本文整理汇总了C++中MmIsAddressValid函数的典型用法代码示例。如果您正苦于以下问题:C++ MmIsAddressValid函数的具体用法?C++ MmIsAddressValid怎么用?C++ MmIsAddressValid使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了MmIsAddressValid函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: GetKeServiceDescriptorTableShadow64
ULONGLONG GetKeServiceDescriptorTableShadow64()
{
#if 1
PUCHAR StartSearchAddress = (PUCHAR)__readmsr(0xC0000082);
PUCHAR EndSearchAddress = StartSearchAddress + 0x500;
PUCHAR i = NULL;
UCHAR b1=0,b2=0,b3=0;
ULONG templong=0;
ULONGLONG addr=0;
#if DBG
//SetSoftBreakPoint();
#endif
for(i=StartSearchAddress;i<EndSearchAddress;i++)
{
if( MmIsAddressValid(i) && MmIsAddressValid(i+1) && MmIsAddressValid(i+2) )
{
b1=*i;
b2=*(i+1);
b3=*(i+2);
if( b1==0x4c && b2==0x8d && b3==0x1d ) //4c8d1d
{
memcpy(&templong,i+3,4);
addr = (ULONGLONG)templong + (ULONGLONG)i + 7;
return addr;
}
}
}
#endif
return 0;
}示例2: GetKeServiceDescriptorTable
VOID
GetKeServiceDescriptorTable()
{
PUCHAR StartSearchAddress = (PUCHAR)__readmsr(0xC0000082);
PUCHAR EndSearchAddress = StartSearchAddress + 0x500;
PUCHAR i = NULL;
UCHAR b1 = 0, b2 = 0, b3 = 0;
ULONG templong = 0;
ULONGLONG addr = 0;
for (i = StartSearchAddress; i<EndSearchAddress; i++)
{
if (MmIsAddressValid(i) && MmIsAddressValid(i + 1) && MmIsAddressValid(i + 1))
{
b1 = *i;
b2 = *(i + 1);
b3 = *(i + 2);
if (b1 == 0x4c && b2 == 0x8d && b3 == 0x15) //4c8d15
{
memcpy(&templong, i + 3, 4);
addr = (ULONGLONG)templong + (ULONGLONG)i + 7;
KeServiceDescriptortable = addr;
return;
}
}
}
KeServiceDescriptortable = 0;
return;
}示例3: XpGetRegisterCallbackCookie
LARGE_INTEGER XpGetRegisterCallbackCookie(ULONG Address)
{
LARGE_INTEGER Cookie;
ULONG Temp = 0;
ULONG Item = 0;
Cookie.QuadPart = 0;
if (Address && MmIsAddressValid((PVOID)Address))
{
Item = Address & 0xFFFFFFF8;
if (MmIsAddressValid((PVOID)Item) &&
MmIsAddressValid((PVOID)(Item + 8)))
{
Temp = *(PULONG)(Item + 8);
if (MmIsAddressValid((PVOID)Temp))
{
Cookie.LowPart = *(PULONG)Temp;
Cookie.HighPart = *(PULONG)(Temp + sizeof(ULONG));
}
}
}
return Cookie;
}示例4: GetDpcTimerInformation_x64
NTSTATUS GetDpcTimerInformation_x64(PDPC_TIMER_INFOR DpcTimerInfor)
{
ULONG CPUNumber = KeNumberProcessors; //系统变量
PUCHAR CurrentKPRCBAddress = NULL;
PUCHAR CurrentTimerTableEntry = NULL;
PLIST_ENTRY CurrentEntry = NULL;
PLIST_ENTRY NextEntry = NULL;
PULONG64 KiWaitAlways = NULL;
PULONG64 KiWaitNever = NULL;
int i = 0;
int j = 0;
int n = 0;
PKTIMER Timer;
typedef struct _KTIMER_TABLE_ENTRY
{
ULONG64 Lock;
LIST_ENTRY Entry;
ULARGE_INTEGER Time;
} KTIMER_TABLE_ENTRY, *PKTIMER_TABLE_ENTRY;
for(j=0; j<CPUNumber; j++)
{
KeSetSystemAffinityThread(j+1); //使当前线程运行在第一个处理器上
CurrentKPRCBAddress=(PUCHAR)__readmsr(0xC0000101) + 0x20;
KeRevertToUserAffinityThread(); //恢复线程运行的处理器
CurrentTimerTableEntry=(PUCHAR)(*(ULONG64*)CurrentKPRCBAddress + 0x2200 + 0x200);
FindKiWaitFunc(&KiWaitNever,&KiWaitAlways); //找KiWaitAlways 函数的地址
for(i=0; i<0x100; i++)
{
CurrentEntry = (PLIST_ENTRY)(CurrentTimerTableEntry + sizeof(KTIMER_TABLE_ENTRY) * i + 8);
NextEntry = CurrentEntry->Blink;
if( MmIsAddressValid(CurrentEntry) && MmIsAddressValid(CurrentEntry) )
{
while( NextEntry != CurrentEntry )
{
PKDPC RealDpc;
//获得首地址
Timer = CONTAINING_RECORD(NextEntry,KTIMER,TimerListEntry);
RealDpc=TransTimerDpcEx(Timer,*KiWaitNever,*KiWaitAlways);
if( MmIsAddressValid(Timer)&&MmIsAddressValid(RealDpc)&&MmIsAddressValid(RealDpc->DeferredRoutine))
{
if (DpcTimerInfor->ulCnt > DpcTimerInfor->ulRetCnt)
{
DpcTimerInfor->DpcTimer[n].Dpc = (ULONG64)RealDpc;
DpcTimerInfor->DpcTimer[n].Period = Timer->Period;
DpcTimerInfor->DpcTimer[n].TimeDispatch = (ULONG64)RealDpc->DeferredRoutine;
DpcTimerInfor->DpcTimer[n].TimerObject = (ULONG64)Timer;
n++;
}
DpcTimerInfor->ulRetCnt++;
}
NextEntry = NextEntry->Blink;
}
}
}
}
}示例5: dtrace_fuword64
uint64_t
dtrace_fuword64(void *uaddr)
{
if ((uintptr_t)uaddr >= (uintptr_t)MM_HIGHEST_USER_ADDRESS ||
(uintptr_t)uaddr <= (uintptr_t) MM_LOWEST_USER_ADDRESS ||
MmIsAddressValid((PVOID) uaddr) == 0 ||
MmIsAddressValid((PVOID) ((UINT_PTR) uaddr + 7)) == 0) {
DTRACE_CPUFLAG_SET(CPU_DTRACE_BADADDR);
cpu_core[KeGetCurrentProcessorNumber()].cpuc_dtrace_illval = (uintptr_t)uaddr;
return (0);
}
return (dtrace_fuword64_nocheck(uaddr));
}示例6: GetVADName
PUNICODE_STRING GetVADName(PMMVAD pVad)
{
PFILE_OBJECT pFileObject = NULL;
pFileObject = GetFileObject(pVad);
if (MmIsAddressValid((PULONG)pFileObject) == FALSE)
return NULL;
if (MmIsAddressValid((PULONG)((PUCHAR)&pFileObject->FileName)) == FALSE)
return NULL;
/* IoQueryFileDosDeviceName */
return &pFileObject->FileName;
}示例7:
IMAGE_DOS_HEADER *KernelGetModuleBaseByPtr(IN void *in_section,
IN void *exported_name) {
unsigned char *p;
IMAGE_DOS_HEADER *dos;
IMAGE_NT_HEADERS *nt;
int count = 0;
p = (unsigned char *)((uintptr_t)in_section & ~(PAGE_SIZE-1));
for(;p;p -= PAGE_SIZE) {
count ++;
// Dont go back too far.
if (count > 0x800) {
return NULL;
};
__try {
dos = (IMAGE_DOS_HEADER *)p;
// If this address is not mapped in, there will be a BSOD
// PAGE_FAULT_IN_NONPAGED_AREA so we check first.
if(!MmIsAddressValid(dos)) {
continue;
}
if(dos->e_magic != 0x5a4d) // MZ
continue;
nt = (IMAGE_NT_HEADERS *)((uintptr_t)dos + dos->e_lfanew);
if((uintptr_t)nt >= (uintptr_t)in_section)
continue;
if((uintptr_t)nt <= (uintptr_t)dos)
continue;
if(!MmIsAddressValid(nt)) {
continue;
}
if(nt->Signature != 0x00004550) // PE
continue;
break;
// Ignore potential errors.
} __except(EXCEPTION_CONTINUE_EXECUTION) {}
}
return dos;
}示例8: KernelKillThreadRoutine
VOID KernelKillThreadRoutine(
__in PKAPC Apc,
__in __out PKNORMAL_ROUTINE* NormalRoutine,
__in __out PVOID* NormalContext,
__in __out PVOID* SystemArgument1,
__in __out PVOID* SystemArgument2
)
{
PULONG ThreadFlags = NULL;
UNREFERENCED_PARAMETER(Apc);
UNREFERENCED_PARAMETER(NormalRoutine);
UNREFERENCED_PARAMETER(NormalContext);
UNREFERENCED_PARAMETER(SystemArgument1);
UNREFERENCED_PARAMETER(SystemArgument2);
BDKitFreePool(Apc);
//ETHREAD中CrossThreadFlags的偏移量为0x248
ThreadFlags=(PULONG)((ULONG)PsGetCurrentThread()+0x248);
if( MmIsAddressValid(ThreadFlags) )
{
*ThreadFlags |= PS_CROSS_THREAD_FLAGS_SYSTEM;
//(*PspExitThread_XP)(STATUS_SUCCESS);//PspExitThread不可用,需要自己定位
PsTerminateSystemThread (STATUS_SUCCESS);
}
}示例9: GetControlArea
PCONTROL_AREA GetControlArea(PMMVAD pVad)
{
if (MmIsAddressValid(pVad) == FALSE || pVad == NULL)
return NULL;
return (PCONTROL_AREA)pVad->ControlArea;
}示例10: MmIsNonPagedSystemAddressValid
/*
* @unimplemented
*/
BOOLEAN
NTAPI
MmIsNonPagedSystemAddressValid(IN PVOID VirtualAddress)
{
DPRINT1("WARNING: %s returns bogus result\n", __FUNCTION__);
return MmIsAddressValid(VirtualAddress);
}示例11: getAddressOfShadowTable
unsigned int getAddressOfShadowTable()
{
unsigned int i;
unsigned char *p;
unsigned int dwordatbyte;
p = (unsigned char*) KeAddSystemServiceTable;
for(i = 0; i < 4096; i++, p++)
{
__try
{
dwordatbyte = *(unsigned int*)p;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return 0;
}
if(MmIsAddressValid((PVOID)dwordatbyte))
{
if(memcmp((PVOID)dwordatbyte, &KeServiceDescriptorTable, 16) == 0)
{
if((PVOID)dwordatbyte == &KeServiceDescriptorTable)
{
continue;
}
return dwordatbyte;
}
}
}
return 0;
}示例12: HelpMapMMIOSpace
// HelpMapMMIOSpace: Map MMIO space
bool HelpMapMMIOSpace(
uint64 address, // IN
size_t size, // IN
uint64* mappedAddress, // OUT
uint64* mappedSize) // OUT
{
bool result = false;
void* pLinearAddress = NULL;
PHYSICAL_ADDRESS physicalAddress;
ResetPoolMemory(&physicalAddress, sizeof(PHYSICAL_ADDRESS));
physicalAddress.QuadPart = address;
pLinearAddress = static_cast<PUCHAR>(MmMapIoSpace(physicalAddress, size, MmNonCached));
if (NULL != pLinearAddress)
{
if (MmIsAddressValid(pLinearAddress))
{
*mappedAddress = reinterpret_cast<uint64>(pLinearAddress);
*mappedSize = size;
result = true;
}
else
{
MmUnmapIoSpace(pLinearAddress, size);
}
}
return result;
}示例13: GetAddressOfShadowTable
ULONG GetAddressOfShadowTable()
{
ULONG uAddress = 0;
ULONG i = 0;
PULONG pAddress = (PULONG)KeAddSystemServiceTable;
for (i = 0; i < 4096; i++, pAddress++)
{
__try
{
uAddress = *pAddress;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return 0;
}
if (MmIsAddressValid((PVOID)uAddress))
{
if (RtlEqualMemory((PVOID)uAddress, &KeServiceDescriptorTable, sizeof(ULONG)))
{
if ((PVOID)uAddress == &KeServiceDescriptorTable)
{
continue;
}
return uAddress;
}
}
}
return 0;
}示例14: HookByInline
BOOLEAN HookByInline(ULONG target, ULONG myfake, char *pFunName)
{
kprintf("Inline Hooking %s from %X to %X\r\n", pFunName, target, myfake);
if (!MmIsAddressValid(PVOID(target)))
{
kprintf("Target is not available\r\n");
return 1;
}
LONG mysrc,mydst;
mysrc = target;
mydst = myfake;
HOOKINFO *pHI = (PHOOKINFO)kmalloc(sizeof(HOOKINFO));
if (pHI==NULL)
{
return FALSE;
}
#define JMPLEN 5
RtlZeroMemory(pHI, sizeof(HOOKINFO));
ULONG itmp=0;
UCHAR JmpCode[JMPLEN]={0xe9,0,0,0,0};
itmp = mydst-mysrc-JMPLEN;
*(PULONG)&JmpCode[1]= itmp;
RtlCopyMemory(pHI->szOldCode, (PUCHAR)mysrc, JMPLEN);
memcpy((PUCHAR)mysrc, JmpCode, JMPLEN);
pHI->NewAddress = mydst;
pHI->OldCodeSize = JMPLEN;
pHI->OriAddress = mysrc;
RtlCopyMemory(pHI->szFunName, pFunName, strlen(pFunName));
InsertTailList(&g_HookInfoListHead,&pHI->Next );
return 1;
}示例15: GetShadowTableAddress
/* 获取影子表的地址 */
PVOID GetShadowTableAddress()
{
ULONG dwordatbyte,i;
PUCHAR p = (PUCHAR)KeAddSystemServiceTable;
for(i = 0; i < PAGE_SIZE; i++, p++)// 往下找一页 指针递增1
{
__try
{
dwordatbyte = *(PULONG)p;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return FALSE;
}
if(MmIsAddressValid((PVOID)dwordatbyte))
{
if(memcmp((PVOID)dwordatbyte, KeServiceDescriptorTable, 16) == 0)//对比前16字节 相同则找到
{
if((PVOID)dwordatbyte == KeServiceDescriptorTable)//排除自己
{
continue;
}
return (PVOID)dwordatbyte;
}
}
}
return FALSE;
}