moon-driver-utils 0.1.0

Windows Kernel Utils
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

use core::ffi::c_void;

use wdk::println;
use wdk_sys::ntddk::{memcpy, MmIsAddressValid};

use crate::slib::distorm35::DisassembleInstruction;

#[derive(Debug)]
pub struct AssemblyError {}

pub fn search_4bit_on_5bit_insrtuction(
    target_address: *mut c_void,
    p1: u8,
    max_length: u32,
    index: usize,
) -> Result<u64, AssemblyError> {
    let binary_code = 0u32;

    let mut address: *mut u8 = target_address as _;

    let end = unsafe { target_address.add(max_length as _) as _ };

    let mut i = 1;
    while address < end {
        if unsafe { MmIsAddressValid(address as _) == 0 } {
            return Err(AssemblyError {});
        }

        let ins_length = unsafe { DisassembleInstruction(address as _) };
        if ins_length <= 0 {
            println!("search_4bit_on_5bit_insrtuction ins_length < 0");
            return Err(AssemblyError {});
        }

        if ins_length == 5 {
            unsafe {
                if *address == p1 {
                    if i < index {
                        i += 1;
                    } else {
                        memcpy(&binary_code as *const _ as _, address.add(1) as _, 4);
                        let r = calc_address(address as _, binary_code) + 5;
                        return Ok(r);
                    }
                }
            }
        }

        address = unsafe { address.add(ins_length as _) };
    }

    println!("search_4bit_on_5bit_insrtuction not find");
    Err(AssemblyError {})
}

pub fn search_4bit_on_7bit_insrtuction(
    target_address: *mut c_void,
    p1: u8,
    p2: u8,
    p3: u8,
    max_length: u32,
) -> Result<u64, AssemblyError> {
    let binary_code = 0u32;

    let mut address: *mut u8 = target_address as _;

    let end = unsafe { target_address.add(max_length as _) as _ };
    while address < end {
        let ins_length = unsafe { DisassembleInstruction(address as _) };
        if ins_length <= 0 {
            return Err(AssemblyError {});
        }

        if ins_length == 7 {
            unsafe {
                if *address == p1 && *address.add(1) == p2 && *address.add(2) == p3 {
                    memcpy(&binary_code as *const _ as _, address.add(3) as _, 4);
                    let r = calc_address(address as _, binary_code) + 7;
                    return Ok(r);
                }
            }
        }

        address = unsafe { address.add(ins_length as _) };
    }

    Err(AssemblyError {})
}

// todo
pub fn calc_address(ins_address: *mut c_void, binary_code: u32) -> u64 {
    let address = ins_address as u64;
    let hight = address & 0xffffffff00000000;
    let lower = address as u32;

    let lower = (lower as u64 + binary_code as u64) as u32;
    let r = hight + lower as u64;
    r
}