public IEnumerable <Vehicle> Get([FromBody] Vehicle vehicle) { List <Vehicle> lstVehicle = new List <Vehicle>(); VTBL obj = new VTBL(); lstVehicle = obj.SearchVehicles(vehicle); return(lstVehicle); }
private void btnHook_Click(object sender, EventArgs e) { VTBL vtbl = VTableList.ElementAt(listBoxVTBL.SelectedIndex); for (int a = 0; a < vtbl.ValuesList.Count; a++) { NktHook hook = _spyMgr.CreateHookForAddress(_process, (IntPtr)vtbl.ValuesList.ElementAt(a), "", (int) (eNktHookFlags.flgOnlyPreCall | eNktHookFlags.flgDontCheckAddress)); hook.Hook(true); } if (checkSuspended.Checked) { _spyMgr.ResumeProcess(_process, ContinueEvent); } }
private void comboBoxModules_SelectedIndexChanged(object sender, EventArgs e) { comboBoxModules.Enabled = false; int selected = comboBoxModules.SelectedIndex; List <NktModule> ModuleList = (List <NktModule>)comboBoxModules.Tag; NktModule module = ModuleList.ElementAt(selected); NktStructPESections sections = module.Sections(); int nSectionCode = 0; for (int n = 0; n < sections.Count; n++) { if (sections.get_Name(n) == ".text") { nSectionCode = n; break; } } SecStartAddress = (UInt64)sections.get_StartAddress(nSectionCode); SecEndAddress = (UInt64)sections.get_EndAddress(nSectionCode); ModStartAddress = (UInt64)GetModuleBase(_process.Name); ModEndAddress = ModStartAddress + (UInt64)GetModuleSize(_process.Name); NktProcessMemory memory = _spyMgr.ProcessMemoryFromPID(_process.Id); uint nvtable = 0; ulong tmpAddress = 0; VTBL vtbl; vtbl.Address = 0; vtbl.ValuesList = null; for (UInt64 CurAddress = ModStartAddress; CurAddress < ModEndAddress; CurAddress++) { progressBar.Value = (int)(CurAddress * 100 / ModEndAddress); UInt32 CurValue = (UInt32)memory.Read((IntPtr)CurAddress, eNktDboFundamentalType.ftUnsignedDoubleWord); if (CurValue >= SecStartAddress && CurValue <= SecEndAddress) { UInt32 PreOpcodeSize = 50; byte[] PreOpcode = new byte[PreOpcodeSize]; for (UInt32 n = 0; n < PreOpcodeSize; n++) { PreOpcode[n] = (byte)memory.Read((IntPtr)(CurValue - PreOpcodeSize + n), eNktDboFundamentalType.ftUnsignedByte); } UInt32 PostOpcodeSize = 50; byte[] PostOpcode = new byte[PostOpcodeSize]; for (UInt32 n = 0; n < PostOpcodeSize; n++) { PostOpcode[n] = (byte)memory.Read((IntPtr)(CurValue + n), eNktDboFundamentalType.ftUnsignedByte); } if (isValidPreOpCode(PreOpcode, PreOpcodeSize) && isValidPostOpCode(PostOpcode, PostOpcodeSize)) { if ((CurAddress - tmpAddress) > 500 || tmpAddress == 0) //este valor lo podemos ir adaptando, lo correcto seria (CurAddress - tmpAddress != 4) { vtbl = new VTBL(); vtbl.Address = CurAddress; vtbl.ValuesList = new List <UInt64>(); VTableList.Add(vtbl); nvtable++; } tmpAddress = CurAddress; vtbl.ValuesList.Add((UInt64)SkipHook((IntPtr)CurValue, _process.Id)); } } } progressBar.Value = 100; for (int n = 0; n < VTableList.Count; n++) { string vtblname = "VTBL_" + n.ToString("X") + "_" + VTableList.ElementAt(n).Address.ToString("X") + "_" + VTableList.ElementAt(n).ValuesList.Count; listBoxVTBL.Items.Add(vtblname); } btnHook.Enabled = true; btnClear.Enabled = true; }
private void comboBoxModules_SelectedIndexChanged(object sender, EventArgs e) { comboBoxModules.Enabled = false; int selected = comboBoxModules.SelectedIndex; List<NktModule> ModuleList = (List<NktModule>)comboBoxModules.Tag; NktModule module = ModuleList.ElementAt(selected); NktStructPESections sections = module.Sections(); int nSectionCode = 0; for (int n = 0; n < sections.Count; n++) { if (sections.get_Name(n) == ".text") { nSectionCode = n; break; } } SecStartAddress = (UInt64)sections.get_StartAddress(nSectionCode); SecEndAddress = (UInt64)sections.get_EndAddress(nSectionCode); ModStartAddress = (UInt64)GetModuleBase(_process.Name); ModEndAddress = ModStartAddress + (UInt64)GetModuleSize(_process.Name); NktProcessMemory memory = _spyMgr.ProcessMemoryFromPID(_process.Id); uint nvtable = 0; ulong tmpAddress = 0; VTBL vtbl; vtbl.Address = 0; vtbl.ValuesList = null; for (UInt64 CurAddress = ModStartAddress; CurAddress < ModEndAddress; CurAddress++) { progressBar.Value = (int)( CurAddress * 100 / ModEndAddress); UInt32 CurValue = (UInt32)memory.Read((IntPtr)CurAddress, eNktDboFundamentalType.ftUnsignedDoubleWord); if (CurValue >= SecStartAddress && CurValue <= SecEndAddress) { UInt32 PreOpcodeSize = 50; byte[] PreOpcode = new byte[PreOpcodeSize]; for (UInt32 n = 0; n < PreOpcodeSize; n++) { PreOpcode[n] = (byte)memory.Read((IntPtr)(CurValue - PreOpcodeSize + n), eNktDboFundamentalType.ftUnsignedByte); } UInt32 PostOpcodeSize = 50; byte[] PostOpcode = new byte[PostOpcodeSize]; for (UInt32 n = 0; n < PostOpcodeSize; n++) { PostOpcode[n] = (byte)memory.Read((IntPtr)(CurValue + n), eNktDboFundamentalType.ftUnsignedByte); } if (isValidPreOpCode(PreOpcode, PreOpcodeSize) && isValidPostOpCode(PostOpcode, PostOpcodeSize)) { if ((CurAddress - tmpAddress) > 500 || tmpAddress == 0) //este valor lo podemos ir adaptando, lo correcto seria (CurAddress - tmpAddress != 4) { vtbl = new VTBL(); vtbl.Address = CurAddress; vtbl.ValuesList = new List<UInt64>(); VTableList.Add(vtbl); nvtable++; } tmpAddress = CurAddress; vtbl.ValuesList.Add((UInt64)SkipHook((IntPtr)CurValue, _process.Id)); } } } progressBar.Value = 100; for (int n = 0; n < VTableList.Count; n++) { string vtblname = "VTBL_" + n.ToString("X") + "_" + VTableList.ElementAt(n).Address.ToString("X") + "_" + VTableList.ElementAt(n).ValuesList.Count; listBoxVTBL.Items.Add(vtblname); } btnHook.Enabled = true; btnClear.Enabled = true; }