admin/driverMapper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8/2/2024

Browse Source
This commit is contained in:
ENV
2024-08-02 13:27:27 -07:00
parent 5aaeb37042
commit 589c4d57cd
33 changed files with 2059 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

133
Signature/Scanner.cpp Normal file
View File

@@ -0,0 +1,133 @@
#include "Scanner.h"
namespace scanner
{
std::vector<std::optional<uint8_t>> parse_ida_signature(const char* sig) {
std::vector<std::optional<uint8_t>> bytes;
std::stringstream ss(sig);
while (!ss.eof()) {
std::string byte_str;
ss >> byte_str;
if (byte_str == "?" || byte_str == "??") {
bytes.push_back(std::nullopt);
continue;
}
if (byte_str.length() != 2) {
throw std::runtime_error("Invalid byte in IDA signature: " + byte_str);
}
char* end;
long value = strtol(byte_str.c_str(), &end, 16);
if (*end != '\0') {
throw std::runtime_error("Invalid byte in IDA signature: " + byte_str);
}
bytes.push_back(static_cast<uint8_t>(value));
}
return bytes;
}
pattern::pattern(const std::string& module) : m_module(module.c_str()), m_module_name(module), m_result(0, (uintptr_t)0)
{
m_module_handle = LoadLibraryA(m_module_name.c_str());
if (m_module_handle == nullptr) {
throw std::runtime_error("Could not find module: " + m_module_name);
}
MODULEINFO mi = { 0 };
if (!GetModuleInformation(GetCurrentProcess(), m_module_handle, &mi, sizeof(mi))) {
throw std::runtime_error("Could not get module information");
}
m_module_size = mi.SizeOfImage;
}
pattern::~pattern()
{
if (m_module_handle) FreeLibrary(m_module_handle);
}
pattern& pattern::scan_now(const char* sig_name, const char* ida_sig, const char* section_name)
{
auto signature = parse_ida_signature(ida_sig);
std::uintptr_t base_address = reinterpret_cast<std::uintptr_t>(m_module_handle);
std::size_t sig_size = signature.size();
std::uintptr_t end_address = base_address + m_module_size - sig_size;
std::array<int, 256> bad_char;
for (int i = 0; i < 256; ++i) {
bad_char[i] = sig_size;
}
for (int i = 0; i < sig_size - 1; ++i) {
if (signature[i].has_value()) {
bad_char[signature[i].value()] = sig_size - i - 1;
}
else {
for (int j = 0; j < 256; ++j) {
bad_char[j] = min(bad_char[j], sig_size - i - 1);
}
}
}
std::uintptr_t i = 0;
if (section_name == nullptr) i = base_address + sig_size - 1;
else
{
PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)base_address;
PIMAGE_NT_HEADERS pNtHeaders = (PIMAGE_NT_HEADERS)((LPBYTE)base_address + pDosHeader->e_lfanew);
PIMAGE_SECTION_HEADER pSectionHeader = IMAGE_FIRST_SECTION(pNtHeaders);
LPVOID lpFoundAddress = NULL;
for (WORD j = 0; j < pNtHeaders->FileHeader.NumberOfSections; j++)
{
if (strcmp((CHAR*)pSectionHeader[j].Name, section_name) == 0)
{
lpFoundAddress = (LPVOID)((LPBYTE)base_address + pSectionHeader[j].VirtualAddress);
i = (uintptr_t)lpFoundAddress + sig_size - 1;
SIZE_T dwSectionSize = pSectionHeader[j].Misc.VirtualSize;
end_address = (uintptr_t)lpFoundAddress + dwSectionSize - sig_size;
break;
}
}
if (lpFoundAddress == NULL)
{
throw std::runtime_error(std::string("Section ") + section_name + " not found!");
}
}
while (i < end_address) {
int j = sig_size - 1;
while (j >= 0) {
if (signature[j].has_value() && signature[j].value() != *reinterpret_cast<uint8_t*>(i - sig_size + j + 1))
break;
--j;
}
if (j < 0) {
m_result = handle(i - sig_size + 1, (uintptr_t)m_module_handle);
return *this;
}
i += max(bad_char[*reinterpret_cast<uint8_t*>(i)], static_cast<int>(sig_size - j - 1));
}
m_result = handle(0, (uintptr_t)m_module_handle);
return *this;
}
handle pattern::get_result()
{
return m_result;
}
}

103
Signature/Scanner.h Normal file
View File

@@ -0,0 +1,103 @@
#pragma once
// IDA search pattern library
// 4l3x777
#include <cstdint>
#include <string>
#include <Windows.h>
#include <Psapi.h>
#include <vector>
#include <optional>
#include <sstream>
#include <array>
namespace scanner
{
class handle {
public:
handle() = default;
explicit handle(uintptr_t address, uintptr_t module_handle) : m_address(address), m_module_handle(module_handle) {}
template <typename T>
T as() const {
return reinterpret_cast<T>(m_address);
}
handle add(uintptr_t offset) const {
if (m_address != 0)
{
return handle(m_address + offset, m_module_handle);
}
return *this;
}
handle sub(uintptr_t offset) const {
if (m_address != 0)
{
return handle(m_address - offset, m_module_handle);
}
return *this;
}
handle rip() const {
if (m_address != 0)
{
auto offset = *as<int32_t*>();
return add(offset + sizeof(int32_t));
}
return *this;
}
template <typename T>
T get_base() const {
return reinterpret_cast<T>(m_module_handle);
}
private:
uintptr_t m_address = 0;
uintptr_t m_module_handle = 0;
};
class _module {
public:
_module(const char* module) : m_module(module)
{
m_module_handle = LoadLibraryA(m_module);
}
handle get_export(const char* func)
{
return handle((std::uintptr_t)GetProcAddress(m_module_handle, func), (std::uintptr_t)m_module_handle);
}
HMODULE get_handle()
{
return m_module_handle;
}
private:
const char* m_module;
HMODULE m_module_handle;
};
class pattern {
public:
pattern(const std::string& module);
~pattern() noexcept;
pattern& scan_now(const char* sig_name, const char* ida_sig, const char* section_name = nullptr);
handle get_result();
private:
std::string m_module_name;
_module m_module;
size_t m_module_size;
HMODULE m_module_handle;
handle m_result;
};
}