├── .gitignore ├── ConsoleVM ├── ConsoleVM.sln ├── ConsoleVM │ ├── 1.cpp │ ├── ConsoleVM.cpp │ ├── ConsoleVM.vcxproj │ ├── ConsoleVM.vcxproj.filters │ ├── ReadMe.txt │ ├── scli.cpp │ ├── ssrv.cpp │ ├── ssrv_service.cpp │ ├── ssrv_service.h │ ├── stdafx.cpp │ ├── stdafx.h │ └── targetver.h └── Readme.txt ├── DllInjection ├── DllInjection.sln ├── DllInjection │ ├── DllInjection.cpp │ ├── DllInjection.vcxproj │ ├── DllInjection.vcxproj.filters │ ├── PEB.cpp │ ├── PEB.h │ ├── ReadMe.txt │ ├── stdafx.cpp │ ├── stdafx.h │ └── targetver.h ├── TargetDll │ ├── TargetDll.cpp │ ├── TargetDll.vcxproj │ └── TargetDll.vcxproj.filters ├── TestExe │ ├── TestExe.cpp │ ├── TestExe.vcxproj │ └── TestExe.vcxproj.filters └── shellcode │ ├── main.c │ ├── shell.asm │ ├── shellcode.vcxproj │ └── shellcode.vcxproj.filters ├── PeDump ├── PeDump.sln └── PeDump │ ├── Mapper.cpp │ ├── Mapper.h │ ├── PeDump.cpp │ ├── PeDump.vcxproj │ ├── PeDump.vcxproj.filters │ ├── ReadMe.txt │ ├── stdafx.cpp │ ├── stdafx.h │ └── targetver.h └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | 4 | # User-specific files 5 | *.suo 6 | *.user 7 | *.userosscache 8 | *.sln.docstates 9 | 10 | # User-specific files (MonoDevelop/Xamarin Studio) 11 | *.userprefs 12 | 13 | # Build results 14 | [Dd]ebug/ 15 | [Dd]ebugPublic/ 16 | [Rr]elease/ 17 | [Rr]eleases/ 18 | x64/ 19 | x86/ 20 | bld/ 21 | [Bb]in/ 22 | [Oo]bj/ 23 | 24 | # Visual Studio 2015 cache/options directory 25 | .vs/ 26 | # Uncomment if you have tasks that create the project's static files in wwwroot 27 | #wwwroot/ 28 | 29 | # MSTest test Results 30 | [Tt]est[Rr]esult*/ 31 | [Bb]uild[Ll]og.* 32 | 33 | # NUNIT 34 | *.VisualState.xml 35 | TestResult.xml 36 | 37 | # Build Results of an ATL Project 38 | [Dd]ebugPS/ 39 | [Rr]eleasePS/ 40 | dlldata.c 41 | 42 | # DNX 43 | project.lock.json 44 | artifacts/ 45 | 46 | *_i.c 47 | *_p.c 48 | *_i.h 49 | *.ilk 50 | *.meta 51 | *.obj 52 | *.pch 53 | *.pdb 54 | *.pgc 55 | *.pgd 56 | *.rsp 57 | *.sbr 58 | *.tlb 59 | *.tli 60 | *.tlh 61 | *.tmp 62 | *.tmp_proj 63 | *.log 64 | *.vspscc 65 | *.vssscc 66 | .builds 67 | *.pidb 68 | *.svclog 69 | *.scc 70 | 71 | # Chutzpah Test files 72 | _Chutzpah* 73 | 74 | # Visual C++ cache files 75 | ipch/ 76 | *.aps 77 | *.ncb 78 | *.opendb 79 | *.opensdf 80 | *.sdf 81 | *.cachefile 82 | 83 | # Visual Studio profiler 84 | *.psess 85 | *.vsp 86 | *.vspx 87 | *.sap 88 | 89 | # TFS 2012 Local Workspace 90 | $tf/ 91 | 92 | # Guidance Automation Toolkit 93 | *.gpState 94 | 95 | # ReSharper is a .NET coding add-in 96 | _ReSharper*/ 97 | *.[Rr]e[Ss]harper 98 | *.DotSettings.user 99 | 100 | # JustCode is a .NET coding add-in 101 | .JustCode 102 | 103 | # TeamCity is a build add-in 104 | _TeamCity* 105 | 106 | # DotCover is a Code Coverage Tool 107 | *.dotCover 108 | 109 | # NCrunch 110 | _NCrunch_* 111 | .*crunch*.local.xml 112 | nCrunchTemp_* 113 | 114 | # MightyMoose 115 | *.mm.* 116 | AutoTest.Net/ 117 | 118 | # Web workbench (sass) 119 | .sass-cache/ 120 | 121 | # Installshield output folder 122 | [Ee]xpress/ 123 | 124 | # DocProject is a documentation generator add-in 125 | DocProject/buildhelp/ 126 | DocProject/Help/*.HxT 127 | DocProject/Help/*.HxC 128 | DocProject/Help/*.hhc 129 | DocProject/Help/*.hhk 130 | DocProject/Help/*.hhp 131 | DocProject/Help/Html2 132 | DocProject/Help/html 133 | 134 | # Click-Once directory 135 | publish/ 136 | 137 | # Publish Web Output 138 | *.[Pp]ublish.xml 139 | *.azurePubxml 140 | # TODO: Comment the next line if you want to checkin your web deploy settings 141 | # but database connection strings (with potential passwords) will be unencrypted 142 | *.pubxml 143 | *.publishproj 144 | 145 | # NuGet Packages 146 | *.nupkg 147 | # The packages folder can be ignored because of Package Restore 148 | **/packages/* 149 | # except build/, which is used as an MSBuild target. 150 | !**/packages/build/ 151 | # Uncomment if necessary however generally it will be regenerated when needed 152 | #!**/packages/repositories.config 153 | # NuGet v3's project.json files produces more ignoreable files 154 | *.nuget.props 155 | *.nuget.targets 156 | 157 | # Microsoft Azure Build Output 158 | csx/ 159 | *.build.csdef 160 | 161 | # Microsoft Azure Emulator 162 | ecf/ 163 | rcf/ 164 | 165 | # Microsoft Azure ApplicationInsights config file 166 | ApplicationInsights.config 167 | 168 | # Windows Store app package directory 169 | AppPackages/ 170 | BundleArtifacts/ 171 | 172 | # Visual Studio cache files 173 | # files ending in .cache can be ignored 174 | *.[Cc]ache 175 | # but keep track of directories ending in .cache 176 | !*.[Cc]ache/ 177 | 178 | # Others 179 | ClientBin/ 180 | ~$* 181 | *~ 182 | *.dbmdl 183 | *.dbproj.schemaview 184 | *.pfx 185 | *.publishsettings 186 | node_modules/ 187 | orleans.codegen.cs 188 | 189 | # RIA/Silverlight projects 190 | Generated_Code/ 191 | 192 | # Backup & report files from converting an old project file 193 | # to a newer Visual Studio version. Backup files are not needed, 194 | # because we have git ;-) 195 | _UpgradeReport_Files/ 196 | Backup*/ 197 | UpgradeLog*.XML 198 | UpgradeLog*.htm 199 | 200 | # SQL Server files 201 | *.mdf 202 | *.ldf 203 | 204 | # Business Intelligence projects 205 | *.rdl.data 206 | *.bim.layout 207 | *.bim_*.settings 208 | 209 | # Microsoft Fakes 210 | FakesAssemblies/ 211 | 212 | # GhostDoc plugin setting file 213 | *.GhostDoc.xml 214 | 215 | # Node.js Tools for Visual Studio 216 | .ntvs_analysis.dat 217 | 218 | # Visual Studio 6 build log 219 | *.plg 220 | 221 | # Visual Studio 6 workspace options file 222 | *.opt 223 | 224 | # Visual Studio LightSwitch build output 225 | **/*.HTMLClient/GeneratedArtifacts 226 | **/*.DesktopClient/GeneratedArtifacts 227 | **/*.DesktopClient/ModelManifest.xml 228 | **/*.Server/GeneratedArtifacts 229 | **/*.Server/ModelManifest.xml 230 | _Pvt_Extensions 231 | 232 | # Paket dependency manager 233 | .paket/paket.exe 234 | 235 | # FAKE - F# Make 236 | .fake/ 237 | -------------------------------------------------------------------------------- /ConsoleVM/ConsoleVM.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2013 4 | VisualStudioVersion = 12.0.40629.0 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ConsoleVM", "ConsoleVM\ConsoleVM.vcxproj", "{52BA8EAB-AA21-4B35-A6B4-89EA379CC8F2}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Win32 = Debug|Win32 11 | Release|Win32 = Release|Win32 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {52BA8EAB-AA21-4B35-A6B4-89EA379CC8F2}.Debug|Win32.ActiveCfg = Debug|Win32 15 | {52BA8EAB-AA21-4B35-A6B4-89EA379CC8F2}.Debug|Win32.Build.0 = Debug|Win32 16 | {52BA8EAB-AA21-4B35-A6B4-89EA379CC8F2}.Release|Win32.ActiveCfg = Release|Win32 17 | {52BA8EAB-AA21-4B35-A6B4-89EA379CC8F2}.Release|Win32.Build.0 = Release|Win32 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | EndGlobal 23 | -------------------------------------------------------------------------------- /ConsoleVM/ConsoleVM/1.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | from msdn parent process code 3 | */ 4 | #include "stdafx.h" 5 | #include 6 | #include 7 | #include 8 | #include 9 | 10 | #define BUFSIZE 4096 11 | 12 | HANDLE g_hChildStd_IN_Rd1 = NULL; 13 | HANDLE g_hChildStd_IN_Wr1 = NULL; 14 | HANDLE g_hChildStd_OUT_Rd1 = NULL; 15 | HANDLE g_hChildStd_OUT_Wr1 = NULL; 16 | 17 | void CreateChildProcess1(void); 18 | DWORD WINAPI WriteToPipe1(LPVOID lpParam); 19 | void ReadFromPipe1(void); 20 | void ErrorExit1(PTSTR); 21 | 22 | int _tmain1(int argc, TCHAR *argv[]) 23 | { 24 | SECURITY_ATTRIBUTES saAttr; 25 | 26 | printf("\n->Start of parent execution.\n"); 27 | 28 | // Set the bInheritHandle flag so pipe handles are inherited. 29 | 30 | saAttr.nLength = sizeof(SECURITY_ATTRIBUTES); 31 | saAttr.bInheritHandle = TRUE; 32 | saAttr.lpSecurityDescriptor = NULL; 33 | 34 | // Create a pipe for the child process's STDOUT. 35 | 36 | if (!CreatePipe(&g_hChildStd_OUT_Rd1, &g_hChildStd_OUT_Wr1, &saAttr, 0)) 37 | ErrorExit1(TEXT("StdoutRd CreatePipe")); 38 | 39 | // Ensure the read handle to the pipe for STDOUT is not inherited. 40 | 41 | if (!SetHandleInformation(g_hChildStd_OUT_Rd1, HANDLE_FLAG_INHERIT, 0)) 42 | ErrorExit1(TEXT("Stdout SetHandleInformation")); 43 | 44 | // Create a pipe for the child process's STDIN. 45 | 46 | if (!CreatePipe(&g_hChildStd_IN_Rd1, &g_hChildStd_IN_Wr1, &saAttr, 0)) 47 | ErrorExit1(TEXT("Stdin CreatePipe")); 48 | 49 | // Ensure the write handle to the pipe for STDIN is not inherited. 50 | 51 | if (!SetHandleInformation(g_hChildStd_IN_Wr1, HANDLE_FLAG_INHERIT, 0)) 52 | ErrorExit1(TEXT("Stdin SetHandleInformation")); 53 | 54 | // Create the child process. 55 | 56 | CreateChildProcess1(); 57 | 58 | // Create the thread to begin execution on its own. 59 | // TODO: error handling 60 | CreateThread( 61 | NULL, // default security attributes 62 | 0, // use default stack size 63 | WriteToPipe1, // thread function name 64 | NULL, // argument to thread function 65 | 0, // use default creation flags 66 | NULL); // returns the thread identifier 67 | 68 | // Write to the pipe that is the standard input for a child process. 69 | // Data is written to the pipe's buffers, so it is not necessary to wait 70 | // until the child process is running before writing data. 71 | 72 | //WriteToPipe(NULL); 73 | printf("\n->Thread of STDIN to child STDIN pipe.\n"); 74 | 75 | // Read from pipe that is the standard output for child process. 76 | 77 | // TODO: cycle 78 | 79 | //printf("\n->Contents of child process STDOUT:\n\n", argv[1]); 80 | ReadFromPipe1(); 81 | 82 | printf("\n->End of parent execution.\n"); 83 | 84 | // The remaining open handles are cleaned up when this process terminates. 85 | // To avoid resource leaks in a larger application, close handles explicitly. 86 | 87 | return 0; 88 | } 89 | 90 | void CreateChildProcess1() 91 | // Create a child process that uses the previously created pipes for STDIN and STDOUT. 92 | { 93 | TCHAR szCmdline[] = TEXT("cmd.exe"); 94 | PROCESS_INFORMATION piProcInfo; 95 | STARTUPINFO siStartInfo; 96 | BOOL bSuccess = FALSE; 97 | 98 | // Set up members of the PROCESS_INFORMATION structure. 99 | 100 | ZeroMemory(&piProcInfo, sizeof(PROCESS_INFORMATION)); 101 | 102 | // Set up members of the STARTUPINFO structure. 103 | // This structure specifies the STDIN and STDOUT handles for redirection. 104 | 105 | ZeroMemory(&siStartInfo, sizeof(STARTUPINFO)); 106 | siStartInfo.cb = sizeof(STARTUPINFO); 107 | siStartInfo.hStdError = g_hChildStd_OUT_Wr1; 108 | siStartInfo.hStdOutput = g_hChildStd_OUT_Wr1; 109 | siStartInfo.hStdInput = g_hChildStd_IN_Rd1; 110 | siStartInfo.dwFlags |= STARTF_USESTDHANDLES; 111 | 112 | // Create the child process. 113 | 114 | bSuccess = CreateProcess(NULL, 115 | szCmdline, // command line 116 | NULL, // process security attributes 117 | NULL, // primary thread security attributes 118 | TRUE, // handles are inherited 119 | 0, // creation flags 120 | NULL, // use parent's environment 121 | NULL, // use parent's current directory 122 | &siStartInfo, // STARTUPINFO pointer 123 | &piProcInfo); // receives PROCESS_INFORMATION 124 | 125 | // If an error occurs, exit the application. 126 | if (!bSuccess) 127 | ErrorExit1(TEXT("CreateProcess")); 128 | else 129 | { 130 | // Close handles to the child process and its primary thread. 131 | // Some applications might keep these handles to monitor the status 132 | // of the child process, for example. 133 | 134 | CloseHandle(piProcInfo.hProcess); 135 | CloseHandle(piProcInfo.hThread); 136 | } 137 | } 138 | 139 | 140 | DWORD WINAPI WriteToPipe1(LPVOID lpParam) 141 | 142 | // Read from a file and write its contents to the pipe for the child's STDIN. 143 | // Stop when there is no more data. 144 | { 145 | DWORD dwRead = 13, dwWritten; 146 | CHAR chBuf[BUFSIZE] = "ipconfig.exe\n"; 147 | BOOL bSuccess = FALSE; 148 | HANDLE hParentStdIn = GetStdHandle(STD_INPUT_HANDLE); 149 | 150 | for (;;) 151 | { 152 | memset(chBuf, 0, BUFSIZE); 153 | bSuccess = ReadFile(hParentStdIn, chBuf, BUFSIZE, &dwRead, NULL); 154 | if (!bSuccess || dwRead == 0) break; 155 | 156 | bSuccess = WriteFile(g_hChildStd_IN_Wr1, chBuf, dwRead, &dwWritten, NULL); 157 | if (!bSuccess) break; 158 | } 159 | 160 | // Close the pipe handle so the child process stops reading. 161 | 162 | if (!CloseHandle(g_hChildStd_IN_Wr1)) 163 | ErrorExit1(TEXT("StdInWr CloseHandle")); 164 | 165 | return 0; 166 | } 167 | 168 | void ReadFromPipe1(void) 169 | 170 | // Read output from the child process's pipe for STDOUT 171 | // and write to the parent process's pipe for STDOUT. 172 | // Stop when there is no more data. 173 | { 174 | DWORD dwRead, dwWritten; 175 | CHAR chBuf[BUFSIZE]; 176 | BOOL bSuccess = FALSE; 177 | HANDLE hParentStdOut = GetStdHandle(STD_OUTPUT_HANDLE); 178 | 179 | for (;;) 180 | { 181 | bSuccess = ReadFile(g_hChildStd_OUT_Rd1, chBuf, BUFSIZE, &dwRead, NULL); 182 | if (!bSuccess || dwRead == 0) break; 183 | 184 | bSuccess = WriteFile(hParentStdOut, chBuf, 185 | dwRead, &dwWritten, NULL); 186 | if (!bSuccess) break; 187 | } 188 | } 189 | 190 | void ErrorExit1(PTSTR lpszFunction) 191 | 192 | // Format a readable error message, display a message box, 193 | // and exit from the application. 194 | { 195 | LPVOID lpMsgBuf; 196 | LPVOID lpDisplayBuf; 197 | DWORD dw = GetLastError(); 198 | 199 | FormatMessage( 200 | FORMAT_MESSAGE_ALLOCATE_BUFFER | 201 | FORMAT_MESSAGE_FROM_SYSTEM | 202 | FORMAT_MESSAGE_IGNORE_INSERTS, 203 | NULL, 204 | dw, 205 | MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), 206 | (LPTSTR)&lpMsgBuf, 207 | 0, NULL); 208 | 209 | lpDisplayBuf = (LPVOID)LocalAlloc(LMEM_ZEROINIT, 210 | (lstrlen((LPCTSTR)lpMsgBuf) + lstrlen((LPCTSTR)lpszFunction) + 40)*sizeof(TCHAR)); 211 | StringCchPrintf((LPTSTR)lpDisplayBuf, 212 | LocalSize(lpDisplayBuf) / sizeof(TCHAR), 213 | TEXT("%s failed with error %d: %s"), 214 | lpszFunction, dw, lpMsgBuf); 215 | MessageBox(NULL, (LPCTSTR)lpDisplayBuf, TEXT("Error"), MB_OK); 216 | 217 | LocalFree(lpMsgBuf); 218 | LocalFree(lpDisplayBuf); 219 | ExitProcess(1); 220 | } 221 | -------------------------------------------------------------------------------- /ConsoleVM/ConsoleVM/ConsoleVM.cpp: -------------------------------------------------------------------------------- 1 | // ConsoleVM.cpp : Defines the entry point for the console application. 2 | // 3 | 4 | #include "stdafx.h" 5 | #include 6 | 7 | int __cdecl ClientProcess(); 8 | int __cdecl mainS(int argc, TCHAR *argv[]); 9 | 10 | void PrintUsage(TCHAR *name) 11 | { 12 | _tprintf(_T("Usage:\n\ 13 | %s cli\n\ 14 | %s srv_service \n"), name, name); 15 | _tprintf(_T("\t could be:\n\ 16 | \tinstall \n\ 17 | \tremove\n\ 18 | \tstart\n\ 19 | \tstop\n")); 20 | } 21 | 22 | int _tmain(int argc, _TCHAR* argv[]) 23 | { 24 | if (argc == 2 && !_tcscmp(argv[1], _T("--help"))) 25 | PrintUsage(argv[0]); 26 | else if (argc == 2 && !_tcscmp(argv[1], _T("cli"))) { 27 | _tprintf(TEXT("Client will be started \n")); 28 | return ClientProcess(); 29 | } 30 | else if (argc == 2 && !_tcscmp(argv[1], _T("srv"))) { 31 | _tprintf(TEXT("Deprecated. Use service!\n")); 32 | PrintUsage(argv[0]); 33 | return 1; 34 | } 35 | else if ((argc >= 2 ) && (!_tcscmp(argv[1], _T("srv_service")))) { 36 | if (argc >= 3) { 37 | if (mainS(argc, argv)) 38 | PrintUsage(argv[0]); 39 | } else { 40 | _tprintf(TEXT("Need more arguments!\n")); 41 | PrintUsage(argv[0]); 42 | } 43 | } 44 | else if (argc == 1) { 45 | mainS(argc, argv); 46 | } 47 | else 48 | PrintUsage(argv[0]); 49 | 50 | return 0; 51 | } 52 | 53 | -------------------------------------------------------------------------------- /ConsoleVM/ConsoleVM/ConsoleVM.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | 14 | {52BA8EAB-AA21-4B35-A6B4-89EA379CC8F2} 15 | Win32Proj 16 | ConsoleVM 17 | 18 | 19 | 20 | Application 21 | true 22 | v120 23 | Unicode 24 | 25 | 26 | Application 27 | false 28 | v120 29 | true 30 | MultiByte 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | true 44 | 45 | 46 | false 47 | 48 | 49 | 50 | Use 51 | Level3 52 | Disabled 53 | WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 54 | true 55 | CompileAsCpp 56 | 57 | 58 | Console 59 | true 60 | 61 | 62 | 63 | 64 | Level3 65 | Use 66 | MaxSpeed 67 | true 68 | true 69 | WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 70 | true 71 | 72 | 73 | Console 74 | true 75 | true 76 | true 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | CompileAsCpp 90 | 91 | 92 | CompileAsCpp 93 | 94 | 95 | CompileAsCpp 96 | 97 | 98 | CompileAsCpp 99 | 100 | 101 | CompileAsCpp 102 | 103 | 104 | Create 105 | Create 106 | CompileAsCpp 107 | 108 | 109 | 110 | 111 | 112 | -------------------------------------------------------------------------------- /ConsoleVM/ConsoleVM/ConsoleVM.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | Header Files 23 | 24 | 25 | Header Files 26 | 27 | 28 | Header Files 29 | 30 | 31 | 32 | 33 | Source Files 34 | 35 | 36 | Source Files 37 | 38 | 39 | Source Files 40 | 41 | 42 | Source Files 43 | 44 | 45 | Source Files 46 | 47 | 48 | Source Files 49 | 50 | 51 | -------------------------------------------------------------------------------- /ConsoleVM/ConsoleVM/ReadMe.txt: -------------------------------------------------------------------------------- 1 | ======================================================================== 2 | CONSOLE APPLICATION : ConsoleVM Project Overview 3 | ======================================================================== 4 | 5 | AppWizard has created this ConsoleVM application for you. 6 | 7 | This file contains a summary of what you will find in each of the files that 8 | make up your ConsoleVM application. 9 | 10 | 11 | ConsoleVM.vcxproj 12 | This is the main project file for VC++ projects generated using an Application Wizard. 13 | It contains information about the version of Visual C++ that generated the file, and 14 | information about the platforms, configurations, and project features selected with the 15 | Application Wizard. 16 | 17 | ConsoleVM.vcxproj.filters 18 | This is the filters file for VC++ projects generated using an Application Wizard. 19 | It contains information about the association between the files in your project 20 | and the filters. This association is used in the IDE to show grouping of files with 21 | similar extensions under a specific node (for e.g. ".cpp" files are associated with the 22 | "Source Files" filter). 23 | 24 | ConsoleVM.cpp 25 | This is the main application source file. 26 | 27 | ///////////////////////////////////////////////////////////////////////////// 28 | Other standard files: 29 | 30 | StdAfx.h, StdAfx.cpp 31 | These files are used to build a precompiled header (PCH) file 32 | named ConsoleVM.pch and a precompiled types file named StdAfx.obj. 33 | 34 | ///////////////////////////////////////////////////////////////////////////// 35 | Other notes: 36 | 37 | AppWizard uses "TODO:" comments to indicate parts of the source code you 38 | should add to or customize. 39 | 40 | ///////////////////////////////////////////////////////////////////////////// 41 | -------------------------------------------------------------------------------- /ConsoleVM/ConsoleVM/scli.cpp: -------------------------------------------------------------------------------- 1 | #define WIN32_LEAN_AND_MEAN 2 | 3 | #include "stdafx.h" 4 | #include 5 | #include 6 | #include 7 | 8 | // Need to link with Ws2_32.lib, Mswsock.lib, and Advapi32.lib 9 | #pragma comment (lib, "Ws2_32.lib") 10 | #pragma comment (lib, "Mswsock.lib") 11 | #pragma comment (lib, "AdvApi32.lib") 12 | 13 | #define DEFAULT_BUFLEN 4096 14 | #define DEFAULT_PORT "27015" 15 | #define IP_ADDRESS "127.0.0.1" 16 | 17 | int gl_is_connected = false; 18 | 19 | int getServerInfo(struct addrinfo ** info); 20 | int connectToServer(SOCKET * connSock, addrinfo * srvInfo); 21 | int sendToServer(SOCKET ConnectSocket); 22 | int recvFromServer(SOCKET ConnectSocket); 23 | 24 | int __cdecl ClientProcess() 25 | { 26 | int exitValue = 1; 27 | 28 | WSADATA wsaData; 29 | if (WSAStartup(MAKEWORD(2, 2), &wsaData) != 0) { 30 | printf("WSAStartup failed \n"); 31 | goto err0; 32 | } 33 | 34 | struct addrinfo *servInfo = NULL; 35 | if (getServerInfo(&servInfo) != 0) { 36 | printf("getServerInfo failed \n"); 37 | goto err1; 38 | } 39 | 40 | SOCKET ConnectSocket = INVALID_SOCKET; 41 | if (connectToServer(&ConnectSocket, servInfo) != 0) { 42 | printf("connectToServer failed \n"); 43 | goto err2; 44 | } 45 | 46 | HANDLE hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)recvFromServer, (LPVOID)ConnectSocket, 0, NULL); 47 | if (hThread == NULL) { 48 | printf("CreateThread"); 49 | goto err3; 50 | } 51 | 52 | sendToServer(ConnectSocket); 53 | 54 | WaitForSingleObject(hThread, INFINITE); 55 | 56 | if (shutdown(ConnectSocket, SD_SEND) == SOCKET_ERROR) { 57 | printf("shutdown failed with error: %d\n", WSAGetLastError()); 58 | goto err3; 59 | } 60 | 61 | exitValue = 0; 62 | 63 | err3: 64 | closesocket(ConnectSocket); 65 | err2: 66 | freeaddrinfo(servInfo); 67 | err1: 68 | WSACleanup(); 69 | err0: 70 | return exitValue; 71 | } 72 | 73 | int sendToServer(SOCKET ConnectSocket) 74 | { 75 | char *sendbuf; 76 | if ((sendbuf = (char*)calloc(DEFAULT_BUFLEN, sizeof(char))) == NULL) { 77 | printf("Allocating memory for send buffer error \n"); 78 | goto err0; 79 | } 80 | 81 | do { 82 | if (gets_s(sendbuf, DEFAULT_BUFLEN) == NULL) 83 | break; 84 | 85 | if (send(ConnectSocket, sendbuf, (int)strlen(sendbuf), 0) == SOCKET_ERROR) { 86 | if (gl_is_connected) 87 | printf("send failed with error: %d \n", WSAGetLastError()); 88 | break; 89 | } 90 | } while (true); 91 | 92 | free(sendbuf); 93 | return 0; 94 | err0: 95 | return -1; 96 | } 97 | 98 | int recvFromServer(SOCKET ConnectSocket) 99 | { 100 | int recvRet; 101 | char *recvbuf; 102 | if ((recvbuf = (char*)calloc(DEFAULT_BUFLEN, sizeof(char))) == NULL) { 103 | printf("Allocating memory for recv buffer error \n"); 104 | goto err0; 105 | } 106 | 107 | do { 108 | memset(recvbuf, 0, DEFAULT_BUFLEN); 109 | recvRet = recv(ConnectSocket, recvbuf, DEFAULT_BUFLEN, 0); 110 | 111 | if (recvRet > 0) { 112 | printf("%.*s", recvRet, recvbuf); 113 | } else if (recvRet == 0) { 114 | printf("Connection closed\n"); 115 | gl_is_connected = false; 116 | break; 117 | } 118 | else { 119 | int err = WSAGetLastError(); 120 | if (err == WSAECONNRESET) 121 | printf("Connection suddenly closed by service \n"); 122 | else 123 | printf("recv failed with error: %d \n", WSAGetLastError()); 124 | gl_is_connected = false; 125 | break; 126 | } 127 | } while (recvRet > 0); 128 | 129 | free(recvbuf); 130 | return 0; 131 | err0: 132 | return -1; 133 | } 134 | 135 | int connectToServer(SOCKET * connSock, addrinfo * srvInfo) 136 | { 137 | *connSock = INVALID_SOCKET; 138 | struct addrinfo *info = NULL; 139 | for (info = srvInfo; info != NULL; info = info->ai_next) { 140 | *connSock = socket(info->ai_family, info->ai_socktype, info->ai_protocol); 141 | if (*connSock == INVALID_SOCKET) { 142 | printf("socket failed with error: %ld\n", WSAGetLastError()); 143 | goto err; 144 | } 145 | 146 | if (connect(*connSock, info->ai_addr, (int)info->ai_addrlen) == SOCKET_ERROR) { 147 | closesocket(*connSock); 148 | *connSock = INVALID_SOCKET; 149 | continue; 150 | } 151 | break; 152 | } 153 | 154 | if (*connSock == INVALID_SOCKET) { 155 | printf("Unable to connect to server!\n"); 156 | goto err; 157 | } 158 | 159 | gl_is_connected = true; 160 | 161 | return 0; 162 | err: 163 | return 1; 164 | } 165 | 166 | int getServerInfo(struct addrinfo ** info) 167 | { 168 | struct addrinfo hints; 169 | ZeroMemory(&hints, sizeof(hints)); 170 | hints.ai_family = AF_UNSPEC; 171 | hints.ai_socktype = SOCK_STREAM; 172 | hints.ai_protocol = IPPROTO_TCP; 173 | 174 | return getaddrinfo(IP_ADDRESS, DEFAULT_PORT, &hints, info); 175 | } -------------------------------------------------------------------------------- /ConsoleVM/ConsoleVM/ssrv.cpp: -------------------------------------------------------------------------------- 1 | #undef UNICODE 2 | 3 | #define WIN32_LEAN_AND_MEAN 4 | 5 | #include "stdafx.h" 6 | #include "ssrv_service.h" 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | // Need to link with Ws2_32.lib 13 | #pragma comment (lib, "Ws2_32.lib") 14 | // #pragma comment (lib, "Mswsock.lib") 15 | 16 | #define DEFAULT_BUFLEN 4096 17 | #define DEFAULT_PORT "27015" 18 | #define BUFSIZE 4096 19 | 20 | void CreateChildProcess(void); 21 | DWORD WINAPI WriteToPipe(char *msgBuf); 22 | DWORD ReadFromPipe(char *pMsgBuf, int *pMsgBufLen); 23 | void ErrorExit(PTSTR); 24 | int InitPipe(); 25 | void ClosePipes(); 26 | void CloseListen(); 27 | int TransmitFromCmd(void* buf); 28 | int TransmitToCmd(SOCKET ClientSocket); 29 | 30 | HANDLE g_hChildStd_IN_Rd = NULL; 31 | HANDLE g_hChildStd_IN_Wr = NULL; 32 | HANDLE g_hChildStd_OUT_Rd = NULL; 33 | HANDLE g_hChildStd_OUT_Wr = NULL; 34 | 35 | HANDLE g_hInputFile = NULL; 36 | SOCKET gListenSocket = INVALID_SOCKET; 37 | 38 | int gStopFlag = 0; 39 | 40 | 41 | int ServerMain(DWORD *SvcState) 42 | { 43 | int iResult; 44 | 45 | SOCKET ClientSocket = INVALID_SOCKET; 46 | 47 | struct addrinfo *result = NULL; 48 | struct addrinfo hints; 49 | 50 | int iSendResult; 51 | char * recvbuf = (char*)calloc(DEFAULT_BUFLEN, sizeof(char)); 52 | int recvbuflen = DEFAULT_BUFLEN; 53 | gStopFlag = 0; 54 | 55 | // Initialize Winsock 56 | WSADATA wsaData; 57 | if (WSAStartup(MAKEWORD(2, 2), &wsaData) != 0) { 58 | printf("WSAStartup failed \n"); 59 | return 1; 60 | } 61 | 62 | ZeroMemory(&hints, sizeof(hints)); 63 | hints.ai_family = AF_INET; 64 | hints.ai_socktype = SOCK_STREAM; 65 | hints.ai_protocol = IPPROTO_TCP; 66 | hints.ai_flags = AI_PASSIVE; 67 | 68 | // Resolve the server address and port 69 | iResult = getaddrinfo(NULL, DEFAULT_PORT, &hints, &result); 70 | if (iResult != 0) { 71 | printf("getaddrinfo failed with error: %d\n", iResult); 72 | WSACleanup(); 73 | return 1; 74 | } 75 | 76 | // Create a SOCKET for connecting to server 77 | gListenSocket = socket(result->ai_family, result->ai_socktype, result->ai_protocol); 78 | if (gListenSocket == INVALID_SOCKET) { 79 | printf("socket failed with error: %ld\n", WSAGetLastError()); 80 | freeaddrinfo(result); 81 | WSACleanup(); 82 | return 1; 83 | } 84 | 85 | // Setup the TCP listening socket 86 | iResult = bind(gListenSocket, result->ai_addr, (int)result->ai_addrlen); 87 | if (iResult == SOCKET_ERROR) { 88 | printf("bind failed with error: %d\n", WSAGetLastError()); 89 | freeaddrinfo(result); 90 | closesocket(gListenSocket); 91 | WSACleanup(); 92 | return 1; 93 | } 94 | 95 | freeaddrinfo(result); 96 | 97 | iResult = listen(gListenSocket, SOMAXCONN); 98 | if (iResult == SOCKET_ERROR) { 99 | printf("listen failed with error: %d\n", WSAGetLastError()); 100 | closesocket(gListenSocket); 101 | WSACleanup(); 102 | return 1; 103 | } 104 | 105 | InitPipe(); 106 | 107 | // Accept a client socket 108 | ClientSocket = accept(gListenSocket, NULL, NULL); 109 | if (ClientSocket == INVALID_SOCKET) { 110 | printf("accept failed with error: %d\n", WSAGetLastError()); 111 | closesocket(gListenSocket); 112 | WSACleanup(); 113 | return 1; 114 | } 115 | 116 | // No longer need server socket 117 | closesocket(gListenSocket); 118 | gListenSocket = INVALID_SOCKET; 119 | 120 | // Create the thread to begin execution on its own. 121 | DWORD dwThreadId; 122 | HANDLE hThread; 123 | 124 | hThread = CreateThread( 125 | NULL, // default security attributes 126 | 0, // use default stack size 127 | (LPTHREAD_START_ROUTINE)TransmitFromCmd, // thread function name 128 | (LPVOID)ClientSocket, // argument to thread function 129 | 0, // use default creation flags 130 | &dwThreadId); // returns the thread identifier 131 | if (hThread == NULL) 132 | { 133 | printf("CreateThread"); 134 | return 1; 135 | } 136 | 137 | TransmitToCmd(ClientSocket); 138 | 139 | WaitForSingleObject(hThread, INFINITE); 140 | CloseHandle(hThread); 141 | 142 | // cleanup 143 | WSACleanup(); 144 | 145 | return 0; 146 | } 147 | 148 | int TransmitToCmd(SOCKET ClientSocket) 149 | { 150 | int iResult, iSendResult; 151 | char *recvbuf = (char*)calloc(DEFAULT_BUFLEN, sizeof(char)); 152 | int recvbuflen = DEFAULT_BUFLEN; 153 | 154 | do { 155 | memset(recvbuf, 0, DEFAULT_BUFLEN); 156 | iResult = recv(ClientSocket, recvbuf, recvbuflen - 3, 0); 157 | if (iResult > 0) { 158 | printf("Bytes received: %d, Buffer: %s\n", iResult, recvbuf); 159 | 160 | recvbuf[iResult] = '\r'; 161 | recvbuf[iResult + 1] = '\n'; 162 | recvbuf[iResult + 2] = '\0'; 163 | WriteToPipe(recvbuf); 164 | } 165 | else if (iResult == 0){ 166 | SvcReportInfo(_T("Connection closing...\n")); 167 | gStopFlag = 1; 168 | ClosePipes(); 169 | } 170 | else if (!gStopFlag){ 171 | int err = WSAGetLastError(); 172 | if (err == WSAECONNRESET) 173 | SvcReportInfo(_T("Connection suddenly closed by client\n")); 174 | else 175 | SvcReportError(_T("recv failed with error: %d\n"), err); 176 | gStopFlag = 1; 177 | ClosePipes(); 178 | free(recvbuf); 179 | return 1; 180 | } 181 | } while (iResult > 0); 182 | 183 | free(recvbuf); 184 | return 0; 185 | } 186 | 187 | int TransmitFromCmd(void* buf) 188 | { 189 | SOCKET ClientSocket = (SOCKET)buf; 190 | int iResult, iSendResult; 191 | char *recvbuf = (char*)calloc(DEFAULT_BUFLEN, sizeof(char)); 192 | int recvbuflen = DEFAULT_BUFLEN; 193 | 194 | do { 195 | if (ReadFromPipe(recvbuf, &recvbuflen)){ 196 | if (!gStopFlag){ 197 | SvcReportError(_T("Pipe closed error")); 198 | } 199 | closesocket(ClientSocket); 200 | free(recvbuf); 201 | return 1; 202 | } 203 | // mb need more than one read-send operations for large output 204 | iSendResult = send(ClientSocket, recvbuf, recvbuflen, 0); 205 | printf("Bytes sent: %d\n", iSendResult); 206 | if (iSendResult == SOCKET_ERROR) { 207 | // TODO do we need stop check? 208 | printf("send failed with error: %d\n", WSAGetLastError()); 209 | closesocket(ClientSocket); 210 | free(recvbuf); 211 | return 1; 212 | } 213 | } while (iSendResult != SOCKET_ERROR); 214 | return 0; 215 | } 216 | 217 | int InitPipe() 218 | { 219 | SECURITY_ATTRIBUTES saAttr; 220 | 221 | printf("\n->Start of parent execution.\n"); 222 | 223 | // Set the bInheritHandle flag so pipe handles are inherited. 224 | 225 | saAttr.nLength = sizeof(SECURITY_ATTRIBUTES); 226 | saAttr.bInheritHandle = TRUE; 227 | saAttr.lpSecurityDescriptor = NULL; 228 | 229 | // Create a pipe for the child process's STDOUT. 230 | 231 | if (!CreatePipe(&g_hChildStd_OUT_Rd, &g_hChildStd_OUT_Wr, &saAttr, 0)) 232 | ErrorExit(TEXT("StdoutRd CreatePipe")); 233 | 234 | // Ensure the read handle to the pipe for STDOUT is not inherited. 235 | 236 | if (!SetHandleInformation(g_hChildStd_OUT_Rd, HANDLE_FLAG_INHERIT, 0)) 237 | ErrorExit(TEXT("Stdout SetHandleInformation")); 238 | 239 | // Create a pipe for the child process's STDIN. 240 | 241 | if (!CreatePipe(&g_hChildStd_IN_Rd, &g_hChildStd_IN_Wr, &saAttr, 0)) 242 | ErrorExit(TEXT("Stdin CreatePipe")); 243 | 244 | // Ensure the write handle to the pipe for STDIN is not inherited. 245 | 246 | if (!SetHandleInformation(g_hChildStd_IN_Wr, HANDLE_FLAG_INHERIT, 0)) 247 | ErrorExit(TEXT("Stdin SetHandleInformation")); 248 | 249 | // Create the child process. 250 | 251 | CreateChildProcess(); 252 | 253 | return 0; 254 | } 255 | 256 | void ClosePipes() 257 | { 258 | CloseHandle(g_hChildStd_OUT_Wr); 259 | g_hChildStd_OUT_Wr = NULL; 260 | CloseHandle(g_hChildStd_IN_Wr); 261 | g_hChildStd_IN_Wr = NULL; 262 | CloseHandle(g_hChildStd_IN_Rd); 263 | g_hChildStd_IN_Rd = NULL; 264 | CloseHandle(g_hChildStd_OUT_Rd); 265 | g_hChildStd_OUT_Rd = NULL; 266 | } 267 | 268 | void CloseListen() 269 | { 270 | if (gListenSocket != INVALID_SOCKET) 271 | closesocket(gListenSocket); 272 | gListenSocket = INVALID_SOCKET; 273 | } 274 | 275 | void CreateChildProcess() 276 | // Create a child process that uses the previously created pipes for STDIN and STDOUT. 277 | { 278 | TCHAR szCmdline[] = _T("cmd.exe"); 279 | PROCESS_INFORMATION piProcInfo; 280 | STARTUPINFO siStartInfo; 281 | BOOL bSuccess = FALSE; 282 | 283 | // Set up members of the PROCESS_INFORMATION structure. 284 | 285 | ZeroMemory(&piProcInfo, sizeof(PROCESS_INFORMATION)); 286 | 287 | // Set up members of the STARTUPINFO structure. 288 | // This structure specifies the STDIN and STDOUT handles for redirection. 289 | 290 | ZeroMemory(&siStartInfo, sizeof(STARTUPINFO)); 291 | siStartInfo.cb = sizeof(STARTUPINFO); 292 | siStartInfo.hStdError = g_hChildStd_OUT_Wr; 293 | siStartInfo.hStdOutput = g_hChildStd_OUT_Wr; 294 | siStartInfo.hStdInput = g_hChildStd_IN_Rd; 295 | siStartInfo.dwFlags |= STARTF_USESTDHANDLES; 296 | 297 | // Create the child process. 298 | 299 | bSuccess = CreateProcess(NULL, 300 | szCmdline, // command line 301 | NULL, // process security attributes 302 | NULL, // primary thread security attributes 303 | TRUE, // handles are inherited 304 | 0, // creation flags 305 | NULL, // use parent's environment 306 | NULL, // use parent's current directory 307 | &siStartInfo, // STARTUPINFO pointer 308 | &piProcInfo); // receives PROCESS_INFORMATION 309 | 310 | // If an error occurs, exit the application. 311 | if (!bSuccess) 312 | ErrorExit(TEXT("CreateProcess")); 313 | else 314 | { 315 | // Close handles to the child process and its primary thread. 316 | // Some applications might keep these handles to monitor the status 317 | // of the child process, for example. 318 | 319 | CloseHandle(piProcInfo.hProcess); 320 | CloseHandle(piProcInfo.hThread); 321 | } 322 | } 323 | 324 | 325 | DWORD WINAPI WriteToPipe(char * msgBuf) 326 | { 327 | DWORD dwWritten; 328 | WriteFile(g_hChildStd_IN_Wr, msgBuf, (DWORD)strlen(msgBuf), &dwWritten, NULL); 329 | return 0; 330 | } 331 | 332 | DWORD ReadFromPipe(char * pMsgBuf, int * pMsgBufLen) 333 | { 334 | DWORD dwRead = 0, ret = 0; 335 | ret = ReadFile(g_hChildStd_OUT_Rd, pMsgBuf, BUFSIZE, &dwRead, NULL); 336 | *pMsgBufLen = (int)dwRead; 337 | return !ret; 338 | } 339 | 340 | int StopServer() 341 | { 342 | gStopFlag = 1; 343 | ClosePipes(); 344 | CloseListen(); 345 | return 0; 346 | } 347 | 348 | void ErrorExit(PTSTR lpszFunction) 349 | 350 | // Format a readable error message, display a message box, 351 | // and exit from the application. 352 | { 353 | LPVOID lpMsgBuf; 354 | LPVOID lpDisplayBuf; 355 | DWORD dw = GetLastError(); 356 | 357 | FormatMessage( 358 | FORMAT_MESSAGE_ALLOCATE_BUFFER | 359 | FORMAT_MESSAGE_FROM_SYSTEM | 360 | FORMAT_MESSAGE_IGNORE_INSERTS, 361 | NULL, 362 | dw, 363 | MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), 364 | (LPTSTR)&lpMsgBuf, 365 | 0, NULL); 366 | 367 | lpDisplayBuf = (LPVOID)LocalAlloc(LMEM_ZEROINIT, 368 | (lstrlen((LPCTSTR)lpMsgBuf) + lstrlen((LPCTSTR)lpszFunction) + 40)*sizeof(TCHAR)); 369 | StringCchPrintf((LPTSTR)lpDisplayBuf, 370 | LocalSize(lpDisplayBuf) / sizeof(TCHAR), 371 | TEXT("%s failed with error %d: %s"), 372 | lpszFunction, dw, lpMsgBuf); 373 | MessageBox(NULL, (LPCTSTR)lpDisplayBuf, TEXT("Error"), MB_OK); 374 | 375 | LocalFree(lpMsgBuf); 376 | LocalFree(lpDisplayBuf); 377 | ExitProcess(1); 378 | } 379 | -------------------------------------------------------------------------------- /ConsoleVM/ConsoleVM/ssrv_service.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mvilkin/system_programming/08d3095a923bf2ced6cb9997a37fd3efb60ab0f7/ConsoleVM/ConsoleVM/ssrv_service.cpp -------------------------------------------------------------------------------- /ConsoleVM/ConsoleVM/ssrv_service.h: -------------------------------------------------------------------------------- 1 | 2 | #pragma once 3 | 4 | #include 5 | #include 6 | 7 | #define SvcReportError(x, ...) SvcPrintf(EVENTLOG_ERROR_TYPE, (x), __VA_ARGS__) 8 | #define SvcReportInfo(x, ...) SvcPrintf(EVENTLOG_INFORMATION_TYPE, (x), __VA_ARGS__) 9 | 10 | 11 | VOID SvcPrintf(unsigned type, LPTSTR format, ...); 12 | -------------------------------------------------------------------------------- /ConsoleVM/ConsoleVM/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // ConsoleVM.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /ConsoleVM/ConsoleVM/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | #include 11 | #include 12 | #include 13 | #include 14 | 15 | 16 | 17 | // TODO: reference additional headers your program requires here 18 | -------------------------------------------------------------------------------- /ConsoleVM/ConsoleVM/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /ConsoleVM/Readme.txt: -------------------------------------------------------------------------------- 1 | How to run server service: 2 | 3 | >ConsoleVM.exe srv_service install 4 | >ConsoleVM.exe srv_service start 5 | >ConsoleVM.exe srv_service stop 6 | >ConsoleVM.exe srv_service remove -------------------------------------------------------------------------------- /DllInjection/DllInjection.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2013 4 | VisualStudioVersion = 12.0.21005.1 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DllInjection", "DllInjection\DllInjection.vcxproj", "{EA7DF6DE-4A1E-4603-A341-2A1515A4141E}" 7 | ProjectSection(ProjectDependencies) = postProject 8 | {D0E67905-8224-4DE3-806F-C764165FF258} = {D0E67905-8224-4DE3-806F-C764165FF258} 9 | {B3937D42-3800-47B7-B7E2-C4E7D8A1D215} = {B3937D42-3800-47B7-B7E2-C4E7D8A1D215} 10 | EndProjectSection 11 | EndProject 12 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TestExe", "TestExe\TestExe.vcxproj", "{B3937D42-3800-47B7-B7E2-C4E7D8A1D215}" 13 | EndProject 14 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shellcode", "shellcode\shellcode.vcxproj", "{CB4002A5-1667-4BDF-A683-FB8528046503}" 15 | EndProject 16 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TargetDll", "TargetDll\TargetDll.vcxproj", "{D0E67905-8224-4DE3-806F-C764165FF258}" 17 | EndProject 18 | Global 19 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 20 | Debug|Mixed Platforms = Debug|Mixed Platforms 21 | Debug|Win32 = Debug|Win32 22 | Debug|x64 = Debug|x64 23 | Release|Mixed Platforms = Release|Mixed Platforms 24 | Release|Win32 = Release|Win32 25 | Release|x64 = Release|x64 26 | EndGlobalSection 27 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 28 | {EA7DF6DE-4A1E-4603-A341-2A1515A4141E}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 29 | {EA7DF6DE-4A1E-4603-A341-2A1515A4141E}.Debug|Mixed Platforms.Build.0 = Debug|Win32 30 | {EA7DF6DE-4A1E-4603-A341-2A1515A4141E}.Debug|Win32.ActiveCfg = Debug|Win32 31 | {EA7DF6DE-4A1E-4603-A341-2A1515A4141E}.Debug|Win32.Build.0 = Debug|Win32 32 | {EA7DF6DE-4A1E-4603-A341-2A1515A4141E}.Debug|x64.ActiveCfg = Debug|x64 33 | {EA7DF6DE-4A1E-4603-A341-2A1515A4141E}.Debug|x64.Build.0 = Debug|x64 34 | {EA7DF6DE-4A1E-4603-A341-2A1515A4141E}.Release|Mixed Platforms.ActiveCfg = Release|Win32 35 | {EA7DF6DE-4A1E-4603-A341-2A1515A4141E}.Release|Mixed Platforms.Build.0 = Release|Win32 36 | {EA7DF6DE-4A1E-4603-A341-2A1515A4141E}.Release|Win32.ActiveCfg = Release|Win32 37 | {EA7DF6DE-4A1E-4603-A341-2A1515A4141E}.Release|Win32.Build.0 = Release|Win32 38 | {EA7DF6DE-4A1E-4603-A341-2A1515A4141E}.Release|x64.ActiveCfg = Release|x64 39 | {EA7DF6DE-4A1E-4603-A341-2A1515A4141E}.Release|x64.Build.0 = Release|x64 40 | {B3937D42-3800-47B7-B7E2-C4E7D8A1D215}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 41 | {B3937D42-3800-47B7-B7E2-C4E7D8A1D215}.Debug|Mixed Platforms.Build.0 = Debug|Win32 42 | {B3937D42-3800-47B7-B7E2-C4E7D8A1D215}.Debug|Win32.ActiveCfg = Debug|Win32 43 | {B3937D42-3800-47B7-B7E2-C4E7D8A1D215}.Debug|Win32.Build.0 = Debug|Win32 44 | {B3937D42-3800-47B7-B7E2-C4E7D8A1D215}.Debug|x64.ActiveCfg = Debug|x64 45 | {B3937D42-3800-47B7-B7E2-C4E7D8A1D215}.Debug|x64.Build.0 = Debug|x64 46 | {B3937D42-3800-47B7-B7E2-C4E7D8A1D215}.Release|Mixed Platforms.ActiveCfg = Release|Win32 47 | {B3937D42-3800-47B7-B7E2-C4E7D8A1D215}.Release|Mixed Platforms.Build.0 = Release|Win32 48 | {B3937D42-3800-47B7-B7E2-C4E7D8A1D215}.Release|Win32.ActiveCfg = Release|Win32 49 | {B3937D42-3800-47B7-B7E2-C4E7D8A1D215}.Release|Win32.Build.0 = Release|Win32 50 | {B3937D42-3800-47B7-B7E2-C4E7D8A1D215}.Release|x64.ActiveCfg = Release|Win32 51 | {CB4002A5-1667-4BDF-A683-FB8528046503}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 52 | {CB4002A5-1667-4BDF-A683-FB8528046503}.Debug|Mixed Platforms.Build.0 = Debug|Win32 53 | {CB4002A5-1667-4BDF-A683-FB8528046503}.Debug|Win32.ActiveCfg = Debug|Win32 54 | {CB4002A5-1667-4BDF-A683-FB8528046503}.Debug|x64.ActiveCfg = Debug|x64 55 | {CB4002A5-1667-4BDF-A683-FB8528046503}.Debug|x64.Build.0 = Debug|x64 56 | {CB4002A5-1667-4BDF-A683-FB8528046503}.Release|Mixed Platforms.ActiveCfg = Release|Win32 57 | {CB4002A5-1667-4BDF-A683-FB8528046503}.Release|Mixed Platforms.Build.0 = Release|Win32 58 | {CB4002A5-1667-4BDF-A683-FB8528046503}.Release|Win32.ActiveCfg = Release|Win32 59 | {CB4002A5-1667-4BDF-A683-FB8528046503}.Release|Win32.Build.0 = Release|Win32 60 | {CB4002A5-1667-4BDF-A683-FB8528046503}.Release|x64.ActiveCfg = Release|Win32 61 | {D0E67905-8224-4DE3-806F-C764165FF258}.Debug|Mixed Platforms.ActiveCfg = Debug|x64 62 | {D0E67905-8224-4DE3-806F-C764165FF258}.Debug|Mixed Platforms.Build.0 = Debug|x64 63 | {D0E67905-8224-4DE3-806F-C764165FF258}.Debug|Win32.ActiveCfg = Debug|Win32 64 | {D0E67905-8224-4DE3-806F-C764165FF258}.Debug|Win32.Build.0 = Debug|Win32 65 | {D0E67905-8224-4DE3-806F-C764165FF258}.Debug|x64.ActiveCfg = Debug|x64 66 | {D0E67905-8224-4DE3-806F-C764165FF258}.Debug|x64.Build.0 = Debug|x64 67 | {D0E67905-8224-4DE3-806F-C764165FF258}.Release|Mixed Platforms.ActiveCfg = Release|Win32 68 | {D0E67905-8224-4DE3-806F-C764165FF258}.Release|Mixed Platforms.Build.0 = Release|Win32 69 | {D0E67905-8224-4DE3-806F-C764165FF258}.Release|Win32.ActiveCfg = Release|Win32 70 | {D0E67905-8224-4DE3-806F-C764165FF258}.Release|Win32.Build.0 = Release|Win32 71 | {D0E67905-8224-4DE3-806F-C764165FF258}.Release|x64.ActiveCfg = Release|Win32 72 | EndGlobalSection 73 | GlobalSection(SolutionProperties) = preSolution 74 | HideSolutionNode = FALSE 75 | EndGlobalSection 76 | EndGlobal 77 | -------------------------------------------------------------------------------- /DllInjection/DllInjection/DllInjection.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mvilkin/system_programming/08d3095a923bf2ced6cb9997a37fd3efb60ab0f7/DllInjection/DllInjection/DllInjection.cpp -------------------------------------------------------------------------------- /DllInjection/DllInjection/DllInjection.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Debug 10 | x64 11 | 12 | 13 | Release 14 | Win32 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {EA7DF6DE-4A1E-4603-A341-2A1515A4141E} 23 | Win32Proj 24 | DllInjection 25 | 26 | 27 | 28 | Application 29 | true 30 | v120 31 | Unicode 32 | 33 | 34 | Application 35 | true 36 | v120 37 | Unicode 38 | 39 | 40 | Application 41 | false 42 | v120 43 | true 44 | Unicode 45 | 46 | 47 | Application 48 | false 49 | v120 50 | true 51 | Unicode 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | true 71 | 72 | 73 | true 74 | 75 | 76 | false 77 | 78 | 79 | false 80 | 81 | 82 | 83 | Use 84 | Level3 85 | Disabled 86 | WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 87 | true 88 | 89 | 90 | Console 91 | true 92 | 93 | 94 | 95 | 96 | Use 97 | Level3 98 | Disabled 99 | WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 100 | true 101 | 102 | 103 | Console 104 | true 105 | 106 | 107 | 108 | 109 | Level3 110 | Use 111 | MaxSpeed 112 | true 113 | true 114 | WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 115 | true 116 | 117 | 118 | Console 119 | true 120 | true 121 | true 122 | 123 | 124 | 125 | 126 | Level3 127 | Use 128 | MaxSpeed 129 | true 130 | true 131 | WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 132 | true 133 | 134 | 135 | Console 136 | true 137 | true 138 | true 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | Create 152 | Create 153 | Create 154 | Create 155 | 156 | 157 | 158 | 159 | 160 | -------------------------------------------------------------------------------- /DllInjection/DllInjection/DllInjection.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | Header Files 19 | 20 | 21 | Header Files 22 | 23 | 24 | 25 | 26 | Source Files 27 | 28 | 29 | Source Files 30 | 31 | 32 | -------------------------------------------------------------------------------- /DllInjection/DllInjection/PEB.cpp: -------------------------------------------------------------------------------- 1 | #include "stdafx.h" 2 | #include "PEB.h" 3 | 4 | PEBUtils::PEBUtils() 5 | { 6 | hModule = NULL; 7 | procHandle = NULL; 8 | hProcess = NULL; 9 | pid = NULL; 10 | NtQueryInformationProcess = NULL; 11 | fIsWow64Process = NULL; 12 | AdjustPrivelege(SE_DEBUG_NAME); 13 | Init(); 14 | memset(&peb32, 0, sizeof(peb32)); 15 | memset(&peb64, 0, sizeof(peb64)); 16 | memset(&pbi, 0, sizeof(pbi)); 17 | 18 | } 19 | 20 | PEBUtils::~PEBUtils() 21 | { 22 | FreeLibrary(hModule); 23 | } 24 | 25 | void PEBUtils::Init() 26 | { 27 | HANDLE curProc = GetCurrentProcess(); 28 | if (CheckProcess(curProc)) 29 | { 30 | printf("Wow64 present..\n"); 31 | } 32 | hModule = GetModuleHandleA("ntdll.dll"); 33 | if (hModule == NULL) 34 | { 35 | printf("GetModuleHandle Error\n"); 36 | exit(EXIT_FAILURE); 37 | } 38 | 39 | NtQueryInformationProcess = (lpfNtQueryInformationProcess)GetProcAddress(hModule, "NtQueryInformationProcess"); 40 | 41 | if (NtQueryInformationProcess == NULL) 42 | { 43 | printf("GetProcAddress Error\n"); 44 | exit(EXIT_FAILURE); 45 | } 46 | 47 | } 48 | 49 | 50 | void PEBUtils::AdjustPrivelege(LPWSTR privelege) 51 | { 52 | HANDLE hToken = NULL; 53 | TOKEN_PRIVILEGES tokenPriv; 54 | LUID luidDebug; 55 | if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken) != FALSE) 56 | { 57 | if (LookupPrivilegeValue(NULL, privelege, &luidDebug) != FALSE) 58 | { 59 | tokenPriv.PrivilegeCount = 1; 60 | tokenPriv.Privileges[0].Luid = luidDebug; 61 | tokenPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; 62 | if (AdjustTokenPrivileges(hToken, FALSE, &tokenPriv, 0, NULL, NULL) != FALSE) 63 | { 64 | printf("CHANGED TOKEN PRIVILEGES\n"); 65 | } 66 | else 67 | { 68 | printf("FAILED TO CHANGE TOKEN PRIVILEGES\n"); 69 | exit(EXIT_FAILURE); 70 | } 71 | } 72 | } 73 | CloseHandle(hToken); 74 | 75 | } 76 | 77 | HANDLE PEBUtils::OpenProcess(LPWSTR &procName) 78 | { 79 | PROCESSENTRY32 pe32; 80 | HANDLE hSnapshot = NULL; 81 | 82 | pe32.dwSize = sizeof(PROCESSENTRY32); 83 | hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 84 | 85 | if (Process32First(hSnapshot, &pe32)) 86 | { 87 | do{ 88 | if (lstrcmpiW(pe32.szExeFile, procName) == 0) 89 | { 90 | pid = pe32.th32ProcessID; 91 | break; 92 | } 93 | } while (Process32Next(hSnapshot, &pe32)); 94 | } 95 | 96 | if (hSnapshot != INVALID_HANDLE_VALUE) 97 | CloseHandle(hSnapshot); 98 | 99 | procHandle = ::OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID); 100 | if (procHandle == INVALID_HANDLE_VALUE) 101 | { 102 | printf("OpenProcess Error\n ", procName); 103 | exit(EXIT_FAILURE); 104 | } 105 | else 106 | return procHandle; 107 | } 108 | 109 | HANDLE PEBUtils::OpenProcess(DWORD pid) 110 | { 111 | return ::OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); 112 | } 113 | 114 | void PEBUtils::ReadPEB(SIZE_T &dwBytesRead) 115 | { 116 | SuspendThread(hProcess); 117 | if (!ReadProcessMemory(hProcess, (void*)pbi.PebBaseAddress, &peb32, sizeof(PEB32), &dwBytesRead) || dwBytesRead < sizeof(PEB32)) 118 | { 119 | printf("ReadProcessMemory Error 0x%x", GetLastError()); 120 | exit(EXIT_FAILURE); 121 | } 122 | ResumeThread(hProcess); 123 | } 124 | 125 | void PEBUtils::ReadPEB64(SIZE_T &dwBytesRead) 126 | { 127 | SuspendThread(hProcess); 128 | if (!ReadProcessMemory(hProcess, (void*)pbi.PebBaseAddress, &peb64, sizeof(PEB64), &dwBytesRead) || dwBytesRead < sizeof(PEB64)) 129 | { 130 | printf("ReadProcessMemory Error 0x%x", GetLastError()); 131 | exit(EXIT_FAILURE); 132 | } 133 | ResumeThread(hProcess); 134 | } 135 | 136 | PEB32 PEBUtils::GetProcessPEB32(LPWSTR &procName) 137 | { 138 | hProcess = OpenProcess(procName); 139 | if (!CheckProcess(hProcess)) 140 | { 141 | printf("Remote Process is 64 bit but using GetProcesPeb32\n"); 142 | exit(EXIT_FAILURE); 143 | } 144 | status = NtQueryInformationProcess(hProcess, ProcessBasicInformation, &pbi, sizeof(PROCESS_BASIC_INFORMATION), &dwLength); 145 | 146 | if (status != 0x0) 147 | { 148 | printf("NtQueryInformationProcess Error 0x%x\n", status); 149 | exit(EXIT_FAILURE); 150 | } 151 | 152 | printf("PEB address : 0x%x\n", pbi.PebBaseAddress); 153 | 154 | SIZE_T dwBytesRead = 0x0; 155 | /*SIZE_T oldP = 0; 156 | MEMORY_BASIC_INFORMATION mb; 157 | VirtualQueryEx(hProcess,(void*)pbi.PebBaseAddress,&mb,sizeof(mb)); 158 | if(!VirtualProtectEx(hProcess, (void*)pbi.PebBaseAddress, mb.RegionSize, PAGE_READONLY, &oldP)) 159 | { 160 | printf("VirtualProtect Error 0x%x", GetLastError()); 161 | exit(EXIT_FAILURE); 162 | }*/ 163 | ReadPEB(dwBytesRead); 164 | 165 | return peb32; 166 | } 167 | 168 | PEB64 PEBUtils::GetProcessPEB64(LPWSTR &procName) 169 | { 170 | hProcess = OpenProcess(procName); 171 | if (CheckProcess(hProcess)) 172 | { 173 | printf("Remote Process is 32 bit but using GetProcesPeb64\n"); 174 | exit(EXIT_FAILURE); 175 | } 176 | status = NtQueryInformationProcess(hProcess, ProcessBasicInformation, &pbi, sizeof(PROCESS_BASIC_INFORMATION), &dwLength); 177 | 178 | if (status != 0x0) 179 | { 180 | printf("NtQueryInformationProcess Error 0x%x\n", status); 181 | exit(EXIT_FAILURE); 182 | } 183 | 184 | printf("PEB address : 0x%x\n", pbi.PebBaseAddress); 185 | 186 | SIZE_T dwBytesRead = 0x0; 187 | ReadPEB64(dwBytesRead); 188 | 189 | return peb64; 190 | } 191 | 192 | BOOL PEBUtils::CheckProcess(HANDLE &hProcess) 193 | { 194 | BOOL bIsWow64 = FALSE; 195 | 196 | fIsWow64Process = (lpfIsWow64Process)GetProcAddress( 197 | GetModuleHandle(TEXT("kernel32")), "IsWow64Process"); 198 | 199 | if (NULL != fIsWow64Process) 200 | { 201 | if (!fIsWow64Process(hProcess, &bIsWow64)) 202 | { 203 | printf("ERROR with IsWow64Process 0x%x", GetLastError()); 204 | exit(EXIT_FAILURE); 205 | } 206 | } 207 | return bIsWow64; 208 | } 209 | 210 | void PEBUtils::SetProcessPEB32(LPWSTR &procName, PEB32 &peb32) 211 | { 212 | hProcess = OpenProcess(procName); 213 | 214 | SIZE_T dwBytesWritten = 0x0; 215 | DWORD oldP = 0; 216 | MEMORY_BASIC_INFORMATION mb; 217 | SuspendThread(hProcess); 218 | VirtualQueryEx(hProcess, (void*)pbi.PebBaseAddress, &mb, sizeof(mb)); 219 | if (!VirtualProtectEx(hProcess, (void*)pbi.PebBaseAddress, mb.RegionSize, PAGE_READWRITE, &oldP)) 220 | { 221 | printf("VirtualProtect Error 0x%x", GetLastError()); 222 | exit(EXIT_FAILURE); 223 | } 224 | WriteProcessMemory(hProcess, (void*)pbi.PebBaseAddress, &peb32, sizeof(PEB32), &dwBytesWritten); 225 | ResumeThread(hProcess); 226 | } 227 | 228 | void PEBUtils::SetProcessPEB64(LPWSTR &procName, PEB64 &peb64) 229 | { 230 | hProcess = OpenProcess(procName); 231 | SIZE_T dwBytesWritten = 0x0; 232 | DWORD oldP = 0; 233 | MEMORY_BASIC_INFORMATION mb; 234 | SuspendThread(hProcess); 235 | VirtualQueryEx(hProcess, (void*)pbi.PebBaseAddress, &mb, sizeof(mb)); 236 | if (!VirtualProtectEx(hProcess, (void*)pbi.PebBaseAddress, mb.RegionSize, PAGE_READWRITE, &oldP)) 237 | { 238 | printf("VirtualProtect Error 0x%x", GetLastError()); 239 | exit(EXIT_FAILURE); 240 | } 241 | WriteProcessMemory(hProcess, (void*)pbi.PebBaseAddress, &peb64, sizeof(PEB64), &dwBytesWritten); 242 | ResumeThread(hProcess); 243 | 244 | } -------------------------------------------------------------------------------- /DllInjection/DllInjection/PEB.h: -------------------------------------------------------------------------------- 1 | #ifndef _PEB_H_ 2 | #define _PEB_H_ 3 | 4 | #include 5 | #include 6 | #include 7 | 8 | #pragma pack(push) 9 | #pragma pack(1) 10 | template 11 | struct LIST_ENTRY_T 12 | { 13 | T Flink; 14 | T Blink; 15 | }; 16 | 17 | template 18 | struct UNICODE_STRING_T 19 | { 20 | union 21 | { 22 | struct 23 | { 24 | WORD Length; 25 | WORD MaximumLength; 26 | }; 27 | T dummy; 28 | }; 29 | T _Buffer; 30 | }; 31 | 32 | template 33 | struct _PEB_T 34 | { 35 | union 36 | { 37 | struct 38 | { 39 | BYTE InheritedAddressSpace; 40 | BYTE ReadImageFileExecOptions; 41 | BYTE BeingDebugged; 42 | BYTE _SYSTEM_DEPENDENT_01; 43 | }; 44 | T dummy01; 45 | }; 46 | T Mutant; 47 | T ImageBaseAddress; 48 | T Ldr; 49 | T ProcessParameters; 50 | T SubSystemData; 51 | T ProcessHeap; 52 | T FastPebLock; 53 | T _SYSTEM_DEPENDENT_02; 54 | T _SYSTEM_DEPENDENT_03; 55 | T _SYSTEM_DEPENDENT_04; 56 | union 57 | { 58 | T KernelCallbackTable; 59 | T UserSharedInfoPtr; 60 | }; 61 | DWORD SystemReserved; 62 | DWORD _SYSTEM_DEPENDENT_05; 63 | T _SYSTEM_DEPENDENT_06; 64 | T TlsExpansionCounter; 65 | T TlsBitmap; 66 | DWORD TlsBitmapBits[2]; 67 | T ReadOnlySharedMemoryBase; 68 | T _SYSTEM_DEPENDENT_07; 69 | T ReadOnlyStaticServerData; 70 | T AnsiCodePageData; 71 | T OemCodePageData; 72 | T UnicodeCaseTableData; 73 | DWORD NumberOfProcessors; 74 | union 75 | { 76 | DWORD NtGlobalFlag; 77 | NGF dummy02; 78 | }; 79 | LARGE_INTEGER CriticalSectionTimeout; 80 | T HeapSegmentReserve; 81 | T HeapSegmentCommit; 82 | T HeapDeCommitTotalFreeThreshold; 83 | T HeapDeCommitFreeBlockThreshold; 84 | DWORD NumberOfHeaps; 85 | DWORD MaximumNumberOfHeaps; 86 | T ProcessHeaps; 87 | T GdiSharedHandleTable; 88 | T ProcessStarterHelper; 89 | T GdiDCAttributeList; 90 | T LoaderLock; 91 | DWORD OSMajorVersion; 92 | DWORD OSMinorVersion; 93 | WORD OSBuildNumber; 94 | WORD OSCSDVersion; 95 | DWORD OSPlatformId; 96 | DWORD ImageSubsystem; 97 | DWORD ImageSubsystemMajorVersion; 98 | T ImageSubsystemMinorVersion; 99 | union 100 | { 101 | T ImageProcessAffinityMask; 102 | T ActiveProcessAffinityMask; 103 | }; 104 | T GdiHandleBuffer[A]; 105 | T PostProcessInitRoutine; 106 | T TlsExpansionBitmap; 107 | DWORD TlsExpansionBitmapBits[32]; 108 | T SessionId; 109 | ULARGE_INTEGER AppCompatFlags; 110 | ULARGE_INTEGER AppCompatFlagsUser; 111 | T pShimData; 112 | T AppCompatInfo; 113 | UNICODE_STRING_T CSDVersion; 114 | T ActivationContextData; 115 | T ProcessAssemblyStorageMap; 116 | T SystemDefaultActivationContextData; 117 | T SystemAssemblyStorageMap; 118 | T MinimumStackCommit; 119 | }; 120 | 121 | typedef _PEB_T PEB32; 122 | typedef _PEB_T PEB64; 123 | 124 | #pragma pack(pop) 125 | 126 | typedef enum _PROCESSINFOCLASS { 127 | ProcessBasicInformation = 0 128 | } PROCESSINFOCLASS; 129 | 130 | typedef ULONG(NTAPI *lpfNtQueryInformationProcess)(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG); 131 | typedef BOOL(WINAPI *lpfIsWow64Process) (HANDLE, PBOOL); 132 | 133 | typedef struct _PROCESS_BASIC_INFORMATION { 134 | PVOID Reserved1; 135 | PVOID PebBaseAddress; 136 | PVOID Reserved2[2]; 137 | ULONG_PTR UniqueProcessId; 138 | PVOID Reserved3; 139 | } PROCESS_BASIC_INFORMATION; 140 | 141 | class PEBUtils 142 | { 143 | public: 144 | PEBUtils(); 145 | ~PEBUtils(); 146 | 147 | PEB32 GetProcessPEB32(LPWSTR &procName); 148 | PEB64 GetProcessPEB64(LPWSTR &procName); 149 | void SetProcessPEB32(LPWSTR &procName, PEB32 &peb32); 150 | void SetProcessPEB64(LPWSTR &procName, PEB64 &peb64); 151 | private: 152 | void Init(); 153 | BOOL CheckProcess(HANDLE &hProcess); 154 | void ReadPEB(SIZE_T &dwBytesRead); 155 | void ReadPEB64(SIZE_T &dwBytesRead); 156 | void AdjustPrivelege(LPWSTR privelege); 157 | HANDLE OpenProcess(LPTSTR &procName); 158 | HANDLE OpenProcess(DWORD pid); 159 | PROCESS_BASIC_INFORMATION pbi; 160 | PEB32 peb32; 161 | PEB64 peb64; 162 | HANDLE procHandle; 163 | DWORD pid; 164 | NTSTATUS status; 165 | DWORD dwLength; 166 | HMODULE hModule; 167 | HANDLE hProcess; 168 | lpfIsWow64Process fIsWow64Process; 169 | lpfNtQueryInformationProcess NtQueryInformationProcess; 170 | }; 171 | 172 | #endif // _PEB_H_ -------------------------------------------------------------------------------- /DllInjection/DllInjection/ReadMe.txt: -------------------------------------------------------------------------------- 1 | ======================================================================== 2 | CONSOLE APPLICATION : DllInjection Project Overview 3 | ======================================================================== 4 | 5 | AppWizard has created this DllInjection application for you. 6 | 7 | This file contains a summary of what you will find in each of the files that 8 | make up your DllInjection application. 9 | 10 | 11 | DllInjection.vcxproj 12 | This is the main project file for VC++ projects generated using an Application Wizard. 13 | It contains information about the version of Visual C++ that generated the file, and 14 | information about the platforms, configurations, and project features selected with the 15 | Application Wizard. 16 | 17 | DllInjection.vcxproj.filters 18 | This is the filters file for VC++ projects generated using an Application Wizard. 19 | It contains information about the association between the files in your project 20 | and the filters. This association is used in the IDE to show grouping of files with 21 | similar extensions under a specific node (for e.g. ".cpp" files are associated with the 22 | "Source Files" filter). 23 | 24 | DllInjection.cpp 25 | This is the main application source file. 26 | 27 | ///////////////////////////////////////////////////////////////////////////// 28 | Other standard files: 29 | 30 | StdAfx.h, StdAfx.cpp 31 | These files are used to build a precompiled header (PCH) file 32 | named DllInjection.pch and a precompiled types file named StdAfx.obj. 33 | 34 | ///////////////////////////////////////////////////////////////////////////// 35 | Other notes: 36 | 37 | AppWizard uses "TODO:" comments to indicate parts of the source code you 38 | should add to or customize. 39 | 40 | ///////////////////////////////////////////////////////////////////////////// 41 | -------------------------------------------------------------------------------- /DllInjection/DllInjection/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // DllInjection.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /DllInjection/DllInjection/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | #include 11 | #include 12 | 13 | 14 | 15 | // TODO: reference additional headers your program requires here 16 | -------------------------------------------------------------------------------- /DllInjection/DllInjection/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /DllInjection/TargetDll/TargetDll.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | struct sc_data_t { 5 | char libName[16]; 6 | void* ploadLibrary; 7 | UINT32 a, b, c; 8 | UINT32 reserved; 9 | }; 10 | 11 | void* FindShellcodeData() 12 | { 13 | CONTEXT Context; 14 | KNONVOLATILE_CONTEXT_POINTERS NvContext; 15 | UNWIND_HISTORY_TABLE UnwindHistoryTable; 16 | PRUNTIME_FUNCTION RuntimeFunction; 17 | PVOID HandlerData; 18 | ULONG64 EstablisherFrame; 19 | ULONG64 ImageBase; 20 | ULONG64 pData; 21 | 22 | // First, we'll get the caller's context. 23 | RtlCaptureContext(&Context); 24 | 25 | 26 | // Initialize the (optional) unwind history table. 27 | RtlZeroMemory( 28 | &UnwindHistoryTable, 29 | sizeof(UNWIND_HISTORY_TABLE)); 30 | 31 | // This unwind loop intentionally skips the first call frame, as it shall 32 | // correspond to the call to StackTrace64, which we aren't interested in. 33 | for (ULONG Frame = 0;; Frame++) { 34 | // Try to look up unwind metadata for the current function. 35 | RuntimeFunction = RtlLookupFunctionEntry( 36 | Context.Rip, 37 | &ImageBase, 38 | &UnwindHistoryTable); 39 | 40 | RtlZeroMemory( 41 | &NvContext, 42 | sizeof(KNONVOLATILE_CONTEXT_POINTERS)); 43 | 44 | if (!RuntimeFunction) { 45 | // If we don't have a RUNTIME_FUNCTION, then we've encountered 46 | // a leaf function. Adjust the stack approprately. 47 | Context.Rip = (ULONG64)(*(PULONG64)Context.Rsp); 48 | Context.Rsp += 8; 49 | } else { 50 | // Otherwise, call upon RtlVirtualUnwind to execute the unwind for us. 51 | RtlVirtualUnwind( 52 | UNW_FLAG_NHANDLER, 53 | ImageBase, 54 | Context.Rip, 55 | RuntimeFunction, 56 | &Context, 57 | &HandlerData, 58 | &EstablisherFrame, 59 | &NvContext); 60 | } 61 | 62 | // If we reach an RIP of zero, this means that we've walked off the end 63 | // of the call stack and are done. 64 | if (!Context.Rip) 65 | break; 66 | 67 | // Display the context. Note that we don't bother showing the XMM 68 | // context, although we have the nonvolatile portion of it. 69 | printf( 70 | "FRAME %02x: Rip=%p Rsp=%p Rbp=%p\n", 71 | Frame, 72 | Context.Rip, 73 | Context.Rsp, 74 | Context.Rbp); 75 | 76 | printf( 77 | "r12=%p r13=%p r14=%p\n" 78 | "rdi=%p rsi=%p rbx=%p\n" 79 | "rbp=%p rsp=%p\n", 80 | Context.R12, 81 | Context.R13, 82 | Context.R14, 83 | Context.Rdi, 84 | Context.Rsi, 85 | Context.Rbx, 86 | Context.Rbp, 87 | Context.Rsp); 88 | 89 | pData = Context.Rsp; 90 | printf("\n"); 91 | } 92 | return *((char**)(pData + 0x20)); 93 | } 94 | 95 | BOOL WINAPI DllMain( 96 | _In_ HINSTANCE hinstDLL, 97 | _In_ DWORD fdwReason, 98 | _In_ LPVOID lpvReserved) 99 | { 100 | if (fdwReason != DLL_PROCESS_ATTACH) 101 | return TRUE; 102 | 103 | sc_data_t* pData; 104 | pData = (sc_data_t*) FindShellcodeData(); 105 | pData->c = pData->a + pData->b; 106 | printf("a = %d, b = %d, c = %d, s = %s\n", pData->a, pData->b, pData->c, pData->libName); 107 | return TRUE; 108 | } -------------------------------------------------------------------------------- /DllInjection/TargetDll/TargetDll.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Debug 10 | x64 11 | 12 | 13 | Release 14 | Win32 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {D0E67905-8224-4DE3-806F-C764165FF258} 23 | Win32Proj 24 | TargetDll 25 | 26 | 27 | 28 | Application 29 | true 30 | v120 31 | Unicode 32 | 33 | 34 | DynamicLibrary 35 | true 36 | v120 37 | Unicode 38 | 39 | 40 | Application 41 | false 42 | v120 43 | true 44 | Unicode 45 | 46 | 47 | Application 48 | false 49 | v120 50 | true 51 | Unicode 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | true 72 | 73 | 74 | true 75 | 76 | 77 | false 78 | 79 | 80 | false 81 | 82 | 83 | 84 | 85 | 86 | Level3 87 | Disabled 88 | WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 89 | true 90 | 91 | 92 | Console 93 | true 94 | 95 | 96 | 97 | 98 | 99 | 100 | Level3 101 | Disabled 102 | WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 103 | true 104 | 105 | 106 | Console 107 | true 108 | 109 | 110 | 111 | 112 | Level3 113 | 114 | 115 | MaxSpeed 116 | true 117 | true 118 | WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 119 | true 120 | 121 | 122 | Console 123 | true 124 | true 125 | true 126 | 127 | 128 | 129 | 130 | Level3 131 | 132 | 133 | MaxSpeed 134 | true 135 | true 136 | WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 137 | true 138 | 139 | 140 | Console 141 | true 142 | true 143 | true 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | -------------------------------------------------------------------------------- /DllInjection/TargetDll/TargetDll.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | 14 | 15 | Source Files 16 | 17 | 18 | -------------------------------------------------------------------------------- /DllInjection/TestExe/TestExe.cpp: -------------------------------------------------------------------------------- 1 | // TestExe.cpp : Defines the entry point for the console application. 2 | // 3 | 4 | #include 5 | #include 6 | 7 | int _tmain(int argc, _TCHAR* argv[]) 8 | { 9 | //while (true); 10 | _tprintf(_T("Hello from TestExe.exe! \n")); 11 | return 0; 12 | } 13 | 14 | -------------------------------------------------------------------------------- /DllInjection/TestExe/TestExe.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Debug 10 | x64 11 | 12 | 13 | Release 14 | Win32 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {B3937D42-3800-47B7-B7E2-C4E7D8A1D215} 23 | Win32Proj 24 | TestExe 25 | 26 | 27 | 28 | Application 29 | true 30 | v120 31 | Unicode 32 | 33 | 34 | Application 35 | true 36 | v120 37 | Unicode 38 | 39 | 40 | Application 41 | false 42 | v120 43 | true 44 | Unicode 45 | 46 | 47 | Application 48 | false 49 | v120 50 | true 51 | Unicode 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | true 71 | 72 | 73 | true 74 | 75 | 76 | false 77 | 78 | 79 | false 80 | 81 | 82 | 83 | NotUsing 84 | Level3 85 | Disabled 86 | WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 87 | true 88 | 89 | 90 | Console 91 | true 92 | 93 | 94 | 95 | 96 | NotUsing 97 | Level3 98 | Disabled 99 | WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 100 | true 101 | 102 | 103 | Console 104 | true 105 | 106 | 107 | 108 | 109 | Level3 110 | Use 111 | MaxSpeed 112 | true 113 | true 114 | WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 115 | true 116 | 117 | 118 | Console 119 | true 120 | true 121 | true 122 | 123 | 124 | 125 | 126 | Level3 127 | Use 128 | MaxSpeed 129 | true 130 | true 131 | WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 132 | true 133 | 134 | 135 | Console 136 | true 137 | true 138 | true 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | -------------------------------------------------------------------------------- /DllInjection/TestExe/TestExe.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | 14 | 15 | Source Files 16 | 17 | 18 | -------------------------------------------------------------------------------- /DllInjection/shellcode/main.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | int* min2(int, int); 9 | 10 | char ar[] = { 1, 2, 3 }; 11 | 12 | struct sc_data_t { 13 | char libName[16]; 14 | void* ploadLibrary; 15 | UINT32 a, b, c; 16 | UINT32 reserved; 17 | }; 18 | 19 | int _tmain(int argc, _TCHAR* argv[]) 20 | { 21 | UINT8* p = min2; 22 | int offset = ((int*)(&p[1]))[0]; 23 | p = p + offset + 5; 24 | do { 25 | printf("0x%x, ", *p); 26 | p++; 27 | } while (*p != 0xC3); 28 | do { 29 | printf("0x%x, ", *p); 30 | p++; 31 | } while (*p != 0xC3); 32 | printf("0x%x, ", *p); 33 | 34 | printf("\n"); 35 | getchar(); 36 | LoadLibraryA("keyiso.dll"); 37 | return 0; 38 | } 39 | -------------------------------------------------------------------------------- /DllInjection/shellcode/shell.asm: -------------------------------------------------------------------------------- 1 | ;.686 2 | ;.MODEL FLAT 3 | ;.STACK 4 | ;.DATA 5 | .CODE 6 | 7 | ; ecx - 1 arg 8 | ; edx - 2 arg 9 | ; eax - return value 10 | 11 | min2 PROC 12 | ; mov eax, ecx 13 | ; cmp ecx, edx 14 | ; cmovg eax, edx ; predicative exec 15 | ; lea eax, [eip] 16 | nop 17 | nop 18 | nop 19 | nop 20 | nop 21 | nop 22 | nop 23 | nop 24 | nop 25 | nop 26 | nop 27 | nop 28 | nop 29 | nop 30 | nop 31 | nop 32 | nop 33 | nop 34 | nop 35 | nop 36 | nop 37 | nop 38 | nop 39 | nop 40 | nop 41 | nop 42 | nop 43 | nop 44 | nop 45 | nop 46 | nop 47 | nop 48 | nop 49 | nop 50 | nop 51 | nop 52 | nop 53 | nop 54 | nop 55 | nop 56 | call test_addr 57 | mov r12, rsp 58 | sub rsp, 28h 59 | and rsp, 0fffffffffffffff0h 60 | push rbx 61 | sub rax, 40 62 | push rax 63 | mov rcx, rax 64 | mov rdx, [rax + 16] 65 | sub rsp, 20h 66 | call rdx 67 | add rsp, 20h 68 | pop rbx 69 | pop rbx 70 | mov rsp, r12 71 | ret 72 | test_addr: 73 | mov rax, [rsp] 74 | sub rax, 5 75 | ret 76 | min2 ENDP 77 | 78 | PUBLIC min2 79 | 80 | END -------------------------------------------------------------------------------- /DllInjection/shellcode/shellcode.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Debug 10 | x64 11 | 12 | 13 | Release 14 | Win32 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {CB4002A5-1667-4BDF-A683-FB8528046503} 23 | shellcode 24 | 25 | 26 | 27 | Application 28 | true 29 | v120 30 | MultiByte 31 | 32 | 33 | Application 34 | true 35 | v120 36 | MultiByte 37 | 38 | 39 | Application 40 | false 41 | v120 42 | true 43 | MultiByte 44 | 45 | 46 | Application 47 | false 48 | v120 49 | true 50 | MultiByte 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | Level3 73 | Disabled 74 | true 75 | 76 | 77 | true 78 | 79 | 80 | 81 | 82 | Level3 83 | Disabled 84 | true 85 | 86 | 87 | true 88 | 89 | 90 | 91 | 92 | Level3 93 | MaxSpeed 94 | true 95 | true 96 | true 97 | 98 | 99 | true 100 | true 101 | true 102 | 103 | 104 | 105 | 106 | Level3 107 | MaxSpeed 108 | true 109 | true 110 | true 111 | 112 | 113 | true 114 | true 115 | true 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | Document 124 | 125 | 126 | 127 | 128 | 129 | 130 | -------------------------------------------------------------------------------- /DllInjection/shellcode/shellcode.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Файлы исходного кода 20 | 21 | 22 | 23 | 24 | Файлы исходного кода 25 | 26 | 27 | -------------------------------------------------------------------------------- /PeDump/PeDump.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 2013 4 | VisualStudioVersion = 12.0.21005.1 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "PeDump", "PeDump\PeDump.vcxproj", "{7DCE2011-3E27-480F-9334-38552120C154}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Win32 = Debug|Win32 11 | Debug|x64 = Debug|x64 12 | Release|Win32 = Release|Win32 13 | Release|x64 = Release|x64 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {7DCE2011-3E27-480F-9334-38552120C154}.Debug|Win32.ActiveCfg = Debug|Win32 17 | {7DCE2011-3E27-480F-9334-38552120C154}.Debug|Win32.Build.0 = Debug|Win32 18 | {7DCE2011-3E27-480F-9334-38552120C154}.Debug|x64.ActiveCfg = Debug|x64 19 | {7DCE2011-3E27-480F-9334-38552120C154}.Debug|x64.Build.0 = Debug|x64 20 | {7DCE2011-3E27-480F-9334-38552120C154}.Release|Win32.ActiveCfg = Release|Win32 21 | {7DCE2011-3E27-480F-9334-38552120C154}.Release|Win32.Build.0 = Release|Win32 22 | {7DCE2011-3E27-480F-9334-38552120C154}.Release|x64.ActiveCfg = Release|x64 23 | {7DCE2011-3E27-480F-9334-38552120C154}.Release|x64.Build.0 = Release|x64 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | EndGlobal 29 | -------------------------------------------------------------------------------- /PeDump/PeDump/Mapper.cpp: -------------------------------------------------------------------------------- 1 | #include "stdafx.h" 2 | #include "Mapper.h" 3 | 4 | Mapper::Mapper(TCHAR* fileName) : 5 | m_hFile(0), 6 | m_hMapFile(0), 7 | m_lpMapAddress(NULL), 8 | m_isMapperInited(false), 9 | m_isMapped(false) 10 | { 11 | m_hFile = CreateFile(fileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_SEQUENTIAL_SCAN, NULL); 12 | if (INVALID_HANDLE_VALUE == m_hFile) { 13 | _tprintf(TEXT("Mapping - CreateFile with error %d \n"), GetLastError()); 14 | goto err0; 15 | } 16 | 17 | m_hMapFile = CreateFileMapping(m_hFile, NULL, PAGE_READONLY, 0, 0, NULL); 18 | if (INVALID_HANDLE_VALUE == m_hMapFile) { 19 | _tprintf(TEXT("Mapping - CreateFileMapping with error %d \n"), GetLastError()); 20 | goto err1; 21 | } 22 | 23 | m_isMapperInited = true; 24 | return; 25 | 26 | err1: 27 | CloseHandle(m_hFile); 28 | err0: 29 | return; 30 | } 31 | 32 | Mapper::~Mapper() 33 | { 34 | if (!m_isMapperInited) 35 | return; 36 | 37 | UnmapFile(); 38 | CloseHandle(m_hMapFile); 39 | CloseHandle(m_hFile); 40 | } 41 | 42 | bool Mapper::MapFile(DWORD accessType, DWORD offsetHigh, 43 | DWORD offsetLow, SIZE_T bytesNumber) 44 | { 45 | if (!m_isMapperInited) { 46 | _tprintf(TEXT("Mapping - mapper not inited \n")); 47 | return false; 48 | } 49 | 50 | if (m_isMapped) { 51 | _tprintf(TEXT("Mapping - some part is already mapped \n")); 52 | return false; 53 | } 54 | 55 | m_lpMapAddress = MapViewOfFile(m_hMapFile, accessType, offsetHigh, offsetLow, bytesNumber); 56 | if (NULL == m_lpMapAddress) { 57 | _tprintf(TEXT("Mapping - MapViewOfFile with error %d \n"), GetLastError()); 58 | goto err; 59 | } 60 | 61 | _tprintf(TEXT("Mapping succeeded \n")); 62 | m_isMapped = true; 63 | return true; 64 | 65 | err: 66 | return false; 67 | } 68 | 69 | bool Mapper::UnmapFile() 70 | { 71 | if (!m_isMapped) 72 | return true; 73 | 74 | UnmapViewOfFile(m_lpMapAddress); 75 | m_isMapped = false; 76 | return true; 77 | } 78 | 79 | char* Mapper::GetMapAddress() 80 | { 81 | return m_isMapped ? (char*)m_lpMapAddress : NULL; 82 | } 83 | -------------------------------------------------------------------------------- /PeDump/PeDump/Mapper.h: -------------------------------------------------------------------------------- 1 | #ifndef _MAPPER_H_ 2 | #define _MAPPER_H_ 3 | 4 | #include 5 | 6 | class Mapper 7 | { 8 | public: 9 | Mapper(TCHAR* fileName); 10 | ~Mapper(); 11 | 12 | // defaults params for readonly mapping full file 13 | bool MapFile(DWORD accessType = FILE_MAP_READ, 14 | DWORD offsetHigh = 0, 15 | DWORD offsetLow = 0, 16 | SIZE_T bytesNumber = 0); 17 | bool UnmapFile(); 18 | char* GetMapAddress(); 19 | 20 | private: 21 | HANDLE m_hFile; 22 | HANDLE m_hMapFile; 23 | LPVOID m_lpMapAddress; 24 | bool m_isMapperInited; 25 | bool m_isMapped; 26 | }; 27 | 28 | #endif // _MAPPER_H_ -------------------------------------------------------------------------------- /PeDump/PeDump/PeDump.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mvilkin/system_programming/08d3095a923bf2ced6cb9997a37fd3efb60ab0f7/PeDump/PeDump/PeDump.cpp -------------------------------------------------------------------------------- /PeDump/PeDump/PeDump.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Debug 10 | x64 11 | 12 | 13 | Release 14 | Win32 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {7DCE2011-3E27-480F-9334-38552120C154} 23 | Win32Proj 24 | PeDump 25 | 26 | 27 | 28 | Application 29 | true 30 | v120 31 | Unicode 32 | 33 | 34 | Application 35 | true 36 | v120 37 | Unicode 38 | 39 | 40 | Application 41 | false 42 | v120 43 | true 44 | Unicode 45 | 46 | 47 | Application 48 | false 49 | v120 50 | true 51 | Unicode 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | true 71 | 72 | 73 | true 74 | 75 | 76 | false 77 | 78 | 79 | false 80 | 81 | 82 | 83 | Use 84 | Level3 85 | Disabled 86 | WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 87 | 88 | 89 | Console 90 | true 91 | 92 | 93 | 94 | 95 | Use 96 | Level3 97 | Disabled 98 | WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 99 | 100 | 101 | Console 102 | true 103 | kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) 104 | 105 | 106 | 107 | 108 | Level3 109 | Use 110 | MaxSpeed 111 | true 112 | true 113 | WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 114 | 115 | 116 | Console 117 | true 118 | true 119 | true 120 | 121 | 122 | 123 | 124 | Level3 125 | Use 126 | MaxSpeed 127 | true 128 | true 129 | WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) 130 | 131 | 132 | Console 133 | true 134 | true 135 | true 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | Create 151 | Create 152 | Create 153 | Create 154 | 155 | 156 | 157 | 158 | 159 | -------------------------------------------------------------------------------- /PeDump/PeDump/PeDump.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | Заголовочные файлы 23 | 24 | 25 | Заголовочные файлы 26 | 27 | 28 | Заголовочные файлы 29 | 30 | 31 | 32 | 33 | Файлы исходного кода 34 | 35 | 36 | Файлы исходного кода 37 | 38 | 39 | Файлы исходного кода 40 | 41 | 42 | -------------------------------------------------------------------------------- /PeDump/PeDump/ReadMe.txt: -------------------------------------------------------------------------------- 1 | ======================================================================== 2 | КОНСОЛЬНОЕ ПРИЛОЖЕНИЕ. Обзор проекта PeDump 3 | ======================================================================== 4 | 5 | Это приложение PeDump создано автоматически с помощью мастера приложений. 6 | 7 | В этом файле представлена сводка содержимого всех файлов, входящих в состав приложения PeDump. 8 | 9 | 10 | PeDump.vcxproj 11 | Это основной файл проекта VC++, создаваемый с помощью мастера приложений. Он содержит данные о версии языка Visual C++, использованной для создания файла, а также сведения о платформах, конфигурациях и функциях проекта, выбранных с помощью мастера приложений. 12 | 13 | PeDump.vcxproj.filters 14 | Это файл фильтров для проектов VC++, созданный с помощью мастера приложений. Он содержит сведения о сопоставлениях между файлами в вашем проекте и фильтрами. Эти сопоставления используются в среде IDE для группировки файлов с одинаковыми расширениями в одном узле (например CPP-файлы сопоставляются с фильтром "Исходные файлы"). 15 | 16 | PeDump.cpp 17 | Это основной исходный файл приложения. 18 | 19 | ///////////////////////////////////////////////////////////////////////////// 20 | Другие стандартные файлы: 21 | 22 | StdAfx.h, StdAfx.cpp 23 | Эти файлы используются для построения файла предкомпилированного заголовка (PCH) с именем PeDump.pch и файла предкомпилированных типов с именем StdAfx.obj. 24 | 25 | ///////////////////////////////////////////////////////////////////////////// 26 | Прочие примечания. 27 | 28 | С помощью комментариев «TODO:» в мастере приложений обозначаются фрагменты исходного кода, которые необходимо дополнить или изменить. 29 | 30 | ///////////////////////////////////////////////////////////////////////////// 31 | -------------------------------------------------------------------------------- /PeDump/PeDump/stdafx.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mvilkin/system_programming/08d3095a923bf2ced6cb9997a37fd3efb60ab0f7/PeDump/PeDump/stdafx.cpp -------------------------------------------------------------------------------- /PeDump/PeDump/stdafx.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mvilkin/system_programming/08d3095a923bf2ced6cb9997a37fd3efb60ab0f7/PeDump/PeDump/stdafx.h -------------------------------------------------------------------------------- /PeDump/PeDump/targetver.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mvilkin/system_programming/08d3095a923bf2ced6cb9997a37fd3efb60ab0f7/PeDump/PeDump/targetver.h -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # system_programming --------------------------------------------------------------------------------