echo/cheat-engine
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cb68b21eaa
cheat-engine/Cheat Engine/sharedMemory.pas
cheatengine@gmail.com 0f35a52416 move the processid and handle from cefuncproc to processhandlerunit 
move the processlist function from cefuncproc to it's own unit
start work on the jni library for java
2014-09-08 12:00:14 +00:00

168 lines
3.7 KiB
ObjectPascal
Raw Blame History

unit sharedMemory;
{$mode delphi}
interface
uses
windows, Classes, SysUtils, symbolhandler, autoassembler, frmautoinjectunit, cefuncproc, NewKernelHandler,
Clipbrd;
const FILE_MAP_EXECUTE = $20;
function allocateSharedMemoryIntoTargetProcess(name: string; size: integer=4096): pointer;
procedure createSharedMemory(name: string; size: integer);
implementation
uses ProcessHandlerUnit;
procedure createSharedMemory(name: string; size: integer);
begin
CreateFileMapping(INVALID_HANDLE_VALUE,nil,PAGE_EXECUTE_READWRITE,0,size,pchar(name));
end;
function allocateSharedMemoryIntoTargetProcess(name: string; size: integer=4096): pointer;
var s: tstringlist;
CEAllocArray: TCEAllocArray;
i: integer;
starttime: dword;
x: ptruint;
address: ptruint;
access: dword;
begin
access:=FILE_MAP_EXECUTE or FILE_MAP_READ or FILE_MAP_WRITE;
//if name does not exist allocate it first
if OpenFileMapping(access, false, pchar(name))=0 then
createSharedMemory(name, size);
result:=nil;
s:=tstringlist.create;
s.add('alloc(allocator,1024)');
s.add('alloc(sname,128)');
s.add('alloc(address, 4)');
s.add('label(error)');
s.add('sname:');
s.add('db '''+name+''',0');
s.add('');
s.add('address:');
if processhandler.is64Bit then
s.add('dq 0')
else
s.add('dd 0');
s.add('');
s.add('allocator:');
if processhandler.is64bit then
begin
s.add('sub rsp,#64');
s.add('mov rcx,'+inttohex(access,16));
s.add('mov rdx,0');
s.add('mov r8,sname');
s.add('call OpenFileMappingA');
s.add('cmp rax,0');
end
else
begin
s.add('push sname');
s.add('push 0'); //inherit handle
s.add('push '+inttohex(access,8));
s.add('call OpenFileMappingA');
s.add('cmp eax,0');
end;
s.add('je short error');
s.add('');
if processhandler.is64bit then
begin
s.add('mov rcx,eax');
s.add('mov rdx,'+inttohex(access,16));
s.add('mov r8,0');
s.add('mov r9,0');
s.add('xor rax,rax');
s.add('mov [rsp],rcx'); //just to be sure...
s.add('mov [rsp+8],rdx');
s.add('mov [rsp+10],r8');
s.add('mov [rsp+18],r9');
s.add('mov [rsp+20],rax');
s.add('call MapViewOfFile');
s.add('mov [address],rax');
s.add('add rsp,#64');
end
else
begin
s.add('push 0');
s.add('push 0');
s.add('push 0');
s.add('push '+inttohex(access,8));
s.add('push eax');
s.add('call MapViewOfFile');
s.add('mov [address],eax');
end;
s.add('ret');
s.add('');
s.add('error:');
s.add('call GetLastError');
s.add('mov [address],eax');
if processhandler.is64bit then
s.add('add rsp,#64');
s.add('ret');
s.add('createThread(allocator)');
// Clipboard.AsText:=s.text;
try
setlength(CEAllocArray,0);
if autoassemble(s,false, true, false, false, CEAllocArray) then
begin
starttime:=GetTickCount;
for i:=0 to length(ceallocarray)-1 do
begin
if ceallocarray[i].varname='address' then
begin
while gettickcount-starttime<10*1000 do
begin
//poll if address is still 0
if ReadProcessMemory(processhandle, pointer(ceallocarray[i].address), @address, processhandler.pointersize, x) then
begin
if address<>0 then
begin
if address>=$10000 then
result:=pointer(address);
break;
end;
end else exit; //unreadable...
end;
break;
end;
end;
VirtualFreeEx(processhandle, pointer(ceallocarray[0].address), 0, MEM_DECOMMIT);
end;
except
end;
end;
end.
Reference in New Issue View Git Blame Copy Permalink