1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
#ifndef CORE_H
#define CORE_H
class StringManager;
class LicensingManager;
class HardwareID;
#ifdef VMP_GNU
#elif defined(WIN_DRIVER)
#else
#ifndef NT_SUCCESS
#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
#endif
#ifndef NTDDI_WIN7 //SDK 6.0
typedef enum _OBJECT_INFORMATION_CLASS {
ObjectBasicInformation = 0,
ObjectTypeInformation = 2
} OBJECT_INFORMATION_CLASS;
typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
ULONG Attributes;
ACCESS_MASK GrantedAccess;
ULONG HandleCount;
ULONG PointerCount;
ULONG Reserved[10]; // reserved for internal use
} PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
#endif
class ResourceManager;
class FileManager;
class RegistryManager;
class HookManager;
enum VirtualObjectType {
OBJECT_FILE,
OBJECT_SECTION,
OBJECT_MAP,
OBJECT_KEY,
};
class VirtualObject
{
public:
VirtualObject(VirtualObjectType type, void *ref, HANDLE handle, uint32_t access);
~VirtualObject();
void *ref() const { return ref_; }
VirtualObjectType type() const { return type_; }
HANDLE handle() const { return handle_; }
uint64_t file_position() const { return file_position_; }
void set_file_position(uint64_t position) { file_position_ = position; }
uint32_t attributes() const { return attributes_; }
void set_attributes(uint32_t attributes) { attributes_ = attributes; }
uint32_t access() const { return access_; }
private:
void *ref_;
HANDLE handle_;
VirtualObjectType type_;
uint64_t file_position_;
uint32_t attributes_;
uint32_t access_;
};
class VirtualObjectList
{
public:
VirtualObjectList();
~VirtualObjectList();
VirtualObject *Add(VirtualObjectType type, void *ref, HANDLE handle, uint32_t access);
void DeleteObject(HANDLE handle);
void DeleteRef(void *ref, HANDLE handle = 0);
VirtualObject *GetObject(HANDLE handle) const;
VirtualObject *GetFile(HANDLE handle) const;
VirtualObject *GetSection(HANDLE handle) const;
VirtualObject *GetMap(HANDLE process, void *map) const;
VirtualObject *GetKey(HANDLE handle) const;
VirtualObject *operator [] (size_t index) const { return v_[index]; }
size_t size() const { return v_.size(); }
CRITICAL_SECTION &critical_section() { return critical_section_; };
uint32_t GetHandleCount(HANDLE handle) const;
uint32_t GetPointerCount(const void *ref) const;
private:
void Delete(size_t index);
CRITICAL_SECTION critical_section_;
vector<VirtualObject *> v_;
};
#endif
#ifdef VMP_GNU
EXPORT_API extern GlobalData *loader_data;
#else
extern GlobalData *loader_data;
#endif
class Core
{
public:
static Core *Instance();
static void Free();
bool Init(HMODULE instance);
~Core();
StringManager *string_manager() const { return string_manager_; }
LicensingManager *licensing_manager() const { return licensing_manager_; }
HardwareID *hardware_id();
#ifdef VMP_GNU
#elif defined(WIN_DRIVER)
#else
NTSTATUS NtProtectVirtualMemory(HANDLE ProcesssHandle, LPVOID *BaseAddress, SIZE_T *Size, DWORD NewProtect, PDWORD OldProtect);
NTSTATUS NtClose(HANDLE Handle);
NTSTATUS NtQueryObject(HANDLE Handle, OBJECT_INFORMATION_CLASS ObjectInformationClass, PVOID ObjectInformation, ULONG ObjectInformationLength, PULONG ReturnLength);
NTSTATUS TrueNtQueryObject(HANDLE Handle, OBJECT_INFORMATION_CLASS ObjectInformationClass, PVOID ObjectInformation, ULONG ObjectInformationLength, PULONG ReturnLength);
ResourceManager *resource_manager() const { return resource_manager_; }
FileManager *file_manager() const { return file_manager_; }
RegistryManager *registry_manager() const { return registry_manager_; }
#endif
protected:
Core();
private:
StringManager *string_manager_;
LicensingManager *licensing_manager_;
HardwareID *hardware_id_;
#ifdef VMP_GNU
#elif defined(WIN_DRIVER)
#else
NTSTATUS TrueNtProtectVirtualMemory(HANDLE ProcesssHandle, LPVOID *BaseAddress, SIZE_T *Size, DWORD NewProtect, PDWORD OldProtect);
NTSTATUS TrueNtClose(HANDLE Handle);
void HookAPIs(HookManager &hook_manager, uint32_t options);
void UnhookAPIs(HookManager &hook_manager);
VirtualObjectList objects_;
ResourceManager *resource_manager_;
FileManager *file_manager_;
RegistryManager *registry_manager_;
HookManager *hook_manager_;
void *nt_protect_virtual_memory_;
void *nt_close_;
void *nt_query_object_;
void *dbg_ui_remote_breakin_;
#endif
static Core *self_;
// no copy ctr or assignment op
Core(const Core &);
Core &operator=(const Core &);
};
#endif
|
