public IEnumerable <Vehicle> Get([FromBody] Vehicle vehicle)
{
List <Vehicle> lstVehicle = new List <Vehicle>();
VTBL obj = new VTBL();
lstVehicle = obj.SearchVehicles(vehicle);
return(lstVehicle);
}
private void btnHook_Click(object sender, EventArgs e)
{
VTBL vtbl = VTableList.ElementAt(listBoxVTBL.SelectedIndex);
for (int a = 0; a < vtbl.ValuesList.Count; a++)
{
NktHook hook = _spyMgr.CreateHookForAddress(_process, (IntPtr)vtbl.ValuesList.ElementAt(a), "",
(int)
(eNktHookFlags.flgOnlyPreCall |
eNktHookFlags.flgDontCheckAddress));
hook.Hook(true);
}
if (checkSuspended.Checked)
{
_spyMgr.ResumeProcess(_process, ContinueEvent);
}
}
private void comboBoxModules_SelectedIndexChanged(object sender, EventArgs e)
{
comboBoxModules.Enabled = false;
int selected = comboBoxModules.SelectedIndex;
List <NktModule> ModuleList = (List <NktModule>)comboBoxModules.Tag;
NktModule module = ModuleList.ElementAt(selected);
NktStructPESections sections = module.Sections();
int nSectionCode = 0;
for (int n = 0; n < sections.Count; n++)
{
if (sections.get_Name(n) == ".text")
{
nSectionCode = n;
break;
}
}
SecStartAddress = (UInt64)sections.get_StartAddress(nSectionCode);
SecEndAddress = (UInt64)sections.get_EndAddress(nSectionCode);
ModStartAddress = (UInt64)GetModuleBase(_process.Name);
ModEndAddress = ModStartAddress + (UInt64)GetModuleSize(_process.Name);
NktProcessMemory memory = _spyMgr.ProcessMemoryFromPID(_process.Id);
uint nvtable = 0;
ulong tmpAddress = 0;
VTBL vtbl;
vtbl.Address = 0;
vtbl.ValuesList = null;
for (UInt64 CurAddress = ModStartAddress; CurAddress < ModEndAddress; CurAddress++)
{
progressBar.Value = (int)(CurAddress * 100 / ModEndAddress);
UInt32 CurValue = (UInt32)memory.Read((IntPtr)CurAddress, eNktDboFundamentalType.ftUnsignedDoubleWord);
if (CurValue >= SecStartAddress && CurValue <= SecEndAddress)
{
UInt32 PreOpcodeSize = 50;
byte[] PreOpcode = new byte[PreOpcodeSize];
for (UInt32 n = 0; n < PreOpcodeSize; n++)
{
PreOpcode[n] =
(byte)memory.Read((IntPtr)(CurValue - PreOpcodeSize + n), eNktDboFundamentalType.ftUnsignedByte);
}
UInt32 PostOpcodeSize = 50;
byte[] PostOpcode = new byte[PostOpcodeSize];
for (UInt32 n = 0; n < PostOpcodeSize; n++)
{
PostOpcode[n] =
(byte)memory.Read((IntPtr)(CurValue + n), eNktDboFundamentalType.ftUnsignedByte);
}
if (isValidPreOpCode(PreOpcode, PreOpcodeSize) && isValidPostOpCode(PostOpcode, PostOpcodeSize))
{
if ((CurAddress - tmpAddress) > 500 || tmpAddress == 0) //este valor lo podemos ir adaptando, lo correcto seria (CurAddress - tmpAddress != 4)
{
vtbl = new VTBL();
vtbl.Address = CurAddress;
vtbl.ValuesList = new List <UInt64>();
VTableList.Add(vtbl);
nvtable++;
}
tmpAddress = CurAddress;
vtbl.ValuesList.Add((UInt64)SkipHook((IntPtr)CurValue, _process.Id));
}
}
}
progressBar.Value = 100;
for (int n = 0; n < VTableList.Count; n++)
{
string vtblname = "VTBL_" + n.ToString("X") + "_" + VTableList.ElementAt(n).Address.ToString("X") + "_" + VTableList.ElementAt(n).ValuesList.Count;
listBoxVTBL.Items.Add(vtblname);
}
btnHook.Enabled = true;
btnClear.Enabled = true;
}
private void comboBoxModules_SelectedIndexChanged(object sender, EventArgs e)
{
comboBoxModules.Enabled = false;
int selected = comboBoxModules.SelectedIndex;
List<NktModule> ModuleList = (List<NktModule>)comboBoxModules.Tag;
NktModule module = ModuleList.ElementAt(selected);
NktStructPESections sections = module.Sections();
int nSectionCode = 0;
for (int n = 0; n < sections.Count; n++)
{
if (sections.get_Name(n) == ".text")
{
nSectionCode = n;
break;
}
}
SecStartAddress = (UInt64)sections.get_StartAddress(nSectionCode);
SecEndAddress = (UInt64)sections.get_EndAddress(nSectionCode);
ModStartAddress = (UInt64)GetModuleBase(_process.Name);
ModEndAddress = ModStartAddress + (UInt64)GetModuleSize(_process.Name);
NktProcessMemory memory = _spyMgr.ProcessMemoryFromPID(_process.Id);
uint nvtable = 0;
ulong tmpAddress = 0;
VTBL vtbl;
vtbl.Address = 0;
vtbl.ValuesList = null;
for (UInt64 CurAddress = ModStartAddress; CurAddress < ModEndAddress; CurAddress++)
{
progressBar.Value = (int)( CurAddress * 100 / ModEndAddress);
UInt32 CurValue = (UInt32)memory.Read((IntPtr)CurAddress, eNktDboFundamentalType.ftUnsignedDoubleWord);
if (CurValue >= SecStartAddress && CurValue <= SecEndAddress)
{
UInt32 PreOpcodeSize = 50;
byte[] PreOpcode = new byte[PreOpcodeSize];
for (UInt32 n = 0; n < PreOpcodeSize; n++)
{
PreOpcode[n] =
(byte)memory.Read((IntPtr)(CurValue - PreOpcodeSize + n), eNktDboFundamentalType.ftUnsignedByte);
}
UInt32 PostOpcodeSize = 50;
byte[] PostOpcode = new byte[PostOpcodeSize];
for (UInt32 n = 0; n < PostOpcodeSize; n++)
{
PostOpcode[n] =
(byte)memory.Read((IntPtr)(CurValue + n), eNktDboFundamentalType.ftUnsignedByte);
}
if (isValidPreOpCode(PreOpcode, PreOpcodeSize) && isValidPostOpCode(PostOpcode, PostOpcodeSize))
{
if ((CurAddress - tmpAddress) > 500 || tmpAddress == 0) //este valor lo podemos ir adaptando, lo correcto seria (CurAddress - tmpAddress != 4)
{
vtbl = new VTBL();
vtbl.Address = CurAddress;
vtbl.ValuesList = new List<UInt64>();
VTableList.Add(vtbl);
nvtable++;
}
tmpAddress = CurAddress;
vtbl.ValuesList.Add((UInt64)SkipHook((IntPtr)CurValue, _process.Id));
}
}
}
progressBar.Value = 100;
for (int n = 0; n < VTableList.Count; n++)
{
string vtblname = "VTBL_" + n.ToString("X") + "_" + VTableList.ElementAt(n).Address.ToString("X") + "_" + VTableList.ElementAt(n).ValuesList.Count;
listBoxVTBL.Items.Add(vtblname);
}
btnHook.Enabled = true;
btnClear.Enabled = true;
}
