WinSysMemoryControl/MemCtrlEx.cpp at master · WinSysUtil/WinSysMemoryControl · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#include "MemCtrlEx.h"

void CMemCtrlEx::CreateMemoryDump() {
    DWORD dwStart, dwEnd;
    GetScanRange(dwStart, dwEnd);
    DWORD dwSize = dwEnd - dwStart;
    char* buffer = new char[dwSize];
    ReadMemory((void*)dwStart, buffer, dwSize);
    FILE* fp;

    fopen_s(&fp, "dump.bin", "wb");
    fwrite(buffer, 1, dwSize, fp);
    fclose(fp);
    delete[] buffer;
}

bool CMemCtrlEx::MemoryWriter(DWORD dwAddr, const char* strCode) {

    std::string hexString = strCode;
    std::istringstream iss(hexString);
    std::vector<unsigned char> data;
    unsigned int val;
    while (iss >> std::hex >> val) {
        data.push_back(val);
    }

    DWORD dwOldProtect = 0;
    if (WriteMemory((void*)dwAddr, data.data(), data.size(), PAGE_EXECUTE_READWRITE, &dwOldProtect)) {
        return true;
    }
    return false;
}

bool CMemCtrlEx::RestoreMemory(DWORD dwAddr, DWORD dwSize) {
    BYTE* buffer = new BYTE[dwSize];
    memset(buffer, 0, dwSize);
    DWORD dwOldProtect = 0;
    if (WriteMemory((void*)dwAddr, buffer, dwSize, PAGE_EXECUTE_READWRITE, &dwOldProtect)) {
        return true;
    }
    return false;
}

bool CMemCtrlEx::WriteHook(DWORD dwPrev, WORD OpCode, void(*dwNext)(), DWORD* RetAddr, DWORD dwAdd) {
    DWORD dwSize = 16;
    BYTE* buffer = new BYTE[dwSize];
    memset(buffer, 0, dwSize);
    buffer[0] = (BYTE)OpCode;
    buffer[1] = (BYTE)(dwPrev - (DWORD)RetAddr - 2);
    buffer[2] = 0x90;
    memcpy(buffer + 3, &dwNext, sizeof(DWORD));
    DWORD dwOldProtect = 0;
    if (WriteMemory((void*)RetAddr, buffer, dwSize, PAGE_EXECUTE_READWRITE, &dwOldProtect)) {
        delete[] buffer;
        return true;
    }
    delete[] buffer;
    return false;
}

void CMemCtrlEx::GetDumpInfo(DWORD* MS, DWORD* ME, DWORD* MD) {
    DWORD dwStart, dwEnd;
    GetScanRange(dwStart, dwEnd);
    *MS = dwStart;
    *ME = dwEnd;
    *MD = dwEnd - dwStart;
}

void CMemCtrlEx::PointerHook(DWORD dwPointer, void(*NewFunction)(), DWORD* OldFunction) {
    DWORD dwSize = 16;
    BYTE* buffer = new BYTE[dwSize];
    memset(buffer, 0, dwSize);
    buffer[0] = 0xE9;
    DWORD dwOldProtect = 0;
    *OldFunction = AobScan("90 90 90 90 90", dwPointer);
    if (*OldFunction) {
        DWORD dwNext = *OldFunction + 5;
        DWORD dwJump = (DWORD)NewFunction - dwNext;
        memcpy(buffer + 1, &dwJump, sizeof(DWORD));
        WriteMemory((void*)*OldFunction, buffer, dwSize, PAGE_EXECUTE_READWRITE, &dwOldProtect);
    }
    delete[] buffer;
}

DWORD CMemCtrlEx::AutoVMHook(DWORD dwFunction, void(*dwNext)(), DWORD* RetAddr) {
    DWORD dwSize = 16;
    BYTE* buffer = new BYTE[dwSize];
    memset(buffer, 0, dwSize);
    buffer[0] = 0x68;
    memcpy(buffer + 1, &dwNext, sizeof(DWORD));
    buffer[5] = 0xC3;
    DWORD dwOldProtect = 0;
    DWORD dwMem = AobScan("C3", dwFunction);
    if (dwMem) {
        WriteMemory((void*)dwMem, buffer, dwSize, PAGE_EXECUTE_READWRITE, &dwOldProtect);
        *RetAddr = dwMem + 5;
        delete[] buffer;
        return dwMem + 1;
    }
    delete[] buffer;
    return 0;
}