From 1708e8575e0ae98f6f1127b23e58a25ef155ef2d Mon Sep 17 00:00:00 2001 From: Marenthyu Date: Sat, 2 May 2020 16:52:09 +0200 Subject: [PATCH] Add WinAPI Process Enumaration and module info Thanks sig. Seriously. See notice.txt --- .../memedit/bunny/BunnyMemoryManager.java | 388 +++++++++--------- src/de/marenthyu/memedit/util/Shared.java | 242 ++++++----- src/de/marenthyu/memedit/util/sig/Module.java | 64 +++ src/de/marenthyu/memedit/util/sig/Psapi.java | 57 +++ .../memedit/util/sig/PsapiTools.java | 104 +++++ src/de/marenthyu/memedit/util/sig/notice.txt | 3 + 6 files changed, 561 insertions(+), 297 deletions(-) create mode 100644 src/de/marenthyu/memedit/util/sig/Module.java create mode 100644 src/de/marenthyu/memedit/util/sig/Psapi.java create mode 100644 src/de/marenthyu/memedit/util/sig/PsapiTools.java create mode 100644 src/de/marenthyu/memedit/util/sig/notice.txt diff --git a/src/de/marenthyu/memedit/bunny/BunnyMemoryManager.java b/src/de/marenthyu/memedit/bunny/BunnyMemoryManager.java index ccef0e0..f2aeb25 100644 --- a/src/de/marenthyu/memedit/bunny/BunnyMemoryManager.java +++ b/src/de/marenthyu/memedit/bunny/BunnyMemoryManager.java @@ -1,194 +1,194 @@ -package de.marenthyu.memedit.bunny; - -import com.sun.jna.Memory; -import com.sun.jna.Pointer; -import de.marenthyu.twitch.pubsub.PubSubClient; -import de.marenthyu.twitch.pubsub.channelpoints.ChannelPointsRedemptionHandler; - -import javax.swing.*; -import java.io.IOException; - -import static de.marenthyu.memedit.bunny.BunnyConstants.*; -import static de.marenthyu.memedit.util.Shared.*; - -public class BunnyMemoryManager { - - - static int RABI_BASE_SIZE; - public static Pointer bunnyProcess; - public static int bunnyPID; - - - public static void init() { - bunnyPID = getProcessId(RABI_TITLE); - System.out.println("[BUNNY] Bunny PID: " + bunnyPID); - bunnyProcess = openProcess(PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION, bunnyPID); - try { - RABI_BASE_SIZE = getBaseAddress("rabiribi.exe"); - if (RABI_BASE_SIZE == 0) { - throw new IOException("Invalid Size Returned from Powershell"); - } - } catch (NumberFormatException | IOException e) { - // e.printStackTrace(); - System.out.println(); - System.out.println("[BUNNY] Error getting the Module base address automatically, asking user."); - String userInput = JOptionPane.showInputDialog("Please Enter the base address of rabiribi.exe\n If you dare, please help me automate this. I am at the end of my knowledge. If you don't know how to do this, ask whoever linked you this software."); - try { - RABI_BASE_SIZE = Integer.decode(userInput); - } catch (Exception y) { - try { - RABI_BASE_SIZE = Integer.decode("0x" + userInput); - } catch (Exception ex) { - System.out.println("[BUNNY] You're stupid. I think. something went wrong."); - e.printStackTrace(); - ex.printStackTrace(); - System.exit(2); - } - - } - } - - if (bunnyPID == 0) { - System.err.println("[BUNNY] COULD NOT LOCATE PID FOR " + RABI_TITLE + " - PLEASE MAKE SURE THE GAME IS RUNNING AND ON THE SPECIFIED VERSION!"); - System.exit(1); - } - } - - public static void addSetHPHandler(PubSubClient pubSub) { - pubSub.addChannelPointsRedemptionHandler(new ChannelPointsRedemptionHandler("[BUNNY][HP]") { - @Override - public void matched(String input) { - try { - int newHeahlth = Integer.parseInt(input); - setHP(newHeahlth); - System.out.println("[BUNNY][HP] HP set to " + newHeahlth); - } catch (NumberFormatException e) { - System.err.println("[BUNNY][HP] Invalid Number."); - } - } - }); - } - - public static void addFullHealHandler(PubSubClient pubSub) { - pubSub.addChannelPointsRedemptionHandler(new ChannelPointsRedemptionHandler("[BUNNY][FULLHEAL]") { - @Override - public void matched(String input) { - fullHeal(); - System.out.println("[BUNNY][FULLHEAL] Healed fully!"); - } - }); - } - - public static void addHealHandler(PubSubClient pubSub) { - pubSub.addChannelPointsRedemptionHandler(new ChannelPointsRedemptionHandler("[BUNNY][HEAL]") { - @Override - public void matched(String input) { - try { - int amount = Integer.parseInt(input); - heal(amount); - System.out.println("[BUNNY][HEAL] Healed by " + amount); - } catch (NumberFormatException e) { - System.err.println("[BUNNY][HEAL] Invalid Number."); - } - } - - }); - } - - - public static void addBadgeHandlers(PubSubClient pubSub) { - for (int i = 0;i < RABI_BADGES.length;i++) { - for (int j = 0;j<=2;j++) { - String type; - switch (j) { - case 0: - { - type = "DELETE"; - break; - } - case 1: { - type = "UNLOCK"; - break; - } - case 2: { - type = "EQUIP"; - break; - } - default: - throw new IllegalStateException("Unexpected value: " + j); - } - final int finalJ = j; - final int finalI = i; - pubSub.addChannelPointsRedemptionHandler(new ChannelPointsRedemptionHandler("[BUNNY][BADGE][" + type + "][" + RABI_BADGES[finalI] + "]") { - @Override - public void matched(String input) { - switch (finalJ) { - case 0: - { - removeBadge(finalI); - break; - } - case 1: { - unluckAndUnequipBadge(finalI); - break; - } - case 2: { - equipBadge(finalI); - break; - } - default: - throw new IllegalStateException("Unexpected value: " + finalJ); - } - System.out.println("[BUNNY][BADGE][" + type + "][" + RABI_BADGES[finalI] + "] Badges changed!"); - } - - }); - } - } - - } - - public static void setHP(int newHeahlth) { - System.out.println("[BUNNY] Got request to change HP - setting it to " + newHeahlth); - long dynAddress = findDynAddress(bunnyProcess, RABI_HEALTH_OFFSETS_IN_SAVBLOCK, RABI_BASE_SIZE + RABI_SAVBLOCK_OFFSET); - int curHealth = getCurHP(); - System.out.println(String.format("[BUNNY] Old health read from memory was: %d, setting it to %d", curHealth, newHeahlth)); - writeMemory(bunnyProcess, dynAddress, intToBytes(newHeahlth)); - } - - public static int getCurHP() { - long dynAddress = findDynAddress(bunnyProcess, RABI_HEALTH_OFFSETS_IN_SAVBLOCK, RABI_BASE_SIZE + RABI_SAVBLOCK_OFFSET); - Memory healthCurrentMem = readMemory(bunnyProcess, dynAddress, 4); - return healthCurrentMem.getInt(0); - } - - public static int getMaxHP() { - long dynAddress = findDynAddress(bunnyProcess, RABI_MAX_HEALTH_OFFSETS_IN_SAVBLOCK, RABI_BASE_SIZE + RABI_SAVBLOCK_OFFSET); - Memory healthCurrentMem = readMemory(bunnyProcess, dynAddress, 4); - return healthCurrentMem.getInt(0); - } - - public static void heal(int amount) { - setHP(getCurHP() + amount); - } - - public static void fullHeal() { - setHP(getMaxHP()); - } - - public static void equipBadge(int badgeID) { - long dynAddress = findDynAddress(bunnyProcess, new int[]{badgeID * 4}, RABI_BASE_SIZE + RABI_BADGE_ARRAY_BASE_POINTER_OFFSET); - writeMemory(bunnyProcess, dynAddress, new byte[]{0x02}); - } - - public static void unluckAndUnequipBadge(int badgeID) { - long dynAddress = findDynAddress(bunnyProcess, new int[]{badgeID * 4}, RABI_BASE_SIZE + RABI_BADGE_ARRAY_BASE_POINTER_OFFSET); - writeMemory(bunnyProcess, dynAddress, new byte[]{0x01}); - } - - public static void removeBadge(int badgeID) { - long dynAddress = findDynAddress(bunnyProcess, new int[]{badgeID * 4}, RABI_BASE_SIZE + RABI_BADGE_ARRAY_BASE_POINTER_OFFSET); - writeMemory(bunnyProcess, dynAddress, new byte[]{0x00}); - } - -} +package de.marenthyu.memedit.bunny; + +import com.sun.jna.Memory; +import com.sun.jna.Pointer; +import de.marenthyu.twitch.pubsub.PubSubClient; +import de.marenthyu.twitch.pubsub.channelpoints.ChannelPointsRedemptionHandler; + +import javax.swing.*; +import java.io.IOException; + +import static de.marenthyu.memedit.bunny.BunnyConstants.*; +import static de.marenthyu.memedit.util.Shared.*; + +public class BunnyMemoryManager { + + + static int RABI_BASE_SIZE; + public static Pointer bunnyProcess; + public static int bunnyPID; + + + public static void init() { + bunnyPID = getProcessIdByWindowTitle(RABI_TITLE); + System.out.println("[BUNNY] Bunny PID: " + bunnyPID); + bunnyProcess = openProcess(PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION, bunnyPID); + try { + RABI_BASE_SIZE = getBaseAddress("rabiribi.exe"); + if (RABI_BASE_SIZE == 0) { + throw new IOException("Invalid Size Returned from Base Address Detection"); + } + } catch (NumberFormatException | IOException e) { + // e.printStackTrace(); + System.out.println(); + System.out.println("[BUNNY] Error getting the Module base address automatically, asking user."); + String userInput = JOptionPane.showInputDialog("Please Enter the base address of rabiribi.exe\n Too bad this failed. Thanks sig for the actual implementation that works most of the time. If you don't know how to do this, ask whoever linked you this software."); + try { + RABI_BASE_SIZE = Integer.decode(userInput); + } catch (Exception y) { + try { + RABI_BASE_SIZE = Integer.decode("0x" + userInput); + } catch (Exception ex) { + System.out.println("[BUNNY] You're stupid. I think. something went wrong."); + e.printStackTrace(); + ex.printStackTrace(); + System.exit(2); + } + + } + } + + if (bunnyPID == 0) { + System.err.println("[BUNNY] COULD NOT LOCATE PID FOR " + RABI_TITLE + " - PLEASE MAKE SURE THE GAME IS RUNNING AND ON THE SPECIFIED VERSION!"); + System.exit(1); + } + } + + public static void addSetHPHandler(PubSubClient pubSub) { + pubSub.addChannelPointsRedemptionHandler(new ChannelPointsRedemptionHandler("[BUNNY][HP]") { + @Override + public void matched(String input) { + try { + int newHeahlth = Integer.parseInt(input); + setHP(newHeahlth); + System.out.println("[BUNNY][HP] HP set to " + newHeahlth); + } catch (NumberFormatException e) { + System.err.println("[BUNNY][HP] Invalid Number."); + } + } + }); + } + + public static void addFullHealHandler(PubSubClient pubSub) { + pubSub.addChannelPointsRedemptionHandler(new ChannelPointsRedemptionHandler("[BUNNY][FULLHEAL]") { + @Override + public void matched(String input) { + fullHeal(); + System.out.println("[BUNNY][FULLHEAL] Healed fully!"); + } + }); + } + + public static void addHealHandler(PubSubClient pubSub) { + pubSub.addChannelPointsRedemptionHandler(new ChannelPointsRedemptionHandler("[BUNNY][HEAL]") { + @Override + public void matched(String input) { + try { + int amount = Integer.parseInt(input); + heal(amount); + System.out.println("[BUNNY][HEAL] Healed by " + amount); + } catch (NumberFormatException e) { + System.err.println("[BUNNY][HEAL] Invalid Number."); + } + } + + }); + } + + + public static void addBadgeHandlers(PubSubClient pubSub) { + for (int i = 0;i < RABI_BADGES.length;i++) { + for (int j = 0;j<=2;j++) { + String type; + switch (j) { + case 0: + { + type = "DELETE"; + break; + } + case 1: { + type = "UNLOCK"; + break; + } + case 2: { + type = "EQUIP"; + break; + } + default: + throw new IllegalStateException("Unexpected value: " + j); + } + final int finalJ = j; + final int finalI = i; + pubSub.addChannelPointsRedemptionHandler(new ChannelPointsRedemptionHandler("[BUNNY][BADGE][" + type + "][" + RABI_BADGES[finalI] + "]") { + @Override + public void matched(String input) { + switch (finalJ) { + case 0: + { + removeBadge(finalI); + break; + } + case 1: { + unluckAndUnequipBadge(finalI); + break; + } + case 2: { + equipBadge(finalI); + break; + } + default: + throw new IllegalStateException("Unexpected value: " + finalJ); + } + System.out.println("[BUNNY][BADGE][" + type + "][" + RABI_BADGES[finalI] + "] Badges changed!"); + } + + }); + } + } + + } + + public static void setHP(int newHeahlth) { + System.out.println("[BUNNY] Got request to change HP - setting it to " + newHeahlth); + long dynAddress = findDynAddress(bunnyProcess, RABI_HEALTH_OFFSETS_IN_SAVBLOCK, RABI_BASE_SIZE + RABI_SAVBLOCK_OFFSET); + int curHealth = getCurHP(); + System.out.println(String.format("[BUNNY] Old health read from memory was: %d, setting it to %d", curHealth, newHeahlth)); + writeMemory(bunnyProcess, dynAddress, intToBytes(newHeahlth)); + } + + public static int getCurHP() { + long dynAddress = findDynAddress(bunnyProcess, RABI_HEALTH_OFFSETS_IN_SAVBLOCK, RABI_BASE_SIZE + RABI_SAVBLOCK_OFFSET); + Memory healthCurrentMem = readMemory(bunnyProcess, dynAddress, 4); + return healthCurrentMem.getInt(0); + } + + public static int getMaxHP() { + long dynAddress = findDynAddress(bunnyProcess, RABI_MAX_HEALTH_OFFSETS_IN_SAVBLOCK, RABI_BASE_SIZE + RABI_SAVBLOCK_OFFSET); + Memory healthCurrentMem = readMemory(bunnyProcess, dynAddress, 4); + return healthCurrentMem.getInt(0); + } + + public static void heal(int amount) { + setHP(getCurHP() + amount); + } + + public static void fullHeal() { + setHP(getMaxHP()); + } + + public static void equipBadge(int badgeID) { + long dynAddress = findDynAddress(bunnyProcess, new int[]{badgeID * 4}, RABI_BASE_SIZE + RABI_BADGE_ARRAY_BASE_POINTER_OFFSET); + writeMemory(bunnyProcess, dynAddress, new byte[]{0x02}); + } + + public static void unluckAndUnequipBadge(int badgeID) { + long dynAddress = findDynAddress(bunnyProcess, new int[]{badgeID * 4}, RABI_BASE_SIZE + RABI_BADGE_ARRAY_BASE_POINTER_OFFSET); + writeMemory(bunnyProcess, dynAddress, new byte[]{0x01}); + } + + public static void removeBadge(int badgeID) { + long dynAddress = findDynAddress(bunnyProcess, new int[]{badgeID * 4}, RABI_BASE_SIZE + RABI_BADGE_ARRAY_BASE_POINTER_OFFSET); + writeMemory(bunnyProcess, dynAddress, new byte[]{0x00}); + } + +} diff --git a/src/de/marenthyu/memedit/util/Shared.java b/src/de/marenthyu/memedit/util/Shared.java index 8bf5a55..8aadc4f 100644 --- a/src/de/marenthyu/memedit/util/Shared.java +++ b/src/de/marenthyu/memedit/util/Shared.java @@ -1,103 +1,139 @@ -package de.marenthyu.memedit.util; - -import com.sun.jna.Memory; -import com.sun.jna.Native; -import com.sun.jna.Pointer; -import com.sun.jna.ptr.IntByReference; - -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStreamReader; - -public class Shared { - static Kernel32 kernel32 = Native.load("kernel32", Kernel32.class); - static User32 user32 = Native.load("user32", User32.class); - - public static int PROCESS_VM_READ = 0x0010; - public static int PROCESS_VM_WRITE = 0x0020; - public static int PROCESS_VM_OPERATION = 0x0008; - - public static int getProcessId(String window) { - IntByReference pid = new IntByReference(0); - user32.GetWindowThreadProcessId(user32.FindWindowA(null, window), pid); - - return pid.getValue(); - } - - public static Pointer openProcess(int permissions, int pid) { - Pointer process = kernel32.OpenProcess(permissions, true, pid); - return process; - } - - public static long findDynAddress(Pointer process, int[] offsets, long baseAddress) { - - long pointer = baseAddress; - - int size = 4; - Memory pTemp = new Memory(size); - long pointerAddress = 0; - // System.out.println("initial pointerAddress: " + String.format("0x%X", pointer)); - for (int i = 0; i < offsets.length; i++) { - if (i == 0) { - kernel32.ReadProcessMemory(process, pointer, pTemp, size, null); - } - - pointerAddress = ((pTemp.getInt(0) + offsets[i])); - - // System.out.println("Current pointerAddress: " + String.format("0x%X", pointerAddress)); - - if (i != offsets.length - 1) - kernel32.ReadProcessMemory(process, pointerAddress, pTemp, size, null); - - - } - - return pointerAddress; - } - - public static Memory readMemory(Pointer process, long address, int bytesToRead) { - IntByReference read = new IntByReference(0); - Memory output = new Memory(bytesToRead); - - kernel32.ReadProcessMemory(process, address, output, bytesToRead, read); - return output; - } - - public static void writeMemory(Pointer process, long address, byte[] data) { - int size = data.length; - Memory toWrite = new Memory(size); - - for (int i = 0; i < size; i++) { - toWrite.setByte(i, data[i]); - } - - boolean b = kernel32.WriteProcessMemory(process, address, toWrite, size, null); - } - - public static byte[] intToBytes(final int data) { - return new byte[]{ - (byte) ((data >> 0) & 0xff), - (byte) ((data >> 8) & 0xff), - (byte) ((data >> 16) & 0xff), - (byte) ((data >> 24) & 0xff) - }; - } - - public static int getBaseAddress(String executableName) throws IOException { - String command = "powershell.exe \"$modules = Get-Process " + executableName.split("\\.")[0] + " -Module; $modules[0].BaseAddress;\""; - // Executing the command - Process powerShellProcess = Runtime.getRuntime().exec(command); - // Getting the results - powerShellProcess.getOutputStream().close(); - String line; - BufferedReader stdout = new BufferedReader(new InputStreamReader( - powerShellProcess.getInputStream())); - StringBuilder output = new StringBuilder(); - while ((line = stdout.readLine()) != null) { - output.append(line); - } - stdout.close(); - return Integer.parseInt(output.toString()); - } - -} +package de.marenthyu.memedit.util; + +import com.sun.jna.Memory; +import com.sun.jna.Native; +import com.sun.jna.Pointer; +import com.sun.jna.platform.win32.WinNT; +import com.sun.jna.ptr.IntByReference; +import de.marenthyu.memedit.util.sig.Module; +import de.marenthyu.memedit.util.sig.PsapiTools; + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStreamReader; +import java.util.List; + +public class Shared { + static Kernel32 kernel32 = Native.load("kernel32", Kernel32.class); + static User32 user32 = Native.load("user32", User32.class); + + final static int PROCESS_PERMISSIONS = WinNT.PROCESS_QUERY_INFORMATION | WinNT.PROCESS_VM_READ; + + public static int PROCESS_VM_READ = 0x0010; + public static int PROCESS_VM_WRITE = 0x0020; + public static int PROCESS_VM_OPERATION = 0x0008; + + public static int getProcessIdByWindowTitle(String window) { + IntByReference pid = new IntByReference(0); + user32.GetWindowThreadProcessId(user32.FindWindowA(null, window), pid); + + return pid.getValue(); + } + + + public static Pointer openProcess(int permissions, int pid) { + Pointer process = kernel32.OpenProcess(permissions, true, pid); + return process; + } + + public static long findDynAddress(Pointer process, int[] offsets, long baseAddress) { + + long pointer = baseAddress; + + int size = 4; + Memory pTemp = new Memory(size); + long pointerAddress = 0; + // System.out.println("initial pointerAddress: " + String.format("0x%X", pointer)); + for (int i = 0; i < offsets.length; i++) { + if (i == 0) { + kernel32.ReadProcessMemory(process, pointer, pTemp, size, null); + } + + pointerAddress = ((pTemp.getInt(0) + offsets[i])); + + // System.out.println("Current pointerAddress: " + String.format("0x%X", pointerAddress)); + + if (i != offsets.length - 1) + kernel32.ReadProcessMemory(process, pointerAddress, pTemp, size, null); + + + } + + return pointerAddress; + } + + public static Memory readMemory(Pointer process, long address, int bytesToRead) { + IntByReference read = new IntByReference(0); + Memory output = new Memory(bytesToRead); + + kernel32.ReadProcessMemory(process, address, output, bytesToRead, read); + return output; + } + + public static void writeMemory(Pointer process, long address, byte[] data) { + int size = data.length; + Memory toWrite = new Memory(size); + + for (int i = 0; i < size; i++) { + toWrite.setByte(i, data[i]); + } + + boolean b = kernel32.WriteProcessMemory(process, address, toWrite, size, null); + } + + public static byte[] intToBytes(final int data) { + return new byte[]{ + (byte) ((data >> 0) & 0xff), + (byte) ((data >> 8) & 0xff), + (byte) ((data >> 16) & 0xff), + (byte) ((data >> 24) & 0xff) + }; + } + + public static int getBaseAddress(String executableName) { + List pids = null; + try { + pids = PsapiTools.getInstance().enumProcesses(); + } catch (Exception e) { + e.printStackTrace(); + return 0; + } + for (Integer pid : pids) { + WinNT.HANDLE process = com.sun.jna.platform.win32.Kernel32.INSTANCE.OpenProcess(PROCESS_PERMISSIONS, true, pid); + List hModules; + try { + hModules = PsapiTools.getInstance().EnumProcessModules(process); + for (Module m : hModules) { + //System.out.println(m.getFileName()+":"+m.getEntryPoint()); + if (m.getFileName().contains(executableName)) { + return (int) Pointer.nativeValue(m.getLpBaseOfDll().getPointer()); + + } + } + } catch (Exception e) { + e.printStackTrace(); + } + } + return 0; + } + + @Deprecated + // Kept for historical reasons. Thanks sig. + public static int getBaseAddressPowerShell(String executableName) throws IOException { + String command = "powershell.exe \"$modules = Get-Process " + executableName.split("\\.")[0] + " -Module; $modules[0].BaseAddress;\""; + // Executing the command + Process powerShellProcess = Runtime.getRuntime().exec(command); + // Getting the results + powerShellProcess.getOutputStream().close(); + String line; + BufferedReader stdout = new BufferedReader(new InputStreamReader( + powerShellProcess.getInputStream())); + StringBuilder output = new StringBuilder(); + while ((line = stdout.readLine()) != null) { + output.append(line); + } + stdout.close(); + return Integer.parseInt(output.toString()); + } + +} diff --git a/src/de/marenthyu/memedit/util/sig/Module.java b/src/de/marenthyu/memedit/util/sig/Module.java new file mode 100644 index 0000000..b568b19 --- /dev/null +++ b/src/de/marenthyu/memedit/util/sig/Module.java @@ -0,0 +1,64 @@ +package de.marenthyu.memedit.util.sig; + +import com.sun.jna.platform.win32.WinDef.HMODULE; +import com.sun.jna.platform.win32.WinNT.HANDLE; +import de.marenthyu.memedit.util.sig.Psapi.LPMODULEINFO; + +public class Module { + private HANDLE hProcess; + private HMODULE hModule; + private HANDLE lpBaseOfDll = null; + private int SizeOfImage = 0; + private HANDLE EntryPoint = null; + + private PsapiTools psapi = PsapiTools.getInstance(); + + protected Module() { + } + + public Module(HANDLE hProcess, HMODULE hModule) { + this.hProcess = hProcess; + this.hModule = hModule; + } + + public HMODULE getPointer() { + return hModule; + } + + public String getFileName() { + return psapi.GetModuleFileNameExA(hProcess, hModule); + } + + public String getBaseName() { + return psapi.GetModuleBaseNameA(hProcess, hModule); + } + + private void GetModuleInformation() { + if (lpBaseOfDll == null) { + try { + LPMODULEINFO x = psapi.GetModuleInformation(hProcess, hModule); + lpBaseOfDll = x.lpBaseOfDll; + SizeOfImage = x.SizeOfImage; + EntryPoint = x.EntryPoint; + } catch (Exception e) { + e.printStackTrace(); + } + } + } + + public HANDLE getLpBaseOfDll() { + GetModuleInformation(); + return lpBaseOfDll; + } + + public int getSizeOfImage() { + GetModuleInformation(); + return SizeOfImage; + } + + public HANDLE getEntryPoint() { + GetModuleInformation(); + return EntryPoint; + } + +} diff --git a/src/de/marenthyu/memedit/util/sig/Psapi.java b/src/de/marenthyu/memedit/util/sig/Psapi.java new file mode 100644 index 0000000..58184a2 --- /dev/null +++ b/src/de/marenthyu/memedit/util/sig/Psapi.java @@ -0,0 +1,57 @@ +package de.marenthyu.memedit.util.sig; + +import com.sun.jna.Native; +import com.sun.jna.Structure; +import com.sun.jna.platform.win32.WinDef.HMODULE; +import com.sun.jna.platform.win32.WinNT.HANDLE; +import com.sun.jna.ptr.IntByReference; +import com.sun.jna.win32.StdCallLibrary; + +import java.util.Arrays; +import java.util.List; + +public interface Psapi extends StdCallLibrary { + Psapi INSTANCE = Native.load("Psapi", Psapi.class); + + /* + * http://msdn.microsoft.com/en-us/library/ms682629(VS.85).aspx + */ + boolean EnumProcesses(int[] pProcessIds, int cb, IntByReference pBytesReturned); + + + /* + * http://msdn.microsoft.com/en-us/library/ms682631(VS.85).aspx + */ + boolean EnumProcessModules(HANDLE hProcess, HMODULE[] lphModule, int cb, IntByReference lpcbNeededs); + + boolean EnumProcessModulesEx(HANDLE hProcess, HMODULE[] lphModule, int cb, IntByReference lpcbNeededs, int flags); + + + /* + * http://msdn.microsoft.com/en-us/library/ms683198(VS.85).aspx + */ + int GetModuleFileNameExA(HANDLE hProcess, HMODULE hModule, byte[] lpImageFileName, int nSize); + + int GetModuleBaseNameA(HANDLE hProcess, HMODULE hModule, byte[] lpImageFileName, int nSize); + + + /* + * http://msdn.microsoft.com/en-us/library/ms684229(VS.85).aspx + */ + public static class LPMODULEINFO extends Structure { + public HANDLE lpBaseOfDll; + public int SizeOfImage; + public HANDLE EntryPoint; + @Override + protected List getFieldOrder() { + return Arrays.asList(new String[] { "lpBaseOfDll", "SizeOfImage", "EntryPoint"}); + } +} + + /* + * http://msdn.microsoft.com/en-us/library/ms683201(VS.85).aspx + */ + boolean GetModuleInformation(HANDLE hProcess, HMODULE hModule, LPMODULEINFO lpmodinfo, int cb); + + +} diff --git a/src/de/marenthyu/memedit/util/sig/PsapiTools.java b/src/de/marenthyu/memedit/util/sig/PsapiTools.java new file mode 100644 index 0000000..b20a0cf --- /dev/null +++ b/src/de/marenthyu/memedit/util/sig/PsapiTools.java @@ -0,0 +1,104 @@ +package de.marenthyu.memedit.util.sig; + +import com.sun.jna.Native; +import com.sun.jna.platform.win32.Kernel32; +import com.sun.jna.platform.win32.WinDef.HMODULE; +import com.sun.jna.platform.win32.WinNT.HANDLE; +import com.sun.jna.ptr.IntByReference; +import de.marenthyu.memedit.util.sig.Psapi.LPMODULEINFO; + +import java.util.LinkedList; +import java.util.List; + +public class PsapiTools { + private static PsapiTools INSTANCE=null; + private static Psapi psapi = Psapi.INSTANCE; + private static Kernel32 k32 = Kernel32.INSTANCE; + + private PsapiTools(){} + + public static PsapiTools getInstance(){ + if (INSTANCE==null) + INSTANCE=new PsapiTools(); + return INSTANCE; + } + + + public List enumProcesses() throws Exception{ + List list = new LinkedList(); + + int[] pProcessIds = new int[1024]; + IntByReference pBytesReturned = new IntByReference(); + boolean success = psapi.EnumProcesses(pProcessIds, pProcessIds.length*Integer.SIZE/8, pBytesReturned); + if (!success){ + int err=k32.GetLastError(); + throw new Exception("EnumProcesses failed. Error: "+err); + } + + int size = (pBytesReturned.getValue()/(Integer.SIZE/8)); + for (int i=0;i EnumProcessModules(HANDLE hProcess) throws Exception{ + List list = new LinkedList(); + + HMODULE[] lphModule = new HMODULE[1024]; + IntByReference lpcbNeededs= new IntByReference(); + boolean success = psapi.EnumProcessModules(hProcess, lphModule, lphModule.length, lpcbNeededs); + if (!success){ + int err=k32.GetLastError(); + if (err!=6 && err!=299) { + throw new Exception("EnumProcessModules failed. Error: "+err); + } + } + for (int i = 0; i < lpcbNeededs.getValue()/4; i++) { + list.add(new Module(hProcess, lphModule[i])); + } + + return list; + } + + public List EnumProcessModulesEx(HANDLE hProcess, int flags) throws Exception{ + List list = new LinkedList(); + + HMODULE[] lphModule = new HMODULE[1024]; + IntByReference lpcbNeededs= new IntByReference(); + boolean success = psapi.EnumProcessModulesEx(hProcess, lphModule, lphModule.length, lpcbNeededs, flags); + if (!success){ + int err=k32.GetLastError(); + throw new Exception("EnumProcessModules failed. Error: "+err); + } + for (int i = 0; i < lpcbNeededs.getValue()/4; i++) { + list.add(new Module(hProcess, lphModule[i])); + } + + return list; +} + + public String GetModuleFileNameExA(HANDLE hProcess, HMODULE hModule){ + byte[] lpImageFileName= new byte[256]; + psapi.GetModuleFileNameExA(hProcess, hModule, lpImageFileName, 256); + return Native.toString(lpImageFileName); + } + + public String GetModuleBaseNameA(HANDLE hProcess, HMODULE hModule){ + byte[] lpImageFileName= new byte[256]; + psapi.GetModuleBaseNameA(hProcess, hModule, lpImageFileName, 256); + return Native.toString(lpImageFileName); +} + + public LPMODULEINFO GetModuleInformation(HANDLE hProcess, HMODULE hModule) throws Exception{ + LPMODULEINFO lpmodinfo = new LPMODULEINFO(); + + boolean success = psapi.GetModuleInformation(hProcess, hModule, lpmodinfo, lpmodinfo.size()); + if (!success){ + int err=k32.GetLastError(); + throw new Exception("GetModuleInformation failed. Error: "+err); + } + return lpmodinfo; + } + +} diff --git a/src/de/marenthyu/memedit/util/sig/notice.txt b/src/de/marenthyu/memedit/util/sig/notice.txt new file mode 100644 index 0000000..44ed935 --- /dev/null +++ b/src/de/marenthyu/memedit/util/sig/notice.txt @@ -0,0 +1,3 @@ +Thank you to https://github.com/sigonasr2/sigIRCv2 for providing the classes in this package. + +No LICENSE was attached to the project at the time of writing. Credit to the original author. \ No newline at end of file