-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathutils.cpp
More file actions
112 lines (90 loc) · 3.68 KB
/
utils.cpp
File metadata and controls
112 lines (90 loc) · 3.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#include "utils.hpp"
std::wstring utils::GetFullTempPath() {
wchar_t temp_directory[MAX_PATH + 1] = { 0 };
const uint32_t get_temp_path_ret = GetTempPathW(sizeof(temp_directory) / 2, temp_directory);
if (!get_temp_path_ret || get_temp_path_ret > MAX_PATH + 1) {
Log(L"[-] Failed to get temp path" << std::endl);
return L"";
}
if (temp_directory[wcslen(temp_directory) - 1] == L'\\')
temp_directory[wcslen(temp_directory) - 1] = 0x0;
return std::wstring(temp_directory);
}
bool utils::ReadFileToMemory(const std::wstring& file_path, std::vector<uint8_t>* out_buffer) {
std::ifstream file_ifstream(file_path, std::ios::binary);
if (!file_ifstream)
return false;
out_buffer->assign((std::istreambuf_iterator<char>(file_ifstream)), std::istreambuf_iterator<char>());
file_ifstream.close();
return true;
}
bool utils::CreateFileFromMemory(const std::wstring& desired_file_path, const char* address, size_t size) {
std::ofstream file_ofstream(desired_file_path.c_str(), std::ios_base::out | std::ios_base::binary);
if (!file_ofstream.write(address, size)) {
file_ofstream.close();
return false;
}
file_ofstream.close();
return true;
}
uint64_t utils::GetKernelModuleAddress(const std::string& module_name) {
void* buffer = nullptr;
DWORD buffer_size = 0;
NTSTATUS status = NtQuerySystemInformation(static_cast<SYSTEM_INFORMATION_CLASS>(nt::SystemModuleInformation), buffer, buffer_size, &buffer_size);
while (status == nt::STATUS_INFO_LENGTH_MISMATCH) {
VirtualFree(buffer, 0, MEM_RELEASE);
buffer = VirtualAlloc(nullptr, buffer_size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
status = NtQuerySystemInformation(static_cast<SYSTEM_INFORMATION_CLASS>(nt::SystemModuleInformation), buffer, buffer_size, &buffer_size);
}
if (!NT_SUCCESS(status)) {
if (buffer != 0)
VirtualFree(buffer, 0, MEM_RELEASE);
return 0;
}
const auto modules = static_cast<nt::PRTL_PROCESS_MODULES>(buffer);
if (!modules)
return 0;
for (auto i = 0u; i < modules->NumberOfModules; ++i) {
const std::string current_module_name = std::string(reinterpret_cast<char*>(modules->Modules[i].FullPathName) + modules->Modules[i].OffsetToFileName);
if (!_stricmp(current_module_name.c_str(), module_name.c_str()))
{
const uint64_t result = reinterpret_cast<uint64_t>(modules->Modules[i].ImageBase);
VirtualFree(buffer, 0, MEM_RELEASE);
return result;
}
}
VirtualFree(buffer, 0, MEM_RELEASE);
return 0;
}
BOOLEAN utils::bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask) {
for (; *szMask; ++szMask, ++pData, ++bMask)
if (*szMask == 'x' && *pData != *bMask)
return 0;
return (*szMask) == 0;
}
uintptr_t utils::FindPattern(uintptr_t dwAddress, uintptr_t dwLen, BYTE* bMask, char* szMask) {
size_t max_len = dwLen - strlen(szMask);
for (uintptr_t i = 0; i < max_len; i++)
if (bDataCompare((BYTE*)(dwAddress + i), bMask, szMask))
return (uintptr_t)(dwAddress + i);
return 0;
}
PVOID utils::FindSection(char* sectionName, uintptr_t modulePtr, PULONG size) {
size_t namelength = strlen(sectionName);
PIMAGE_NT_HEADERS headers = (PIMAGE_NT_HEADERS)(modulePtr + ((PIMAGE_DOS_HEADER)modulePtr)->e_lfanew);
PIMAGE_SECTION_HEADER sections = IMAGE_FIRST_SECTION(headers);
for (DWORD i = 0; i < headers->FileHeader.NumberOfSections; ++i) {
PIMAGE_SECTION_HEADER section = §ions[i];
if (memcmp(section->Name, sectionName, namelength) == 0 &&
namelength == strlen((char*)section->Name)) {
if (!section->VirtualAddress) {
return 0;
}
if (size) {
*size = section->Misc.VirtualSize;
}
return (PVOID)(modulePtr + section->VirtualAddress);
}
}
return 0;
}