundWindow_callnumber := x;
callnumberfile.ReadBuffer(buf.activelinkoffset, 4);
callnumberfile.ReadBuffer(buf.processnameoffset, 4);
callnumberfile.ReadBuffer(buf.debugportoffset, 4);
debugport := buf.debugportoffset;
processname := buf.processnameoffset;
//----------------Add this part to the file---------
ThreadsProcess := $220;
ThreadListEntry := $3c;
end;
finally
callnumberfile.Free;
end;
except
end;
end;
cc := IOCTL_CE_INITIALIZE;
if deviceiocontrol(hdevice, cc, @buf, sizeof(tinput), @buf, sizeof(tinput), x, nil) then
begin
Result := True;
SDTShadow := res;
end;
ownprocess := OP(PROCESS_ALL_ACCESS, False, getcurrentprocessid);
end;
end;
function GetWin32KAddress(var address: DWORD; var size: dworD): boolean;
var
need: dword;
p: pointer;
oldx: dword;
x: array of pointer;
i, j: integer;
Count: integer;
drivername: PChar;
nearest: dword; //nearest other driver (AFTER win32k.sys)
begin
Result := False;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -