📄 plugin.pas.svn-base
字号:
unit plugin;
interface
uses sysutils,windows,checklst,menus,dialogs,pluginexports,cefuncproc,newkernelhandler;
const CurrentPluginVersion=2;
//structures
type TPluginVersion = record
version: dword; //version number of ce plugin it is developed for (compatibility for the future)
pluginname: pchar; //pointer to a 0-terminated string in the dll
end;
type PPluginVersion=^TPluginVersion;
type TExportedFunctions2 = record
sizeofExportedFunctions: integer;
showmessage: pointer;
registerfunction: pointer;
unregisterfunction: pointer;
OpenedProcessID: ^dword;
OpenedProcessHandle: ^thandle;
GetMainWindowHandle: pointer;
AutoAssemble: pointer;
assembler: pointer;
disassembler: pointer;
ChangeRegistersAtAddress: pointer;
InjectDLL: pointer;
freezemem: pointer;
unfreezemem: pointer;
fixmem: pointer;
processlist: pointer;
reloadsettings: pointer;
getaddressfrompointer: pointer;
//pointers to the address that contains the pointers to the functions
ReadProcessMemory :pointer;
WriteProcessMemory :pointer;
GetThreadContext :pointer;
SetThreadContext :pointer;
SuspendThread :pointer;
ResumeThread :pointer;
OpenProcess :pointer;
WaitForDebugEvent :pointer;
ContinueDebugEvent :pointer;
DebugActiveProcess :pointer;
StopDebugging :pointer;
StopRegisterChange :pointer;
VirtualProtect :pointer;
VirtualProtectEx :pointer;
VirtualQueryEx :pointer;
VirtualAllocEx :pointer;
CreateRemoteThread :pointer;
OpenThread :pointer;
GetPEProcess :pointer;
GetPEThread :pointer;
GetThreadsProcessOffset:pointer;
GetThreadListEntryOffset:pointer;
GetProcessnameOffset :pointer;
GetDebugportOffset :pointer;
GetPhysicalAddress :pointer;
ProtectMe :pointer;
GetCR4 :pointer;
GetCR3 :pointer;
SetCR3 :pointer;
GetSDT :pointer;
GetSDTShadow :pointer;
setAlternateDebugMethod: pointer;
getAlternateDebugMethod: pointer;
DebugProcess :pointer;
ChangeRegOnBP :pointer;
RetrieveDebugData :pointer;
StartProcessWatch :pointer;
WaitForProcessListData:pointer;
GetProcessNameFromID :pointer;
GetProcessNameFromPEProcess:pointer;
KernelOpenProcess :pointer;
KernelReadProcessMemory :pointer;
KernelWriteProcessMemory:pointer;
KernelVirtualAllocEx :pointer;
IsValidHandle :pointer;
GetIDTCurrentThread :pointer;
GetIDTs :pointer;
MakeWritable :pointer;
GetLoadedState :pointer;
DBKSuspendThread :pointer;
DBKResumeThread :pointer;
DBKSuspendProcess :pointer;
DBKResumeProcess :pointer;
KernelAlloc :pointer;
GetKProcAddress :pointer;
CreateToolhelp32Snapshot:pointer;
Process32First :pointer;
Process32Next :pointer;
Thread32First :pointer;
Thread32Next :pointer;
Module32First :pointer;
Module32Next :pointer;
Heap32ListFirst :pointer;
Heap32ListNext :pointer;
//advanced for delphi 7 enterprise dll programmers only
mainform :pointer;
memorybrowser :pointer;
end;
type PExportedFunctions2 = ^TExportedFunctions2;
type TExportedFunctions1 = record
sizeofExportedFunctions: integer;
showmessage: pointer;
registerfunction: pointer;
unregisterfunction: pointer;
OpenedProcessID: ^dword;
OpenedProcessHandle: ^thandle;
GetMainWindowHandle: pointer;
AutoAssemble: pointer;
assembler: pointer;
disassembler: pointer;
ChangeRegistersAtAddress: pointer;
InjectDLL: pointer;
freezemem: pointer;
unfreezemem: pointer;
fixmem: pointer;
processlist: pointer;
reloadsettings: pointer;
getaddressfrompointer: pointer;
//pointers to the address that contains the pointers to the functions
ReadProcessMemory :pointer;
WriteProcessMemory :pointer;
GetThreadContext :pointer;
SetThreadContext :pointer;
SuspendThread :pointer;
ResumeThread :pointer;
OpenProcess :pointer;
WaitForDebugEvent :pointer;
ContinueDebugEvent :pointer;
DebugActiveProcess :pointer;
StopDebugging :pointer;
StopRegisterChange :pointer;
VirtualProtect :pointer;
VirtualProtectEx :pointer;
VirtualQueryEx :pointer;
VirtualAllocEx :pointer;
CreateRemoteThread :pointer;
OpenThread :pointer;
GetPEProcess :pointer;
GetPEThread :pointer;
GetThreadsProcessOffset:pointer;
GetThreadListEntryOffset:pointer;
GetProcessnameOffset :pointer;
GetDebugportOffset :pointer;
GetPhysicalAddress :pointer;
ProtectMe :pointer;
GetCR4 :pointer;
GetCR3 :pointer;
SetCR3 :pointer;
GetSDT :pointer;
GetSDTShadow :pointer;
setAlternateDebugMethod: pointer;
getAlternateDebugMethod: pointer;
DebugProcess :pointer;
ChangeRegOnBP :pointer;
RetrieveDebugData :pointer;
StartProcessWatch :pointer;
WaitForProcessListData:pointer;
GetProcessNameFromID :pointer;
GetProcessNameFromPEProcess:pointer;
KernelOpenProcess :pointer;
KernelReadProcessMemory :pointer;
KernelWriteProcessMemory:pointer;
KernelVirtualAllocEx :pointer;
IsValidHandle :pointer;
GetIDTCurrentThread :pointer;
GetIDTs :pointer;
MakeWritable :pointer;
GetLoadedState :pointer;
DBKSuspendThread :pointer;
DBKResumeThread :pointer;
DBKSuspendProcess :pointer;
DBKResumeProcess :pointer;
KernelAlloc :pointer;
GetKProcAddress :pointer;
CreateToolhelp32Snapshot:pointer;
Process32First :pointer;
Process32Next :pointer;
Thread32First :pointer;
Thread32Next :pointer;
Module32First :pointer;
Module32Next :pointer;
Heap32ListFirst :pointer;
Heap32ListNext :pointer;
//advanced for delphi 7 enterprise dll programmers only
mainform :pointer;
memorybrowser :pointer;
end;
type PExportedFunctions1 = ^TExportedFunctions1;
//exported functions of the plugin
type TGetVersion=function(var PluginVersion:TPluginVersion; TPluginVersionSize: integer):BOOL; stdcall;
type TInitializePlugin=function(var ExportedFunctions: TExportedFunctions2; pluginid: dword):BOOL; stdcall;
type TDisablePlugin=function:BOOL; stdcall;
//plugin type 1:
//where: rightclick on the address list in the menu plugin, user activated
type TPlugin1_SelectedRecord=record
interpretedaddress: pchar; //pointer to a 255 bytes long string (0 terminated)
address: dword; //this is a read-only representaion of the address. Change interpretedaddress if you want to change this
ispointer: boolean; //readonly
countoffsets: integer; //readonly
offsets: PDWordArray; //pointer to a array of dwords randing from 0 to countoffsets-1 (readonly)
description: pchar; //pointer to a 255 bytes long string
valuetype: byte;
size: byte; //stringlenth or bitlength (max 255);
end;
type PPlugin1_SelectedRecord=^TPlugin1_SelectedRecord;
type TPluginfunction1=function(selectedrecord: PPlugin1_SelectedRecord):bool; stdcall;
//private plugin data
type TPluginfunctionType1=class
public
pluginid: integer;
functionid: integer;
name:string;
callback: TPluginfunction1;
menuitem: TMenuItem;
end;
//plugin type 2:
//where: menu bar under plugins in memory view, user activated
type TPluginfunction2=function(disassembleraddress: pdword; selected_disassembler_address: pdword; hexviewaddress:pdword ):bool; stdcall;
//private plugin data
type TPluginfunctionType2=class
public
pluginid: integer;
functionid: integer;
name:string;
callback: TPluginfunction2;
menuitem: TMenuItem;
end;
//plugin type 3:
//where: when a debug event happens
type TPluginFunction3=function(debugevent: PDebugEvent):integer; stdcall; //return 0 if you want to let ce handle it as well, 1 if you don't want to let ce handle it as well (in case of not handling, do ContinueDebugEvent yourself)
type TPluginfunctionType3=class
public
pluginid: integer;
functionid: integer;
callback: TPluginfunction3;
end;
//plugin type 4:
//where: a new process created according to the processwatcher
type TPluginFunction4=function(processid: dword; peprocess:dword):integer; stdcall;
type TPluginfunctionType4=class
public
pluginid: integer;
functionid: integer;
callback: TPluginfunction4;
end;
//plugin type 5:
//where: Functionpointerchange notification
type TPluginFunction5=function(section: integer):boolean; stdcall;
type TPluginfunctionType5=class
public
pluginid: integer;
functionid: integer;
callback: TPluginfunction5;
end;
type TPlugin = record
dllname: string;
filepath: string;
hmodule: thandle;
name: string;
enabled: boolean;
GetVersion: TGetVersion;
EnablePlugin: TInitializePlugin;
DisablePlugin: TDisablePlugin;
nextid: integer;
RegisteredFunctions1: array of TPluginfunctionType1;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -