本文整理汇总了C++中MmIsAddressValid函数的典型用法代码示例。如果您正苦于以下问题:C++ MmIsAddressValid函数的具体用法?C++ MmIsAddressValid怎么用?C++ MmIsAddressValid使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了MmIsAddressValid函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的C++代码示例。
示例1: GetKeServiceDescriptorTableShadow64
ULONGLONG GetKeServiceDescriptorTableShadow64()
{
#if 1
PUCHAR StartSearchAddress = (PUCHAR)__readmsr(0xC0000082);
PUCHAR EndSearchAddress = StartSearchAddress + 0x500;
PUCHAR i = NULL;
UCHAR b1=0,b2=0,b3=0;
ULONG templong=0;
ULONGLONG addr=0;
#if DBG
//SetSoftBreakPoint();
#endif
for(i=StartSearchAddress;i<EndSearchAddress;i++)
{
if( MmIsAddressValid(i) && MmIsAddressValid(i+1) && MmIsAddressValid(i+2) )
{
b1=*i;
b2=*(i+1);
b3=*(i+2);
if( b1==0x4c && b2==0x8d && b3==0x1d ) //4c8d1d
{
memcpy(&templong,i+3,4);
addr = (ULONGLONG)templong + (ULONGLONG)i + 7;
return addr;
}
}
}
#endif
return 0;
}
开发者ID:moon-sky,项目名称:fishjam-template-library,代码行数:31,代码来源:KernelHookAPIHelper.c
示例2: GetKeServiceDescriptorTable
VOID
GetKeServiceDescriptorTable()
{
PUCHAR StartSearchAddress = (PUCHAR)__readmsr(0xC0000082);
PUCHAR EndSearchAddress = StartSearchAddress + 0x500;
PUCHAR i = NULL;
UCHAR b1 = 0, b2 = 0, b3 = 0;
ULONG templong = 0;
ULONGLONG addr = 0;
for (i = StartSearchAddress; i<EndSearchAddress; i++)
{
if (MmIsAddressValid(i) && MmIsAddressValid(i + 1) && MmIsAddressValid(i + 1))
{
b1 = *i;
b2 = *(i + 1);
b3 = *(i + 2);
if (b1 == 0x4c && b2 == 0x8d && b3 == 0x15) //4c8d15
{
memcpy(&templong, i + 3, 4);
addr = (ULONGLONG)templong + (ULONGLONG)i + 7;
KeServiceDescriptortable = addr;
return;
}
}
}
KeServiceDescriptortable = 0;
return;
}
开发者ID:raynoldfeng,项目名称:anti-protector,代码行数:30,代码来源:Helper.c
示例3: XpGetRegisterCallbackCookie
LARGE_INTEGER XpGetRegisterCallbackCookie(ULONG Address)
{
LARGE_INTEGER Cookie;
ULONG Temp = 0;
ULONG Item = 0;
Cookie.QuadPart = 0;
if (Address && MmIsAddressValid((PVOID)Address))
{
Item = Address & 0xFFFFFFF8;
if (MmIsAddressValid((PVOID)Item) &&
MmIsAddressValid((PVOID)(Item + 8)))
{
Temp = *(PULONG)(Item + 8);
if (MmIsAddressValid((PVOID)Temp))
{
Cookie.LowPart = *(PULONG)Temp;
Cookie.HighPart = *(PULONG)(Temp + sizeof(ULONG));
}
}
}
return Cookie;
}
开发者ID:ChengChengCC,项目名称:Ark-tools,代码行数:30,代码来源:CallBack.c
示例4: GetDpcTimerInformation_x64
NTSTATUS GetDpcTimerInformation_x64(PDPC_TIMER_INFOR DpcTimerInfor)
{
ULONG CPUNumber = KeNumberProcessors; //系统变量
PUCHAR CurrentKPRCBAddress = NULL;
PUCHAR CurrentTimerTableEntry = NULL;
PLIST_ENTRY CurrentEntry = NULL;
PLIST_ENTRY NextEntry = NULL;
PULONG64 KiWaitAlways = NULL;
PULONG64 KiWaitNever = NULL;
int i = 0;
int j = 0;
int n = 0;
PKTIMER Timer;
typedef struct _KTIMER_TABLE_ENTRY
{
ULONG64 Lock;
LIST_ENTRY Entry;
ULARGE_INTEGER Time;
} KTIMER_TABLE_ENTRY, *PKTIMER_TABLE_ENTRY;
for(j=0; j<CPUNumber; j++)
{
KeSetSystemAffinityThread(j+1); //使当前线程运行在第一个处理器上
CurrentKPRCBAddress=(PUCHAR)__readmsr(0xC0000101) + 0x20;
KeRevertToUserAffinityThread(); //恢复线程运行的处理器
CurrentTimerTableEntry=(PUCHAR)(*(ULONG64*)CurrentKPRCBAddress + 0x2200 + 0x200);
FindKiWaitFunc(&KiWaitNever,&KiWaitAlways); //找KiWaitAlways 函数的地址
for(i=0; i<0x100; i++)
{
CurrentEntry = (PLIST_ENTRY)(CurrentTimerTableEntry + sizeof(KTIMER_TABLE_ENTRY) * i + 8);
NextEntry = CurrentEntry->Blink;
if( MmIsAddressValid(CurrentEntry) && MmIsAddressValid(CurrentEntry) )
{
while( NextEntry != CurrentEntry )
{
PKDPC RealDpc;
//获得首地址
Timer = CONTAINING_RECORD(NextEntry,KTIMER,TimerListEntry);
RealDpc=TransTimerDpcEx(Timer,*KiWaitNever,*KiWaitAlways);
if( MmIsAddressValid(Timer)&&MmIsAddressValid(RealDpc)&&MmIsAddressValid(RealDpc->DeferredRoutine))
{
if (DpcTimerInfor->ulCnt > DpcTimerInfor->ulRetCnt)
{
DpcTimerInfor->DpcTimer[n].Dpc = (ULONG64)RealDpc;
DpcTimerInfor->DpcTimer[n].Period = Timer->Period;
DpcTimerInfor->DpcTimer[n].TimeDispatch = (ULONG64)RealDpc->DeferredRoutine;
DpcTimerInfor->DpcTimer[n].TimerObject = (ULONG64)Timer;
n++;
}
DpcTimerInfor->ulRetCnt++;
}
NextEntry = NextEntry->Blink;
}
}
}
}
}
开发者ID:ChengChengCC,项目名称:Ark-tools,代码行数:58,代码来源:DpcTimerDrv.c
示例5: dtrace_fuword64
uint64_t
dtrace_fuword64(void *uaddr)
{
if ((uintptr_t)uaddr >= (uintptr_t)MM_HIGHEST_USER_ADDRESS ||
(uintptr_t)uaddr <= (uintptr_t) MM_LOWEST_USER_ADDRESS ||
MmIsAddressValid((PVOID) uaddr) == 0 ||
MmIsAddressValid((PVOID) ((UINT_PTR) uaddr + 7)) == 0) {
DTRACE_CPUFLAG_SET(CPU_DTRACE_BADADDR);
cpu_core[KeGetCurrentProcessorNumber()].cpuc_dtrace_illval = (uintptr_t)uaddr;
return (0);
}
return (dtrace_fuword64_nocheck(uaddr));
}
开发者ID:KnowNo,项目名称:DTrace-win32,代码行数:13,代码来源:dtrace_isa.c
示例6: GetVADName
PUNICODE_STRING GetVADName(PMMVAD pVad)
{
PFILE_OBJECT pFileObject = NULL;
pFileObject = GetFileObject(pVad);
if (MmIsAddressValid((PULONG)pFileObject) == FALSE)
return NULL;
if (MmIsAddressValid((PULONG)((PUCHAR)&pFileObject->FileName)) == FALSE)
return NULL;
/* IoQueryFileDosDeviceName */
return &pFileObject->FileName;
}
开发者ID:burluckij,项目名称:unhooker,代码行数:14,代码来源:memapi.c
示例7:
IMAGE_DOS_HEADER *KernelGetModuleBaseByPtr(IN void *in_section,
IN void *exported_name) {
unsigned char *p;
IMAGE_DOS_HEADER *dos;
IMAGE_NT_HEADERS *nt;
int count = 0;
p = (unsigned char *)((uintptr_t)in_section & ~(PAGE_SIZE-1));
for(;p;p -= PAGE_SIZE) {
count ++;
// Dont go back too far.
if (count > 0x800) {
return NULL;
};
__try {
dos = (IMAGE_DOS_HEADER *)p;
// If this address is not mapped in, there will be a BSOD
// PAGE_FAULT_IN_NONPAGED_AREA so we check first.
if(!MmIsAddressValid(dos)) {
continue;
}
if(dos->e_magic != 0x5a4d) // MZ
continue;
nt = (IMAGE_NT_HEADERS *)((uintptr_t)dos + dos->e_lfanew);
if((uintptr_t)nt >= (uintptr_t)in_section)
continue;
if((uintptr_t)nt <= (uintptr_t)dos)
continue;
if(!MmIsAddressValid(nt)) {
continue;
}
if(nt->Signature != 0x00004550) // PE
continue;
break;
// Ignore potential errors.
} __except(EXCEPTION_CONTINUE_EXECUTION) {}
}
return dos;
}
开发者ID:453483289,项目名称:rekall,代码行数:50,代码来源:kd.c
示例8: KernelKillThreadRoutine
VOID KernelKillThreadRoutine(
__in PKAPC Apc,
__in __out PKNORMAL_ROUTINE* NormalRoutine,
__in __out PVOID* NormalContext,
__in __out PVOID* SystemArgument1,
__in __out PVOID* SystemArgument2
)
{
PULONG ThreadFlags = NULL;
UNREFERENCED_PARAMETER(Apc);
UNREFERENCED_PARAMETER(NormalRoutine);
UNREFERENCED_PARAMETER(NormalContext);
UNREFERENCED_PARAMETER(SystemArgument1);
UNREFERENCED_PARAMETER(SystemArgument2);
BDKitFreePool(Apc);
//ETHREAD中CrossThreadFlags的偏移量为0x248
ThreadFlags=(PULONG)((ULONG)PsGetCurrentThread()+0x248);
if( MmIsAddressValid(ThreadFlags) )
{
*ThreadFlags |= PS_CROSS_THREAD_FLAGS_SYSTEM;
//(*PspExitThread_XP)(STATUS_SUCCESS);//PspExitThread不可用,需要自己定位
PsTerminateSystemThread (STATUS_SUCCESS);
}
}
开发者ID:ohio813,项目名称:BDArkit,代码行数:27,代码来源:BDKitKillProcess.c
示例9: GetControlArea
PCONTROL_AREA GetControlArea(PMMVAD pVad)
{
if (MmIsAddressValid(pVad) == FALSE || pVad == NULL)
return NULL;
return (PCONTROL_AREA)pVad->ControlArea;
}
开发者ID:burluckij,项目名称:unhooker,代码行数:7,代码来源:memapi.c
示例10: MmIsNonPagedSystemAddressValid
/*
* @unimplemented
*/
BOOLEAN
NTAPI
MmIsNonPagedSystemAddressValid(IN PVOID VirtualAddress)
{
DPRINT1("WARNING: %s returns bogus result\n", __FUNCTION__);
return MmIsAddressValid(VirtualAddress);
}
开发者ID:HBelusca,项目名称:NasuTek-Odyssey,代码行数:10,代码来源:mmsup.c
示例11: getAddressOfShadowTable
unsigned int getAddressOfShadowTable()
{
unsigned int i;
unsigned char *p;
unsigned int dwordatbyte;
p = (unsigned char*) KeAddSystemServiceTable;
for(i = 0; i < 4096; i++, p++)
{
__try
{
dwordatbyte = *(unsigned int*)p;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return 0;
}
if(MmIsAddressValid((PVOID)dwordatbyte))
{
if(memcmp((PVOID)dwordatbyte, &KeServiceDescriptorTable, 16) == 0)
{
if((PVOID)dwordatbyte == &KeServiceDescriptorTable)
{
continue;
}
return dwordatbyte;
}
}
}
return 0;
}
开发者ID:340211173,项目名称:Gold,代码行数:35,代码来源:Just.c
示例12: HelpMapMMIOSpace
// HelpMapMMIOSpace: Map MMIO space
bool HelpMapMMIOSpace(
uint64 address, // IN
size_t size, // IN
uint64* mappedAddress, // OUT
uint64* mappedSize) // OUT
{
bool result = false;
void* pLinearAddress = NULL;
PHYSICAL_ADDRESS physicalAddress;
ResetPoolMemory(&physicalAddress, sizeof(PHYSICAL_ADDRESS));
physicalAddress.QuadPart = address;
pLinearAddress = static_cast<PUCHAR>(MmMapIoSpace(physicalAddress, size, MmNonCached));
if (NULL != pLinearAddress)
{
if (MmIsAddressValid(pLinearAddress))
{
*mappedAddress = reinterpret_cast<uint64>(pLinearAddress);
*mappedSize = size;
result = true;
}
else
{
MmUnmapIoSpace(pLinearAddress, size);
}
}
return result;
}
开发者ID:PlusChie,项目名称:CodeXL,代码行数:32,代码来源:AMDTHelpers.cpp
示例13: GetAddressOfShadowTable
ULONG GetAddressOfShadowTable()
{
ULONG uAddress = 0;
ULONG i = 0;
PULONG pAddress = (PULONG)KeAddSystemServiceTable;
for (i = 0; i < 4096; i++, pAddress++)
{
__try
{
uAddress = *pAddress;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return 0;
}
if (MmIsAddressValid((PVOID)uAddress))
{
if (RtlEqualMemory((PVOID)uAddress, &KeServiceDescriptorTable, sizeof(ULONG)))
{
if ((PVOID)uAddress == &KeServiceDescriptorTable)
{
continue;
}
return uAddress;
}
}
}
return 0;
}
开发者ID:awendemo,项目名称:SSDT-Hook,代码行数:32,代码来源:ShadowHook.c
示例14: HookByInline
BOOLEAN HookByInline(ULONG target, ULONG myfake, char *pFunName)
{
kprintf("Inline Hooking %s from %X to %X\r\n", pFunName, target, myfake);
if (!MmIsAddressValid(PVOID(target)))
{
kprintf("Target is not available\r\n");
return 1;
}
LONG mysrc,mydst;
mysrc = target;
mydst = myfake;
HOOKINFO *pHI = (PHOOKINFO)kmalloc(sizeof(HOOKINFO));
if (pHI==NULL)
{
return FALSE;
}
#define JMPLEN 5
RtlZeroMemory(pHI, sizeof(HOOKINFO));
ULONG itmp=0;
UCHAR JmpCode[JMPLEN]={0xe9,0,0,0,0};
itmp = mydst-mysrc-JMPLEN;
*(PULONG)&JmpCode[1]= itmp;
RtlCopyMemory(pHI->szOldCode, (PUCHAR)mysrc, JMPLEN);
memcpy((PUCHAR)mysrc, JmpCode, JMPLEN);
pHI->NewAddress = mydst;
pHI->OldCodeSize = JMPLEN;
pHI->OriAddress = mysrc;
RtlCopyMemory(pHI->szFunName, pFunName, strlen(pFunName));
InsertTailList(&g_HookInfoListHead,&pHI->Next );
return 1;
}
开发者ID:340211173,项目名称:hf-2011,代码行数:32,代码来源:TEST_KIDISPAT.cpp
示例15: GetShadowTableAddress
/* 获取影子表的地址 */
PVOID GetShadowTableAddress()
{
ULONG dwordatbyte,i;
PUCHAR p = (PUCHAR)KeAddSystemServiceTable;
for(i = 0; i < PAGE_SIZE; i++, p++)// 往下找一页 指针递增1
{
__try
{
dwordatbyte = *(PULONG)p;
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return FALSE;
}
if(MmIsAddressValid((PVOID)dwordatbyte))
{
if(memcmp((PVOID)dwordatbyte, KeServiceDescriptorTable, 16) == 0)//对比前16字节 相同则找到
{
if((PVOID)dwordatbyte == KeServiceDescriptorTable)//排除自己
{
continue;
}
return (PVOID)dwordatbyte;
}
}
}
return FALSE;
}
开发者ID:340211173,项目名称:DriverReader,代码行数:29,代码来源:Ntos.c
示例16: TsmiHandleMemWrite
/*
* TsmiHandleMemWrite
*
* Purpose:
*
* Patch vbox dll in memory.
*
* Warning: potential BSOD-generator due to nonstandard way of loading, take care with patch offsets.
*
*/
NTSTATUS TsmiHandleMemWrite(
_In_ PVOID SrcAddress,
_In_ PVOID DestAddress,
_In_ ULONG Size
)
{
PMDL mdl;
NTSTATUS status = STATUS_SUCCESS;
PAGED_CODE();
mdl = IoAllocateMdl(DestAddress, Size, FALSE, FALSE, NULL);
if (mdl == NULL) {
return STATUS_INSUFFICIENT_RESOURCES;
}
if (DestAddress >= MmSystemRangeStart)
if (!MmIsAddressValid(DestAddress)) {
return STATUS_ACCESS_VIOLATION;
}
MmProbeAndLockPages(mdl, KernelMode, IoReadAccess);
DestAddress = MmGetSystemAddressForMdlSafe(mdl, HighPagePriority);
if (DestAddress != NULL) {
status = MmProtectMdlSystemAddress(mdl, PAGE_EXECUTE_READWRITE);
__movsb((PUCHAR)DestAddress, (const UCHAR *)SrcAddress, Size);
MmUnmapLockedPages(DestAddress, mdl);
MmUnlockPages(mdl);
}
else {
status = STATUS_ACCESS_VIOLATION;
}
IoFreeMdl(mdl);
return status;
}
开发者ID:jamella,项目名称:VBoxHardenedLoader,代码行数:44,代码来源:main.c
示例17: rtR0NtTryMatchSymSet
/**
* Tries a set against the current kernel.
*
* @retval @c true if it matched up, global variables are updated.
* @retval @c false otherwise (no globals updated).
* @param pSet The data set.
* @param pbPrcb Pointer to the processor control block.
* @param pszVendor Pointer to the processor vendor string.
* @param pOsVerInfo The OS version info.
*/
static bool rtR0NtTryMatchSymSet(PCRTNTSDBSET pSet, uint8_t *pbPrcb, const char *pszVendor, PCRTNTSDBOSVER pOsVerInfo)
{
/*
* Don't bother trying stuff where the NT kernel version number differs, or
* if the build type or SMPness doesn't match up.
*/
if ( pSet->OsVerInfo.uMajorVer != pOsVerInfo->uMajorVer
|| pSet->OsVerInfo.uMinorVer != pOsVerInfo->uMinorVer
|| pSet->OsVerInfo.fChecked != pOsVerInfo->fChecked
|| (!pSet->OsVerInfo.fSmp && pOsVerInfo->fSmp /*must-be-smp*/) )
{
//DbgPrint("IPRT: #%d Version/type mismatch.\n", pSet - &g_artNtSdbSets[0]);
return false;
}
/*
* Do the CPU vendor test.
*
* Note! The MmIsAddressValid call is the real #PF security here as the
* __try/__except has limited/no ability to catch everything we need.
*/
char *pszPrcbVendorString = (char *)&pbPrcb[pSet->KPRCB.offVendorString];
if (!MmIsAddressValid(&pszPrcbVendorString[4 * 3 - 1]))
{
//DbgPrint("IPRT: #%d invalid vendor string address.\n", pSet - &g_artNtSdbSets[0]);
return false;
}
__try
{
if (memcmp(pszPrcbVendorString, pszVendor, RT_MIN(4 * 3, pSet->KPRCB.cbVendorString)) != 0)
{
//DbgPrint("IPRT: #%d Vendor string mismatch.\n", pSet - &g_artNtSdbSets[0]);
return false;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
DbgPrint("IPRT: %#d Exception\n", pSet - &g_artNtSdbSets[0]);
return false;
}
/*
* Got a match, update the global variables and report succcess.
*/
g_offrtNtPbQuantumEnd = pSet->KPRCB.offQuantumEnd;
g_cbrtNtPbQuantumEnd = pSet->KPRCB.cbQuantumEnd;
g_offrtNtPbDpcQueueDepth = pSet->KPRCB.offDpcQueueDepth;
#if 0
DbgPrint("IPRT: Using data set #%u for %u.%usp%u build %u %s %s.\n",
pSet - &g_artNtSdbSets[0],
pSet->OsVerInfo.uMajorVer,
pSet->OsVerInfo.uMinorVer,
pSet->OsVerInfo.uCsdNo,
pSet->OsVerInfo.uBuildNo,
pSet->OsVerInfo.fSmp ? "smp" : "uni",
pSet->OsVerInfo.fChecked ? "checked" : "free");
#endif
return true;
}
开发者ID:sobomax,项目名称:virtualbox_64bit_edd,代码行数:70,代码来源:initterm-r0drv-nt.cpp
示例18: GetShutdownDispatch
ULONG_PTR GetShutdownDispatch(PDEVICE_OBJECT DeviceObject)
{
PDRIVER_OBJECT DriverObject = NULL;
ULONG_PTR ShutdownDispatch = 0;
if (DeviceObject && MmIsAddressValid((PVOID)DeviceObject))
{
DriverObject = DeviceObject->DriverObject;
if (DriverObject && MmIsAddressValid((PVOID)DriverObject))
{
ShutdownDispatch = (ULONG_PTR)DriverObject->MajorFunction[IRP_MJ_SHUTDOWN];
}
}
return ShutdownDispatch;
}
开发者ID:ChengChengCC,项目名称:Ark-tools,代码行数:17,代码来源:CallBack.c
示例19: IsGoodPtr
// verify if the given ptr points to a valid address
BOOL IsGoodPtr( PVOID ptr, ULONG size )
{
ULONG i = 0;
for(i=0; i<size; i++)
if( !MmIsAddressValid( (PULONG)ptr+i) )
return FALSE;
return TRUE;
}
开发者ID:340211173,项目名称:hf-2011,代码行数:11,代码来源:service.c
示例20: GetFileObject
PFILE_OBJECT GetFileObject(PMMVAD pVad)
{
PCONTROL_AREA pControlArea = NULL;
pControlArea = GetControlArea(pVad);
if (MmIsAddressValid((PULONG)pControlArea) == FALSE)
return NULL;
return (PFILE_OBJECT)pControlArea->FilePointer;
}
开发者ID:burluckij,项目名称:unhooker,代码行数:10,代码来源:memapi.c
注:本文中的MmIsAddressValid函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论