public static FunctionWrapper PrepareFunction(FunctionWrapper f, byte[] buffer)
{
Nektra.Deviare2.INktParam lWsabuf = f.callInfo.Params().GetAt(1).Evaluate();
Nektra.Deviare2.INktParam lWsaSendTo = f.callInfo.Params().GetAt(3).Evaluate();
Nektra.Deviare2.INktParam len = lWsabuf.Fields().GetAt(0);
Nektra.Deviare2.INktParam pBuff = lWsabuf.Fields().GetAt(1);
foreach (MatchAndReplace.MatchAndReplace match in Program.data.GetReplaceList())
{
if (!match.enabled)
{
continue;
}
if (match.replaceOutcomming)
{
bool changed;
do
{
buffer = Searcher.Searcher.ReplaceBytes(buffer, match.match, match.replace, out changed);
} while (changed);
}
}
len.Value = buffer.Length;
pBuff.Value = buffer;
return(f);
}
public static FunctionWrapper PrepareFunction(FunctionWrapper f, byte[] buffer)
{
Nektra.Deviare2.INktParam lpBuffers = f.callInfo.Params().GetAt(1);
Nektra.Deviare2.INktParam dwBufferCount = f.callInfo.Params().GetAt(2);
Nektra.Deviare2.INktParam lpNumberOfBytesRecvd = f.callInfo.Params().GetAt(3);
// Numero de estructuras
ulong nStructs = dwBufferCount.Memory().Read(dwBufferCount.Address, Nektra.Deviare2.eNktDboFundamentalType.ftUnsignedWord);
// Puntero a donde apunta la lista de estructuras
IntPtr lpwsabuf = new IntPtr(lpBuffers.Memory().Read(lpBuffers.Address, Nektra.Deviare2.eNktDboFundamentalType.ftUnsignedDoubleWord));
// len. No la leemos de la estructura WSABUF sino de WSARecv
Nektra.Deviare2.INktParam NumberOfBytesRecvd = lpNumberOfBytesRecvd.Evaluate();
// *buf
IntPtr pBuffer = new IntPtr(lpBuffers.Memory().Read(lpwsabuf + 4, Nektra.Deviare2.eNktDboFundamentalType.ftUnsignedDoubleWord));
// Modificamos el buffer
Auxiliar.Memory.WriteMemory(f.callInfo.Process().Id, pBuffer, buffer);
// Modificamos el tamaño
lpNumberOfBytesRecvd.Value = buffer.Length;
return(f);
}
public static FunctionWrapper PrepareFunction(FunctionWrapper f, byte[] buffer)
{
Nektra.Deviare2.INktParam PSecBufferDesc = f.callInfo.Params().GetAt(1);
Nektra.Deviare2.INktProcessMemory PSecBufferMemory = PSecBufferDesc.Memory();
/*
* typedef struct _SecBufferDesc
* {
* ULONG ulVersion;
* ULONG cBuffers;
* PSecBuffer pBuffers;
* } SecBufferDesc, *PSecBufferDesc;
*/
Nektra.Deviare2.INktParam _SecBufferDesc = PSecBufferDesc.Evaluate(); // estructura
Nektra.Deviare2.INktParam cBuffers = _SecBufferDesc.Fields().GetAt(1);
Nektra.Deviare2.INktParam pBuffers = _SecBufferDesc.Fields().GetAt(2);
for (int i = 0; i < (int)cBuffers.Value; i++)
{
int offsetStructure = 12;
int bytesLeidos;
byte[] arBuffType = Auxiliar.Memory.ReadMemory(f.callInfo.Process().Id, pBuffers.PointerVal + 4 + (offsetStructure * i), (int)4, out bytesLeidos);
int buffType = BitConverter.ToInt32(arBuffType, 0);
if (buffType == 1) // SECBUFFER_DATA
{
byte[] arCbBuffer = Auxiliar.Memory.ReadMemory(f.callInfo.Process().Id, pBuffers.PointerVal + 0 + (offsetStructure * i), (int)4, out bytesLeidos);
int cbBuffer = BitConverter.ToInt32(arCbBuffer, 0);
byte[] arBufferEntryPoint = Auxiliar.Memory.ReadMemory(f.callInfo.Process().Id, pBuffers.PointerVal + 8 + (offsetStructure * i), (int)4, out bytesLeidos);
int bufferEntryPoint = BitConverter.ToInt32(arBufferEntryPoint, 0);
IntPtr ptrBufferEntryPoint = new IntPtr(bufferEntryPoint);
// escribimos el buffer en memoria
Auxiliar.Memory.WriteMemory(f.callInfo.Process().Id, ptrBufferEntryPoint, buffer);
// escribimos la longitud en memoria
Auxiliar.Memory.WriteMemory(f.callInfo.Process().Id, pBuffers.PointerVal + 0 + (offsetStructure * i), BitConverter.GetBytes(buffer.Length));
// pfffff... mas me vale no crear un buffer con mayor longitud, porque se podrían sobrescribir zonas de memoria de esta estructura y crashear
return(f);
}
}
return(f);
}
public byte[] GetBuffer()
{
if (function.callInfo.Params() == null)
{
return(null);
}
Nektra.Deviare2.INktParam PSecBufferDesc = function.callInfo.Params().GetAt(1);
Nektra.Deviare2.INktProcessMemory PSecBufferMemory = PSecBufferDesc.Memory();
/*
* typedef struct _SecBufferDesc
* {
* ULONG ulVersion;
* ULONG cBuffers;
* PSecBuffer pBuffers;
* } SecBufferDesc, *PSecBufferDesc;
*/
Nektra.Deviare2.INktParam _SecBufferDesc = PSecBufferDesc.Evaluate(); // estructura
Nektra.Deviare2.INktParam cBuffers = _SecBufferDesc.Fields().GetAt(1);
Nektra.Deviare2.INktParam pBuffers = _SecBufferDesc.Fields().GetAt(2);
for (int i = 0; i < (int)cBuffers.Value; i++)
{
int offsetStructure = 12;
int bytesLeidos;
byte[] arBuffType = Auxiliar.Memory.ReadMemory(function.callInfo.Process().Id, pBuffers.PointerVal + 4 + (offsetStructure * i), (int)4, out bytesLeidos);
int buffType = BitConverter.ToInt32(arBuffType, 0);
if (buffType == 1) // SECBUFFER_DATA
{
byte[] arCbBuffer = Auxiliar.Memory.ReadMemory(function.callInfo.Process().Id, pBuffers.PointerVal + 0 + (offsetStructure * i), (int)4, out bytesLeidos);
int cbBuffer = BitConverter.ToInt32(arCbBuffer, 0);
byte[] arBufferEntryPoint = Auxiliar.Memory.ReadMemory(function.callInfo.Process().Id, pBuffers.PointerVal + 8 + (offsetStructure * i), (int)4, out bytesLeidos);
int bufferEntryPoint = BitConverter.ToInt32(arBufferEntryPoint, 0);
IntPtr ptrBufferEntryPoint = new IntPtr(bufferEntryPoint);
byte[] content = Auxiliar.Memory.ReadMemory(function.callInfo.Process().Id, ptrBufferEntryPoint, (int)cbBuffer, out bytesLeidos);
return(content);
}
}
return(null);
}
public byte[] GetBuffer()
{
Nektra.Deviare2.INktParam lpBuffers = function.callInfo.Params().GetAt(1);
Nektra.Deviare2.INktParam dwBufferCount = function.callInfo.Params().GetAt(2);
Nektra.Deviare2.INktParam dwFlags = function.callInfo.Params().GetAt(4);
Nektra.Deviare2.INktParam lpOverlapped = function.callInfo.Params().GetAt(5);
Nektra.Deviare2.INktParam lpCompletionRoutine = function.callInfo.Params().GetAt(6);
Nektra.Deviare2.INktProcessMemory Memory = lpBuffers.Memory();
//Lista de estructuras WSABUF
IntPtr WSABUFList = lpBuffers.PointerVal;
ArrayList buffer = new ArrayList();
//Por cada estructura WSABuf leemos sus datos
for (int i = 0; i < (int)dwBufferCount.Value; i++)
{
//El primer puntero en la lista WSABUFList es la longitud
ulong lenBytes = (ulong)Memory.Read(WSABUFList + i * 8, Nektra.Deviare2.eNktDboFundamentalType.ftUnsignedDoubleWord);
if (lenBytes > 0)
{
//El segundo puntero en la lista WSABUFList es el buffer en si
IntPtr intptrBuffer = new IntPtr(Memory.Read(WSABUFList + 4 + i * 8, Nektra.Deviare2.eNktDboFundamentalType.ftUnsignedDoubleWord));
//Leemos el buffer
int readedBytes = 0;
byte[] bufferTemp = Auxiliar.Memory.ReadMemory(function.callInfo.Process().Id, intptrBuffer, (int)lenBytes, out readedBytes);
buffer.AddRange(bufferTemp);
}
else
{
}
}
if (buffer.Count == 0)
{
return(new byte[0]);
}
else
{
byte[] arrBuffer = (byte[])buffer.ToArray(typeof(byte));
// Mod de plugins
arrBuffer = Program.data.pluginMngr.pluginsApiNotExported.SetSendBuffer(arrBuffer);
return(arrBuffer);
}
}
public byte[] GetBuffer()
{
Nektra.Deviare2.INktParam lpBuffers = function.callInfo.Params().GetAt(1);
Nektra.Deviare2.INktParam dwBufferCount = function.callInfo.Params().GetAt(2);
Nektra.Deviare2.INktParam lpNumberOfBytesRecvd = function.callInfo.Params().GetAt(3);
Nektra.Deviare2.INktProcessMemory Memory = lpBuffers.Memory();
IntPtr WSABUFList = lpBuffers.PointerVal;
// len. No la leemos de la estructura WSABUF sino de WSARecv
Nektra.Deviare2.INktParam NumberOfBytesRecvd = lpNumberOfBytesRecvd.Evaluate();
// *buf
IntPtr pBuffer = new IntPtr(Memory.Read(WSABUFList + 4, Nektra.Deviare2.eNktDboFundamentalType.ftUnsignedDoubleWord));
int readedBytes = 0;
byte[] buffer = Auxiliar.Memory.ReadMemory(function.callInfo.Process().Id, pBuffer, (int)NumberOfBytesRecvd.Value, out readedBytes);
// Mod de plugins
buffer = Program.data.pluginMngr.pluginsApiNotExported.SetRecvBuffer(buffer);
return(buffer);
}
