Exemple #1
0
 private void SendControlMessageThread(U_MESSAGE_FORM message)
 {
     if (!SendControlMessage(message.Type, message))
     {
         MessageBox.Show(String.Format("Failed to send a control message : 0x{0:4X}", message.Type), "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
     }
 }
Exemple #2
0
        private bool GetByteStreamFromKernel(ushort Type, string ObjectName, uint StartAddress, uint Size = 0)
        {
            bool result = false;

            // 이거 플래그 하나 만들어야 할 듯...
            if (dumpedByteStream == null)
            {
                switch (Type)
                {
                case GET_BYTE_STREAM:
                    if ((StartAddress != 0) && (Size != 0))
                    {
                        B_MESSAGE_FORM message = new B_MESSAGE_FORM();

                        message.Address = StartAddress;
                        message.Size    = Size;
                        message.Type    = Type;

                        dumpedByteStream = new byte[message.Size];
                        result           = SendControlMessage(Type, message);
                    }
                    break;

                case GET_KERNEL_OBJECT_CONTENTS:
                    if (ObjectName != null)
                    {
                        U_MESSAGE_FORM message = new U_MESSAGE_FORM();

                        message.Size = kernelObjects.GetObjectSize(ObjectName);
                        if (message.Size != 0)
                        {
                            message.uMessage = ObjectName;
                            message.Type     = Type;

                            dumpedByteStream = new byte[message.Size];
                            result           = SendControlMessage(Type, message);
                        }
                    }
                    break;

                default:
                    break;
                }

                // This result is only need for UI. The Buffer will be initialized by Communication thread.
                //if (!result)
                //    InitializeCurrentDump();
            }
            else
            {
                MessageBox.Show("The last 'dumpedBytestream' Buffer still remains.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
            }

            return(result);
        }
Exemple #3
0
 private void TerminateUserCommunicationThread()
 {
     if (CancelMyPendingIRPs())
     {
         U_MESSAGE_FORM message = new U_MESSAGE_FORM();
         if (SendControlMessage(TERMINATE_USER_THREAD, message))
         {
             isCommunicationThreadStarted = false;
         }
     }
 }
Exemple #4
0
 private static extern bool SendControlMessage(ushort ctlCode, [In, Out] U_MESSAGE_FORM message);
Exemple #5
0
        private void bSelect_Click(object sender, EventArgs e)
        {
            if (bSelect.Text == "Select")
            {
                if (lvProcessList.SelectedItems.Count == 1)
                {
                    U_MESSAGE_FORM message = new U_MESSAGE_FORM();
                    message.uMessage = lvProcessList.SelectedItems[0].SubItems[0].Text.Trim();
                    message.Res      = Convert.ToUInt16(lvProcessList.SelectedItems[0].SubItems[1].Text.Trim()); // 커널에는 PID가 4바이트로 저장됨 -> 바꾸던지 생각해 볼 것.
                    message.Type     = SELECT_TARGET_PROCESS;

                    if (SendControlMessage(SELECT_TARGET_PROCESS, message))
                    {
                        // Parse the EPROCESS.
                        if (GetByteStreamFromKernel(GET_KERNEL_OBJECT_CONTENTS, "_EPROCESS", 0))
                        {
                            tSelectedProcess.Text = "[" + lvProcessList.SelectedItems[0].SubItems[1].Text.Trim() + "] " + lvProcessList.SelectedItems[0].SubItems[0].Text;
                            if (lvProcessList.SelectedItems[0].SubItems[2].Text.Contains(":::"))
                            {
                                tSelectedProcess.Text += (" -" + lvProcessList.SelectedItems[0].SubItems[2].Text.Remove(0, 3));
                            }
                            bSelect.Text             = "Deselect";
                            bSelect.BackColor        = Color.LightCoral;
                            lvProcessList.Visible    = false;
                            tSelectedProcess.Enabled = false;
                        }
                        else
                        {
                            //MessageBox.Show("Failed to get _EPROCESS Data of \"" + message.uMessage + "\".\r\nTry it, later.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
                            message.Type = DESELECT_TARGET_PROCESS;
                            SendControlMessage(DESELECT_TARGET_PROCESS, message);
                        }
                    }
                    else
                    {
                        if (message.Res != 0x89)
                        {
                            MessageBox.Show("Failed to find this Process.", "Failed", MessageBoxButtons.OK, MessageBoxIcon.Information);
                        }
                        // else -> Failed to Get Offsets.
                        /////////////////////////////////////////////////////
                        /////// 이거 메시지가 너무 늦게 뜬다..... 각자 하는 걸로 변경할 것.
                        //      드라이버에서 TEST 값이 0으로 뜸.
                    }
                }
            }
            else
            {
                ////////////////////////////////////////////////// UI 관련 리소스 정리해야 함.
                B_MESSAGE_FORM message = new B_MESSAGE_FORM();
                message.Type = DESELECT_TARGET_PROCESS;
                SendControlMessage(DESELECT_TARGET_PROCESS, message);

                InitializeCurrentDump();

                this.tabProcess.SelectedIndex = 0;
                this.tvEprocess.Nodes.Clear();      ///////////////////////// 이거 모든 트리 클리어로 바꿔야 함.

                bSelect.Text          = "Select";
                bSelect.BackColor     = SystemColors.Control;
                lvProcessList.Visible = true;
                GetProcess();

                tSelectedProcess.Enabled = true;
                tSelectedProcess.Focus();
                tSelectedProcess.SelectAll();
            }
        }