本文整理汇总了C++中ReadMemory函数的典型用法代码示例。如果您正苦于以下问题:C++ ReadMemory函数的具体用法?C++ ReadMemory怎么用?C++ ReadMemory使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了ReadMemory函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: kuhl_m_sekurlsa_utils_pFromLinkedListByLuid
ULONG_PTR kuhl_m_sekurlsa_utils_pFromLinkedListByLuid(ULONG_PTR pSecurityStruct, ULONG LUIDoffset, PLUID luidToFind)
{
PVOID buffer;
ULONG_PTR resultat = 0, pStruct = 0;
if(buffer = LocalAlloc(LPTR, LUIDoffset + sizeof(LUID)))
{
if(ReadMemory(pSecurityStruct, &pStruct, sizeof(PVOID), NULL))
{
while(pStruct != pSecurityStruct)
{
if(ReadMemory(pStruct, buffer, LUIDoffset + sizeof(LUID), NULL))
{
if(RtlEqualLuid(luidToFind, (PLUID) ((PBYTE) buffer + LUIDoffset)))
{
resultat = pStruct;
break;
}
pStruct = (ULONG_PTR) ((PLIST_ENTRY) buffer)->Flink;
}
else break;
}
}
LocalFree(buffer);
}
return resultat;
}示例2: kuhl_m_sekurlsa_enum_logon_callback_kerberos
void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_kerberos(IN ULONG_PTR pKerbGlobalLogonSessionTable, IN PKIWI_BASIC_SECURITY_LOGON_SESSION_DATA pData)
{
KIWI_KERBEROS_LOGON_SESSION session;
UNICODE_STRING pinCode;
KIWI_KERBEROS_KEYS_LIST_6 keyList;
PKERB_HASHPASSWORD_6 pHashPassword;
DWORD i;
ULONG_PTR ptr;
if(ptr = kuhl_m_sekurlsa_utils_pFromAVLByLuid(pKerbGlobalLogonSessionTable, FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION, LocallyUniqueIdentifier), pData->LogonId))
{
if(ReadMemory(ptr, &session, sizeof(KIWI_KERBEROS_LOGON_SESSION), NULL))
{
kuhl_m_sekurlsa_genericCredsOutput(&session.credentials, pData->LogonId, 0);
if(session.pinCode)
if(ReadMemory((ULONG_PTR) session.pinCode, &pinCode, sizeof(UNICODE_STRING), NULL))
kuhl_m_sekurlsa_genericCredsOutput((PKIWI_GENERIC_PRIMARY_CREDENTIAL) &pinCode, pData->LogonId, KUHL_SEKURLSA_CREDS_DISPLAY_PINCODE);
if(session.pKeyList)
if(ReadMemory((ULONG_PTR) session.pKeyList, &keyList, sizeof(KIWI_KERBEROS_KEYS_LIST_6) - sizeof(KERB_HASHPASSWORD_6), NULL))
if(pHashPassword = (PKERB_HASHPASSWORD_6) LocalAlloc(LPTR, keyList.cbItem * sizeof(KERB_HASHPASSWORD_6)))
{
if(ReadMemory((ULONG_PTR) session.pKeyList + sizeof(KIWI_KERBEROS_KEYS_LIST_6) - sizeof(KERB_HASHPASSWORD_6), pHashPassword, keyList.cbItem * sizeof(KERB_HASHPASSWORD_6), NULL))
{
dprintf("\n\t * Key List");
for(i = 0; i < keyList.cbItem; i++)
kuhl_m_sekurlsa_genericCredsOutput((PKIWI_GENERIC_PRIMARY_CREDENTIAL) (pHashPassword + i), pData->LogonId, KUHL_SEKURLSA_CREDS_DISPLAY_KEY_LIST);
}
LocalFree(pHashPassword);
}
}
}
else dprintf("KO");
}示例3: GetPsGetCurrentProcess
static PVOID GetPsGetCurrentProcess(HBITMAP hManager, HBITMAP hWorker, PEPROCESS_OFFSETS offsets) {
PVOID systemProcess;
LIST_ENTRY ActiveProcessLinks;
ULONG64 UniqueProcessId;
PVOID currentProcess;
systemProcess = GetPsInitialSystemProcess(hManager, hWorker);
if (ReadMemory(hManager, hWorker, (PVOID)((ULONG64)systemProcess + offsets->UniqueProcessId + sizeof(ULONG64)), &ActiveProcessLinks, sizeof(LIST_ENTRY)) == FALSE) {
LOG("[-] Unable To Read Initial System Process ActiveProcessLinks\n");
return NULL;
}
do {
currentProcess = (PVOID)((ULONG64)ActiveProcessLinks.Flink - offsets->UniqueProcessId - sizeof(ULONG64));
ReadMemory(hManager, hWorker, (PVOID)((ULONG64)currentProcess + offsets->UniqueProcessId), &UniqueProcessId, sizeof(ULONG64));
if (GetCurrentProcessId() == UniqueProcessId) { return currentProcess; }
ReadMemory(hManager, hWorker, (PVOID)((ULONG64)currentProcess + offsets->UniqueProcessId + sizeof(ULONG64)), &ActiveProcessLinks, sizeof(LIST_ENTRY));
} while (currentProcess != (PVOID)((ULONG64)ActiveProcessLinks.Flink - offsets->UniqueProcessId - sizeof(ULONG64)));
LOG("[-] Unable To Locate The Current Process In The List\n");
return NULL;
}示例4: AddDllToList
PDLL_INFO
AddDllToList(
HANDLE hProcess,
ULONG DllAddr,
LPSTR DllName,
ULONG DllSize
)
{
IMAGE_DOS_HEADER dh;
IMAGE_NT_HEADERS nh;
ULONG i;
PDLL_INFO DllInfo;
//
// first look to see if the dll is already in the list
//
DllInfo = FindDllByAddress( DllAddr );
if (!DllSize) {
//
// read the pe image headers to get the image size
//
if (!ReadMemory(
hProcess,
(PVOID) DllAddr,
&dh,
sizeof(dh)
)) {
return NULL;
}
if (dh.e_magic == IMAGE_DOS_SIGNATURE) {
if (!ReadMemory(
hProcess,
(PVOID)(DllAddr + dh.e_lfanew),
&nh,
sizeof(nh)
)) {
return NULL;
}
DllSize = nh.OptionalHeader.SizeOfImage;
} else {
DllSize = 0;
}
}
DllInfo = FindAvailDll();
if (!DllInfo) {
return NULL;
}
DllInfo->Size = DllSize;
strncat( DllInfo->Name, DllName, MAX_NAME_SZ-1 );
DllInfo->BaseAddress = DllAddr;
DllInfo->InList = FALSE;
DllInfo->Enabled = TRUE;
return DllInfo;
}示例5: ReqChecksum_mem
trap_retval ReqChecksum_mem( void )
/******************************/
{
trap_elen len;
int i;
trap_elen read;
checksum_mem_req *acc;
checksum_mem_ret *ret;
char buffer[256];
_DBG1(( "AccChkSum\n" ));
acc = GetInPtr( 0 );
ret = GetOutPtr( 0 );
len = acc->len;
ret->result = 0;
while( len >= sizeof( buffer ) ) {
read = ReadMemory( &acc->in_addr, buffer, sizeof( buffer ) );
for( i = 0; i < read; ++i ) {
ret->result += buffer[ i ];
}
if( read != sizeof( buffer ) )
return( sizeof( *ret ) );
len -= sizeof( buffer );
acc->in_addr.offset += sizeof( buffer );
}
if( len != 0 ) {
read = ReadMemory( &acc->in_addr, buffer, len );
for( i = 0; i < read; ++i ) {
ret->result += buffer[ i ];
}
}
return( sizeof( ret ) );
}示例6: GetPlayerBase
bool CPathOfExile::GetPlayerExp(PLAYEREXP* exp)
{
DWORD dwPlayerBase = GetPlayerBase();
if ( dwPlayerBase )
{
DWORD arOffsets[] = { 0x14 };
DWORD dwStatsPtr = GetMultiLevelPointer32(dwPlayerBase + 0x4, arOffsets);
if ( dwStatsPtr )
{
DWORD dwValue = 0;
ReadMemory(dwStatsPtr + 0x34, &dwValue, sizeof(dwValue));
exp->Current = dwValue;
ReadMemory(dwStatsPtr + 0x44, &dwValue, sizeof(dwValue));
exp->CurrentLevel = dwValue;
exp->Minimum = s_ExperienceThresholds[exp->CurrentLevel];
exp->Maximum = s_ExperienceThresholds[exp->CurrentLevel + 1];
return true;
}
}
return false;
}示例7: kuhl_m_sekurlsa_utils_pFromAVLByLuidRec
ULONG_PTR kuhl_m_sekurlsa_utils_pFromAVLByLuidRec(ULONG_PTR pTable, ULONG LUIDoffset, PLUID luidToFind)
{
ULONG_PTR resultat = 0;
PVOID buffer;
RTL_AVL_TABLE maTable;
if(ReadMemory(pTable, &maTable, sizeof(RTL_AVL_TABLE), NULL))
{
if(pTable = (ULONG_PTR) maTable.OrderedPointer)
{
if(buffer = LocalAlloc(LPTR, LUIDoffset + sizeof(LUID)))
{
if(ReadMemory(pTable, buffer, LUIDoffset + sizeof(LUID), NULL))
{
if(RtlEqualLuid(luidToFind, (PLUID) ((PBYTE) buffer + LUIDoffset)))
resultat = (ULONG_PTR) maTable.OrderedPointer;
}
LocalFree(buffer);
}
}
if(!resultat && (pTable = (ULONG_PTR) maTable.BalancedRoot.LeftChild))
resultat = kuhl_m_sekurlsa_utils_pFromAVLByLuidRec(pTable, LUIDoffset, luidToFind);
if(!resultat && (pTable = (ULONG_PTR) maTable.BalancedRoot.RightChild))
resultat = kuhl_m_sekurlsa_utils_pFromAVLByLuidRec(pTable, LUIDoffset, luidToFind);
}
return resultat;
}示例8: tenkValidate
void tenkValidate(PVOID heapHandle) {
struct HPool *heap;
struct DestroyStruct dStruct;
struct HeapChunk *curChunk;
ULONG chunkPtr;
ULONG i, nextIndex;
BOOL screwed = FALSE;
heap = getHeap(&heapModel, heapHandle);
i = heap->inUseHead;
while (i != NULLNODE) {
if (CHUNK(i).free) {
// CHUNK(i).nextInUse must be equal to the next ptr
if(!ReadMemory((ULONG64)(CHUNK(i).addr)+4, (PVOID) &chunkPtr, 4, NULL)) {
dprintf("[T] Unable to read memory at address 0x%08x\n!");
return;
}
// Find next free chunk - continue if there are no more
nextIndex = CHUNK(i).nextInUse;
while (nextIndex != NULLNODE && !(CHUNK(nextIndex).free))
nextIndex = CHUNK(nextIndex).nextInUse;
if (nextIndex == NULLNODE) {
i = CHUNK(i).nextInUse;
continue;
}
// Validate next free chunk
if (CHUNK(nextIndex).addr != (PVOID) chunkPtr) {
dprintf("[T] Corruped next pointer for chunk at 0x%08x\n", CHUNK(i).addr);
dprintf(">\tGot: 0x%08x\tExpected: 0x%08x\n", chunkPtr, CHUNK(nextIndex).addr);
screwed = TRUE;
}
// next free chunk prev, must equal CHUNK(i).addr
if(!ReadMemory((ULONG64)CHUNK(nextIndex).addr, (PVOID) &chunkPtr, 4, NULL)) {
dprintf("[T] Unable to read memory at address 0x%08x\n!");
return;
}
if ((PVOID) chunkPtr != CHUNK(i).addr) {
dprintf("[T] Corruped prev pointer for chunk at 0x%08x\n", CHUNK(nextIndex).addr);
dprintf(">\tGot: 0x%08x\tExpected: 0x%08x\n", chunkPtr, CHUNK(i).addr);
screwed = TRUE;
}
} else {
}
i = CHUNK(i).nextInUse;
}
dprintf("[T] Validation complete: ");
if (!screwed)
dprintf("all known free chunks are correct\n");
else
dprintf("errors found\n");
}示例9: poolDumpHive
void
poolDumpHive(
IN PCMHIVE pHive
)
{
CMHIVE CmHive;
ULONG BytesRead;
WCHAR FileName[HBASE_NAME_ALLOC/2 + 1];
CHAR buf[512];
ULONG cb;
dprintf("\ndumping hive at %lx ",pHive);
ReadMemory((DWORD)pHive,
&CmHive,
sizeof(CmHive),
&BytesRead);
if (BytesRead < sizeof(CmHive)) {
dprintf("\tRead %lx bytes from %lx\n",BytesRead,pHive);
return;
}
ReadMemory((DWORD)&CmHive.Hive.BaseBlock->FileName,
FileName,
sizeof(FileName),
&BytesRead);
if (BytesRead < sizeof(FileName)) {
wcscpy(FileName, L"UNKNOWN");
} else {
if (FileName[0]==L'\0') {
wcscpy(FileName, L"NONAME");
} else {
FileName[HBASE_NAME_ALLOC/2]=L'\0';
}
}
dprintf("(%ws)\n",FileName);
dprintf(" %d KCBs open\n",CmHive.KcbCount);
dprintf(" Stable Length = %lx\n",CmHive.Hive.Storage[Stable].Length);
if (SavePages) {
sprintf(buf,
"%ws %d %d\n",
FileName,
CmHive.Hive.Storage[Stable].Length,
CmHive.Hive.Storage[Volatile].Length);
WriteFile( TempFile, buf, strlen(buf), &cb, NULL );
}
poolDumpMap(CmHive.Hive.Storage[Stable].Length,
CmHive.Hive.Storage[Stable].Map);
dprintf(" Volatile Length = %lx\n",CmHive.Hive.Storage[Volatile].Length);
poolDumpMap(CmHive.Hive.Storage[Volatile].Length,
CmHive.Hive.Storage[Volatile].Map);
}示例10: DumpIrpContextFromThread
VOID
DumpIrpContextFromThread (
IN ULONG Thread,
IN ULONG Options
)
/*++
Routine Description:
Dump an IrpContext given a Thread.
Arguments:
Address - Gives the address of the Thread where the IrpContext can be found
Return Value:
None
--*/
{
ULONG Result;
ULONG OurStackAddress;
PIRP_CONTEXT pIrpContext;
dprintf( "\n Thread @ %08lx", Thread );
if (!ReadMemory( (DWORD) (Thread + 0x214),
&OurStackAddress,
sizeof(OurStackAddress),
&Result)) {
dprintf( "%08lx: Could not read Thread + 0x214\n", Thread + 0x214 );
return;
}
dprintf( "\n Our stack @ %08lx", OurStackAddress );
if (!ReadMemory( (DWORD) (OurStackAddress + 0x18),
&pIrpContext,
sizeof(pIrpContext),
&Result)) {
dprintf( "%08lx: Could not read OurStackAddress + 0x18\n", OurStackAddress + 0x18 );
return;
}
DumpIrpContext( (ULONG) pIrpContext, Options );
dprintf( "\n" );
return;
}示例11: kuhl_m_sekurlsa_enum_logon_callback_credman
void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_credman(IN ULONG_PTR reserved, IN PKIWI_BASIC_SECURITY_LOGON_SESSION_DATA pData)
{
KIWI_CREDMAN_SET_LIST_ENTRY setList;
KIWI_CREDMAN_LIST_STARTER listStarter;
DWORD nbCred = 0;
ULONG_PTR pCur, pRef;
KIWI_GENERIC_PRIMARY_CREDENTIAL kiwiCreds;
ULONG CredOffsetIndex;
PBYTE buffer;
if(NtBuildNumber < KULL_M_WIN_BUILD_7)
CredOffsetIndex = 0;
else
CredOffsetIndex = 1;
if(pData->pCredentialManager)
{
if(ReadMemory((ULONG_PTR) pData->pCredentialManager, &setList, sizeof(KIWI_CREDMAN_SET_LIST_ENTRY), NULL))
{
if(setList.list1)
{
pRef = (ULONG_PTR) setList.list1 + FIELD_OFFSET(KIWI_CREDMAN_LIST_STARTER, start);
if(ReadMemory((ULONG_PTR) setList.list1, &listStarter, sizeof(KIWI_CREDMAN_LIST_STARTER), NULL))
{
if(buffer = (PBYTE) LocalAlloc(LPTR, credhelper[CredOffsetIndex].structSize))
{
if(pCur = (ULONG_PTR) listStarter.start)
{
while(pCur != pRef)
{
pCur -= credhelper[CredOffsetIndex].offsetFLink;
if(ReadMemory(pCur, buffer, credhelper[CredOffsetIndex].structSize, NULL))
{
dprintf("\n\t [%08x]", nbCred);
kiwiCreds.UserName = *(PUNICODE_STRING) (buffer + credhelper[CredOffsetIndex].offsetUsername);
kiwiCreds.Domaine = *(PUNICODE_STRING) (buffer + credhelper[CredOffsetIndex].offsetDomain);
kiwiCreds.Password.Length = kiwiCreds.Password.MaximumLength = *(PUSHORT) (buffer + credhelper[CredOffsetIndex].offsetCbPassword);;
kiwiCreds.Password.Buffer = *(PWSTR *) (buffer + credhelper[CredOffsetIndex].offsetPassword);
kuhl_m_sekurlsa_genericCredsOutput(&kiwiCreds, pData->LogonId, KUHL_SEKURLSA_CREDS_DISPLAY_CREDMANPASS);
pCur = (ULONG_PTR) *(PVOID *) (buffer + credhelper[CredOffsetIndex].offsetFLink);
}
else break;
nbCred++;
}
}
LocalFree(buffer);
}
}
}
}
}
}示例12: GetAddressState
ULONG
GetAddressState(
IN PVOID VirtualAddress
)
{
ULONG Address;
ULONG result;
ULONG flags = 0;
PMMPTE Pte;
PMMPTE Pde;
ULONG PdeContents;
ULONG PteContents;
if (MI_IS_PHYSICAL_ADDRESS (VirtualAddress)) {
return ADDRESS_VALID;
}
Address = (ULONG)VirtualAddress;
Pde = (PMMPTE)MiGetPdeAddress (Address);
Pte = (PMMPTE)MiGetPteAddress (Address);
if ( !ReadMemory( (DWORD)Pde,
&PdeContents,
sizeof(ULONG),
&result) ) {
dprintf("%08lx: Unable to get PDE\n",Pde);
return ADDRESS_NOT_VALID;
}
if (PdeContents & MM_PTE_VALID_MASK) {
if (PdeContents & MM_PTE_LARGE_PAGE_MASK) {
return ADDRESS_VALID;
}
if ( !ReadMemory( (DWORD)Pte,
&PteContents,
sizeof(ULONG),
&result) ) {
dprintf("%08lx: Unable to get PTE\n",Pte);
return ADDRESS_NOT_VALID;
}
if (PteContents & MM_PTE_VALID_MASK) {
return ADDRESS_VALID;
}
if (PteContents & MM_PTE_TRANSITION_MASK) {
if (!(PteContents & MM_PTE_PROTOTYPE_MASK)) {
return ADDRESS_TRANSITION;
}
}
}
return ADDRESS_NOT_VALID;
}示例13: kuhl_m_sekurlsa_enum_logon_callback_livessp
void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_livessp(IN ULONG_PTR pLiveGlobalLogonSessionList, IN PKIWI_BASIC_SECURITY_LOGON_SESSION_DATA pData)
{
KIWI_LIVESSP_LIST_ENTRY credentials;
KIWI_LIVESSP_PRIMARY_CREDENTIAL primaryCredential;
ULONG_PTR ptr;
if(ptr = kuhl_m_sekurlsa_utils_pFromLinkedListByLuid(pLiveGlobalLogonSessionList, FIELD_OFFSET(KIWI_LIVESSP_LIST_ENTRY, LocallyUniqueIdentifier), pData->LogonId))
{
if(ReadMemory(ptr, &credentials, sizeof(KIWI_LIVESSP_LIST_ENTRY), NULL))
if(ptr = (ULONG_PTR) credentials.suppCreds)
if(ReadMemory(ptr, &primaryCredential, sizeof(KIWI_LIVESSP_PRIMARY_CREDENTIAL), NULL))
kuhl_m_sekurlsa_genericCredsOutput(&primaryCredential.credentials, pData->LogonId, (NtBuildNumber != 9431) ? 0 : KUHL_SEKURLSA_CREDS_DISPLAY_NODECRYPT);
} else dprintf("KO");
}示例14: kuhl_m_sekurlsa_enum_logon_callback_tspkg
void CALLBACK kuhl_m_sekurlsa_enum_logon_callback_tspkg(IN ULONG_PTR pTSGlobalCredTable, IN PKIWI_BASIC_SECURITY_LOGON_SESSION_DATA pData)
{
KIWI_TS_CREDENTIAL credentials;
KIWI_TS_PRIMARY_CREDENTIAL primaryCredential;
ULONG_PTR ptr;
if(ptr = kuhl_m_sekurlsa_utils_pFromAVLByLuid(pTSGlobalCredTable, FIELD_OFFSET(KIWI_TS_CREDENTIAL, LocallyUniqueIdentifier), pData->LogonId))
{
if(ReadMemory(ptr, &credentials, sizeof(KIWI_TS_CREDENTIAL), NULL))
if(ReadMemory((ULONG_PTR) credentials.pTsPrimary, &primaryCredential, sizeof(KIWI_TS_PRIMARY_CREDENTIAL), NULL))
kuhl_m_sekurlsa_genericCredsOutput(&primaryCredential.credentials, pData->LogonId, KUHL_SEKURLSA_CREDS_DISPLAY_DOMAIN);
}
else dprintf("KO");
}示例15: WinDbgExtensionDllInit
VOID
WinDbgExtensionDllInit(
PWINDBG_EXTENSION_APIS lpExtensionApis,
USHORT MajorVersion,
USHORT MinorVersion
)
{
ULONG_PTR offKeProcessorArchitecture;
ULONG Result;
ExtensionApis = *lpExtensionApis;
SavedMajorVersion = MajorVersion;
SavedMinorVersion = MinorVersion;
bDebuggingChecked = (SavedMajorVersion == 0x0c);
usProcessorArchitecture = (USHORT)-1;
offKeProcessorArchitecture = GetExpression("KeProcessorArchitecture");
if (offKeProcessorArchitecture != 0)
ReadMemory(offKeProcessorArchitecture, &usProcessorArchitecture,
sizeof(USHORT), &Result);
if (usProcessorArchitecture >= cArchitecture) {
#ifdef IA64
GetEProcessData = GetEProcessData_IA64;
#else
GetEProcessData = GetEProcessData_X86;
#endif
} else {
GetEProcessData = aGetEProcessDataFunc[usProcessorArchitecture];
}
//
// Read the user probe address from the target system.
//
// N.B. The user probe address is constant on MIPS, Alpha, and the PPC.
// On the x86, it may not be defined for the target system if it
// does not contain the code to support 3gb of user address space.
//
UserProbeAddress = GetExpression("MmUserProbeAddress");
if ((UserProbeAddress == 0) ||
(ReadMemory(UserProbeAddress,
&UserProbeAddress,
sizeof(UserProbeAddress),
&Result) == FALSE)) {
UserProbeAddress = 0x7fff0000;
}
return;
}