newkernelhandler.pas.svn-base

这是一段游戏修改工具的源代码.ring3功能由dephi开发,驱动是C开发.希望对大家有帮助

    GetSDTEntry:= GetProcAddress(darkbyteKernel,'GetSDTEntry');
    SetSDTEntry:= GetProcAddress(darkbyteKernel,'SetSDTEntry');
    GetSSDTEntry:=GetProcAddress(darkbyteKernel,'GetSSDTEntry');
    SetSSDTEntry:=GetProcAddress(darkbyteKernel,'SetSSDTEntry');

    ReadPhysicalMemory:=GetProcAddress(DarkByteKernel,'ReadPhysicalMemory');
    WritePhysicalMemory:=GetProcAddress(DarkByteKernel,'WritePhysicalMemory');

    MakeKernelCopy:=GetProcAddress(DarkByteKernel,'MakeKernelCopy');
    CreateRemoteAPC:=GetProcAddress(darkByteKernel,'CreateRemoteAPC');
    SetGlobalDebugState:=GetProcAddress(DarkByteKernel,'SetGlobalDebugState');

    dbvm_version:=GetProcAddress(DarkByteKernel,'dbvm_version');
    dbvm_changeselectors:=GetProcAddress(DarkByteKernel,'dbvm_changeselectors');
    dbvm_block_interrupts:=GetProcAddress(DarkByteKernel,'dbvm_block_interrupts');
    dbvm_restore_interrupts:=GetProcAddress(DarkByteKernel,'dbvm_restore_interrupts');    

    {$ifdef cemain}
    if pluginhandler<>nil then
      pluginhandler.handlechangedpointers(0);
    {$endif}

  end;
end;

Procedure ProtectProcess(processid: dword);
var list:pointer;
    listsize:pointer;
begin
  LoadDBK32;
  If DarkByteKernel=0 then LoadDBK32;
  If DarkByteKernel=0 then exit;

  ProtectMe:=GetProcAddress(DarkByteKernel,'ProtectMe');
  ProtectMe(processid,denylist,DenyListGlobal,modulelist,modulelistsize);

  {$ifdef cemain}
  if pluginhandler<>nil then
    pluginhandler.handlechangedpointers(1);
  {$endif}

end;


Procedure ProtectCE;
var list:pointer;
    listsize:pointer;
begin
  LoadDBK32;
  If DarkByteKernel=0 then LoadDBK32;
  If DarkByteKernel=0 then exit;

  ProtectMe:=GetProcAddress(DarkByteKernel,'ProtectMe');
  ProtectMe(getcurrentprocessid,denylist,DenyListGlobal,modulelist,modulelistsize);

  {$ifdef cemain}
  if pluginhandler<>nil then
    pluginhandler.handlechangedpointers(2);
  {$endif}

end;

procedure DBKFileAsMemory; overload;
{Changes the redirection of ReadProcessMemory, WriteProcessMemory and VirtualQueryEx to FileHandler.pas's ReadProcessMemoryFile, WriteProcessMemoryFile and VirtualQueryExFile }
begin
  UseFileAsMemory:=true;
  usephysical:=false;
  ReadProcessMemory:=@ReadProcessMemoryFile;
  WriteProcessMemory:=@WriteProcessMemoryFile;
  VirtualQueryEx:=@VirtualQueryExFile;

  {$ifdef cemain}
  if pluginhandler<>nil then
    pluginhandler.handlechangedpointers(3);
  {$endif}
end;

procedure DBKFileAsMemory(filename:string); overload;
begin
  filehandle:=CreateFile(pchar(filename),GENERIC_READ	or GENERIC_WRITE,FILE_SHARE_READ or FILE_SHARE_WRITE,nil,OPEN_EXISTING,FILE_FLAG_RANDOM_ACCESS,0);
  if filehandle=0 then raise exception.create(filename+' couldn''t be opened');
  DBKFileAsMemory;
end;

function VirtualQueryExPhysical(hProcess: THandle; lpAddress: Pointer; var lpBuffer: TMemoryBasicInformation; dwLength: DWORD): DWORD; stdcall;
var buf:_MEMORYSTATUS;
begin
  GlobalMemoryStatus(buf);

  lpBuffer.BaseAddress:=pointer((dword(lpAddress) div $1000)*$1000);
  lpbuffer.AllocationBase:=lpbuffer.BaseAddress;
  lpbuffer.AllocationProtect:=PAGE_EXECUTE_READWRITE;
  lpbuffer.RegionSize:=buf.dwTotalPhys-dword(lpBuffer.BaseAddress);
  lpbuffer.RegionSize:=lpbuffer.RegionSize+($1000-lpbuffer.RegionSize mod $1000);

  lpbuffer.State:=mem_commit;
  lpbuffer.Protect:=PAGE_EXECUTE_READWRITE;
  lpbuffer.Type_9:=MEM_PRIVATE;

  if (dword(lpAddress)>buf.dwTotalPhys) //bigger than the total ammount of memory
  then
  begin
    zeromemory(@lpbuffer,dwlength);
    result:=0
  end
  else
    result:=dwlength;

end;

procedure DBKPhysicalMemory;
begin
  LoadDBK32;
  If DarkByteKernel=0 then exit;

  UsePhysical:=true;
  if usefileasmemory then closehandle(filehandle);
  usefileasmemory:=false;
  ReadProcessMemory:=GetProcAddress(DarkByteKernel,'ReadPhysicalMemory');
  WriteProcessMemory:=GetProcAddress(DarkByteKernel,'WritePhysicalMemory');
  VirtualQueryEx:=@VirtualQueryExPhysical;

  {$ifdef cemain}
  if pluginhandler<>nil then
    pluginhandler.handlechangedpointers(4);
  {$endif}

end;

procedure DBKProcessMemory;
begin
  if dbkreadwrite then
    UseDBKReadWriteMemory
  else
    dontUseDBKReadWriteMemory;

  if usedbkquery then
    Usedbkquerymemoryregion
  else
    dontusedbkquerymemoryregion;

  usephysical:=false;

  if usefileasmemory then closehandle(filehandle);
  usefileasmemory:=false;

end;



procedure DontUseDBKQueryMemoryRegion;
{Changes the redirection of VirtualQueryEx back to the windows API virtualQueryEx}
begin
  VirtualQueryEx:=GetProcAddress(WindowsKernel,'VirtualQueryEx');
  usedbkquery:=false;
  if usephysical then DbkPhysicalMemory;
  if usefileasmemory then dbkfileasmemory;

  {$ifdef cemain}
  if pluginhandler<>nil then
    pluginhandler.handlechangedpointers(5);
  {$endif}

end;

procedure UseDBKQueryMemoryRegion;
{Changes the redirection of VirtualQueryEx to the DBK32 equivalent}
begin
  LoadDBK32;
  If DarkByteKernel=0 then exit;
  UseDBKOpenProcess;
  VirtualQueryEx:=GetProcAddress(DarkByteKernel,'VQE');
  usedbkquery:=true;

  if usephysical then DbkPhysicalMemory;
  if usefileasmemory then dbkfileasmemory;

  {$ifdef cemain}
  if pluginhandler<>nil then
    pluginhandler.handlechangedpointers(6);
  {$endif}

end;

procedure DontUseDBKReadWriteMemory;
{Changes the redirection of ReadProcessMemory and WriteProcessMemory back to the windows API ReadProcessMemory and WriteProcessMemory }
begin
  DBKReadWrite:=false;
  ReadProcessMemory:=GetProcAddress(WindowsKernel,'ReadProcessMemory');
  WriteProcessMemory:=GetProcAddress(WindowsKernel,'WriteProcessMemory');
  VirtualAllocEx:=GetProcAddress(WindowsKernel,'VirtualAllocEx');
  if usephysical then DbkPhysicalMemory;
  if usefileasmemory then dbkfileasmemory;

  {$ifdef cemain}
  if pluginhandler<>nil then
    pluginhandler.handlechangedpointers(7);
  {$endif}

end;

procedure UseDBKReadWriteMemory;
{Changes the redirection of ReadProcessMemory, WriteProcessMemory and VirtualQueryEx to the DBK32 equiv: RPM, WPM and VAE }
begin
  LoadDBK32;
  If DarkByteKernel=0 then exit;
  UseDBKOpenProcess;
  ReadProcessMemory:=GetProcAddress(DarkByteKernel,'RPM');
  WriteProcessMemory:=GetProcAddress(DarkByteKernel,'WPM');
  VirtualAllocEx:=GetProcAddress(DarkByteKernel,'VAE');
  DBKReadWrite:=true;
  if usephysical then DbkPhysicalMemory;
  if usefileasmemory then dbkfileasmemory;

  {$ifdef cemain}
  if pluginhandler<>nil then
    pluginhandler.handlechangedpointers(8);
  {$endif}


end;

procedure DontUseDBKOpenProcess;
{Changes the redirection of OpenProcess and VirtualAllocEx  back to the windows API OpenProcess and VirtualAllocEx }
begin
  OpenProcess:=GetProcAddress(WindowsKernel,'OpenProcess');
  OpenThread:=GetProcAddress(WindowsKernel,'OpenThread');

  {$ifdef cemain}
  pluginhandler.handlechangedpointers(9);
  {$endif}

end;

procedure UseDBKOpenProcess;
var x: pointer;
begin
  LoadDBK32;
  If DarkByteKernel=0 then exit;
  OpenProcess:=GetProcAddress(DarkByteKernel,'OP'); //gives back the real handle, or if it fails it gives back a value only valid for the dll
  OpenThread:=GetProcAddress(DarkByteKernel,'OT');

  {$ifdef cemain}
  pluginhandler.handlechangedpointers(10);
  {$endif}

end;
var x: string;

initialization
  DarkByteKernel:=0;

  usephysical:=false;
  usefileasmemory:=false;
  usedbkquery:=false;

  DenyList:=true;
  DenyListGlobal:= false;
  ModuleListSize:= 0;
  ModuleList:= nil;
  Denylist:= false;
  //globaldenylist:= false;

  WindowsKernel:=LoadLibrary('Kernel32.dll'); //there is no kernel33.dll
  if WindowsKernel=0 then Raise Exception.create('Something is really messed up on your computer! You don''t seems to have a kernel!!!!');

  //by default point to these exports:
  ReadProcessMemory:=GetProcAddress(WindowsKernel,'ReadProcessMemory');
  WriteProcessMemory:=GetProcAddress(WindowsKernel,'WriteProcessMemory');

  OpenProcess:=GetProcAddress(WindowsKernel,'OpenProcess');

  VirtualQueryEx:=GetProcAddress(WindowsKernel,'VirtualQueryEx');
  VirtualAllocEx:=GetProcAddress(WindowsKernel,'VirtualAllocEx');


  GetThreadContext:=GetProcAddress(WindowsKernel,'GetThreadContext');
  SetThreadContext:=GetProcAddress(WindowsKernel,'SetThreadContext');
  SuspendThread:=GetProcAddress(WindowsKernel,'SuspendThread');
  ResumeThread:=GetProcAddress(WindowsKernel,'ResumeThread');
  WaitForDebugEvent:=GetProcAddress(WindowsKernel,'WaitForDebugEvent');
  ContinueDebugEvent:=GetProcAddress(WindowsKernel,'ContinueDebugEvent');
  DebugActiveProcess:=GetProcAddress(WindowsKernel,'DebugActiveProcess');
  VirtualProtect:=GetProcAddress(WindowsKernel,'VirtualProtect');
  VirtualProtectEx:=GetProcAddress(WindowsKernel,'VirtualProtectEx');
  CreateRemoteThread:=GetProcAddress(WindowsKernel,'CreateRemoteThread');
  OpenThread:=GetProcAddress(WindowsKernel,'OpenThread');

  CreateToolhelp32Snapshot:=GetProcAddress(WindowsKernel, 'CreateToolhelp32Snapshot');
  Process32First:=   GetProcAddress(WindowsKernel, 'Process32First');
  Process32Next:=    GetProcAddress(WindowsKernel, 'Process32Next');
  Thread32First:=    GetProcAddress(WindowsKernel, 'Thread32First');
  Thread32Next:=     GetProcAddress(WindowsKernel, 'Thread32Next');
  Module32First:=    GetProcAddress(WindowsKernel, 'Module32First');
  Module32Next:=     GetProcAddress(WindowsKernel, 'Module32Next');
  Heap32ListFirst:=  GetProcAddress(WindowsKernel, 'Heap32ListFirst');
  Heap32ListNext:=   GetProcAddress(WindowsKernel, 'Heap32ListNext');

  IsWow64Process:=   GetProcAddress(WindowsKernel, 'IsWow64Process');

finalization

end.