public VirtualDwPackEntry(SemanticLogger logger, VirtualDwPack pack, DwPackEntry *entry, int index) { mLogger = logger; Pack = pack; Native = entry; Index = index; }
public override Native.NtStatus NtCreateFileImpl(string filePath, out IntPtr handle, FileAccess access, ref Native.OBJECT_ATTRIBUTES objectAttributes, ref Native.IO_STATUS_BLOCK ioStatus, ref long allocSize, uint fileAttributes, FileShare share, uint createDisposition, uint createOptions, IntPtr eaBuffer, uint eaLength) { var result = mHooks.NtCreateFileHook.OriginalFunction(out handle, access, ref objectAttributes, ref ioStatus, ref allocSize, fileAttributes, share, createDisposition, createOptions, eaBuffer, eaLength); if (!mPacksByName.TryGetValue(filePath, out var pack)) { mPacksByName[filePath] = pack = new VirtualDwPack(mLogger); // Load file using (var fileStream = new FileStream(new SafeFileHandle(handle, true), FileAccess.Read, 1024 * 1024)) pack.LoadFromFile(filePath, fileStream); // Reopen file to reset it result = mHooks.NtCreateFileHook.OriginalFunction(out handle, access, ref objectAttributes, ref ioStatus, ref allocSize, fileAttributes, share, createDisposition, createOptions, eaBuffer, eaLength); mLogger.Debug($"Registered {filePath}"); // Entries are redirected as needed to improve startup performance } mPacksByHandle[handle] = pack; mLogger.Debug($"Hnd {handle} {filePath} handle registered"); return(result); }
public VirtualDwPackEntry(SemanticLogger logger, VirtualDwPack pack, DwPackEntry *entry) { mLogger = logger; Pack = pack; Native = entry; }
public override Native.NtStatus NtCreateFileImpl(string filePath, out IntPtr handle, FileAccess access, ref Native.OBJECT_ATTRIBUTES objectAttributes, ref Native.IO_STATUS_BLOCK ioStatus, ref long allocSize, uint fileAttributes, FileShare share, uint createDisposition, uint createOptions, IntPtr eaBuffer, uint eaLength) { var result = mHooks.NtCreateFileHook.OriginalFunction(out handle, access, ref objectAttributes, ref ioStatus, ref allocSize, fileAttributes, share, createDisposition, createOptions, eaBuffer, eaLength); if (!mPacksByName.TryGetValue(filePath, out var pack)) { mPacksByName[filePath] = pack = new VirtualDwPack(mLogger, filePath); var pacIndex = int.Parse(pack.FileName.Substring(pack.FileName.Length - 5, 5)); var cpkName = pack.FileName.Substring(0, pack.FileName.Length - 5); var cpk = mLoadedCpks.Find(x => x.FileName.Contains(cpkName) && x.Entries.Any(y => y.PacIndex == pacIndex)); pack.Cpk = cpk; if (result != NtStatus.ObjectNameNotFound) { // Load file using (var fileStream = new FileStream(new SafeFileHandle(handle, true), FileAccess.Read, 1024 * 1024)) pack.LoadFromFile(filePath, fileStream); //pack.AddNewFiles( cpk ); // Reopen file to reset it result = mHooks.NtCreateFileHook.OriginalFunction(out handle, access, ref objectAttributes, ref ioStatus, ref allocSize, fileAttributes, share, createDisposition, createOptions, eaBuffer, eaLength); } else { pack.LoadFromCpk(pacIndex, cpk); handle = GenerateHandle(); ioStatus.Information = (IntPtr)1; ioStatus.Status = 0; result = NtStatus.Success; } mLogger.Debug($"Registered {filePath}"); // Entries are redirected as needed to improve startup performance } else if (result == NtStatus.ObjectNameNotFound) { // Find handle from name if (!mHandleByPack.TryGetValue(pack, out handle)) { handle = GenerateHandle(); } ioStatus.Information = (IntPtr)1; ioStatus.Status = 0; result = NtStatus.Success; } mPacksByHandle[handle] = new VirtualDwPackHandle() { Instance = pack }; mHandleByPack[pack] = handle; mLogger.Debug($"Hnd {handle} {filePath} handle registered"); return(result); }
private NtStatus ReadFile(IntPtr handle, IntPtr hEvent, IntPtr *apcRoutine, IntPtr *apcContext, ref Native.IO_STATUS_BLOCK ioStatus, byte *buffer, uint length, LARGE_INTEGER *byteOffset, IntPtr key, VirtualDwPack pack, long offset, long effOffset) { // File data read NtStatus result = NtStatus.Success; for (int i = 0; i < pack.Entries.Count; i++) { var entry = pack.Entries[i]; var dataOffset = (pack.Native.Data + entry.Native->DataOffset) - pack.Native.Ptr; if (effOffset < dataOffset || effOffset >= (dataOffset + entry.Native->CompressedSize)) { continue; } var fileDataOffset = effOffset - dataOffset; var readEndOffset = fileDataOffset + length; if (readEndOffset > entry.Native->CompressedSize) { continue; } // Make sure the file has been redirected // This is done as late as possible to improve startup times if (!entry.IsRedirected) { mLogger.Info($"{pack.FileName} Hnd: {handle} {entry.Native->Path} Idx: ({i}) Data access Offset: 0x{effOffset:X8} Length: 0x{length:X8}"); result = mHooks.NtReadFileHook.OriginalFunction(handle, hEvent, apcRoutine, apcContext, ref ioStatus, buffer, length, byteOffset, key); } else { mLogger.Info($"{pack.FileName} Hnd: {handle} {entry.Native->Path} Idx: ({i}) Data access Offset: 0x{effOffset:X8} Length: 0x{length:X8} redirected to {entry.RedirectedFilePath}"); result = NtStatus.Success; if (fileDataOffset < 0) { mLogger.Error($"{pack.FileName} Hnd: {handle} {entry.Native->Path} Idx: ({i}) Offset is before start of data!!!"); } else if (fileDataOffset > entry.RedirectedFileSize) { mLogger.Error($"{pack.FileName} Hnd: {handle} {entry.Native->Path} Idx: ({i}) Offset is after end of data!!!"); } mLogger.Debug($"{pack.FileName} Hnd: {handle} {entry.Native->Path} Idx: ({i}) Reading 0x{length:X8} bytes from redirected file at offset 0x{fileDataOffset:X8}"); // Get cached file stream if the file was previously opened or open a new file Stream redirectedStream; if (mCachedFile == entry) { redirectedStream = mCachedFileStream; } else { mCachedFileStream?.Close(); mCachedFile = entry; mCachedFileStream = redirectedStream = entry.OpenRead(); } // Read from redirected file into the buffer try { redirectedStream.Seek(fileDataOffset, SeekOrigin.Begin); var readBytes = redirectedStream.Read(new Span <byte>(( void * )buffer, ( int )length)); SetBytesRead(handle, ( int )offset, ( int )length, ref ioStatus); if (readBytes != length) { mLogger.Error($"{pack.FileName} Hnd: {handle} {entry.Native->Path} Idx: ({i}) File read length doesnt match requested read length!! Expected 0x{length:X8}, Actual 0x{readBytes:X8}"); } mLogger.Debug($"{pack.FileName} Hnd: {handle} {entry.Native->Path} Idx: ({i}) Wrote redirected file to buffer"); } catch (Exception e) { mLogger.Debug($"{pack.FileName} Hnd: {handle} Idx: {i} {entry.Native->Path} Unhandled exception thrown during reading {entry.RedirectedFilePath}: {e}"); } } // Return early, we're done here return(result); } mLogger.Error($"{pack.FileName} Hnd: {handle} Unhandled file data read request!! Offset: 0x{effOffset:X8} Length: 0x{length:X8}"); return(mHooks.NtReadFileHook.OriginalFunction(handle, hEvent, apcRoutine, apcContext, ref ioStatus, buffer, length, byteOffset, key)); }