Modify

Author: redcodes

Test.cpp

@@ -411,7 +411,7 @@ void TestService()
     UninstallService(SERVICE_NAME);
 }
 
-class CCallback : public ICallBack
+class CCallback : public IRequestHandler
 {
 public:
     CCallback()
@@ -446,12 +446,13 @@ class CCallback : public ICallBack
     }
 };
 
-static ICallBack* g_Callback = NULL;
+static IRequestHandler* g_Callback = NULL;
 
 DWORD TestKeyboardHook(LPVOID lpParam)
 {
     CKeyboardHook keyboardHook(g_Callback);
     keyboardHook.Install(GetCurrentProcessId());
+	
     keyboardHook.UnInstall();
     return TRUE;
 }

include/IProcess.h

@@ -15,6 +15,7 @@ namespace CODELIB
     {
     public:
         virtual ~IProcess() = 0 {};
+		virtual BOOL IsOpened()=0;
         virtual BOOL Open(DWORD dwPID) = 0;
         virtual void Close() = 0;
         virtual BOOL Terminate() = 0;
@@ -24,5 +25,6 @@ namespace CODELIB
         virtual LPCTSTR GetFullPathName() = 0;
         virtual BOOL GetIntegrityLevel(INTEGRITYLEVEL* pLevel) = 0;
         virtual HANDLE GetHandle() = 0;
+        virtual SIZE_T VirtualQueryEx(LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength) = 0;
     };
 }

src/ConsoleDebug.h

@@ -0,0 +1,34 @@
+#pragma once
+#include <windows.h>
+#include <stdio.h>
+#include <iostream>
+
+class CConsoleDebug
+{
+public:
+    CConsoleDebug(): m_pFile(NULL)
+    {
+#ifdef _DEBUG
+        AllocConsole();
+        freopen_s(&m_pFile, "CONOUT$", "w", stdout);
+         HANDLE hCon = GetStdHandle(STD_OUTPUT_HANDLE);
+//         SetConsoleTextAttribute(hCon, FOREGROUND_INTENSITY);
+		 COORD   size;
+		 size.X=80;
+		 size.Y=3000;
+		::SetConsoleScreenBufferSize(hCon, size);
+        std::ios_base::sync_with_stdio();
+#endif
+    }
+
+    virtual ~CConsoleDebug()
+    {
+#ifdef _DEBUG
+        fclose(m_pFile);
+        m_pFile = NULL;
+        FreeConsole();
+#endif
+    }
+private:
+    FILE* m_pFile;
+};

src/ICallBack.h

@@ -3,7 +3,8 @@
 
 typedef enum REQUEST_TYPE
 {
-    REQUEST_KEYBOARDHOOK
+    REQUEST_KEYBOARDHOOK,
+    REQUEST_MEMSCAN
 };
 
 class IRequest
@@ -12,9 +13,25 @@ class IRequest
     virtual ~IRequest() = 0 {};
     virtual REQUEST_TYPE GetType() = 0;
 };
-class ICallBack
+
+class CRequestBase : public IRequest
+{
+public:
+    CRequestBase(REQUEST_TYPE requestType): m_requestType(requestType) {}
+
+    virtual ~CRequestBase() {}
+
+    virtual REQUEST_TYPE GetType()
+    {
+        return m_requestType;
+    }
+
+private:
+    REQUEST_TYPE m_requestType;
+};
+class IRequestHandler
 {
 public:
-    virtual ~ICallBack() = 0 {};
+    virtual ~IRequestHandler() = 0 {};
     virtual BOOL HandleRequest(IRequest* pRequest) = 0;
 };

src/Keyboard.cpp

@@ -3,7 +3,7 @@
 #include "CommonFunc.h"
 
 HHOOK CKeyboardHook::m_hHook = NULL;
-CKeyboardHook::CKeyboardHook(ICallBack* pCallback): m_pCallback(pCallback), m_pRequest(NULL)
+CKeyboardHook::CKeyboardHook(IRequestHandler* pCallback): m_pCallback(pCallback), m_pRequest(NULL)
 {
     m_pRequest = new CKeyboardHookRequest;
 }

src/Keyboard.h

@@ -21,7 +21,7 @@ class CKeyboardHookRequest : public IRequest
 class CKeyboardHook
 {
 public:
-    CKeyboardHook(ICallBack* pCallback);
+    CKeyboardHook(IRequestHandler* pCallback);
     virtual ~CKeyboardHook();
 
     BOOL Install(DWORD dwPID);
@@ -30,7 +30,7 @@ class CKeyboardHook
 	void PrintDebugInfo(LPCTSTR lpszInfo);
 	static LRESULT CALLBACK _HookProc(int nCode, WPARAM wParam, LPARAM lParam);
 private:
-    ICallBack* m_pCallback;
+    IRequestHandler* m_pCallback;
     CKeyboardHookRequest* m_pRequest;
 	static HHOOK m_hHook;
 };

src/ProcessImpl.cpp

@@ -3,7 +3,7 @@
 #include <assert.h>
 #include <Psapi.h>
 #include <tlhelp32.h>
-
+#pragma comment(lib,"Psapi.lib")
 namespace CODELIB
 {
     CProcessImpl::CProcessImpl(void): m_dwPID(-1), m_hProcess(NULL)
@@ -171,120 +171,135 @@ namespace CODELIB
         return dwPID;
     }
 
-	BOOL CProcessImpl::EnumProcess( std::vector<PROCESSENTRY32>& proVec )
-	{
-		PROCESSENTRY32 pe32 = {sizeof(pe32)};
-		HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
-
-		if(INVALID_HANDLE_VALUE == hProcessSnap) return FALSE;
-
-		if(Process32First(hProcessSnap, &pe32))
-		{
-			do
-			{
-				proVec.push_back(pe32);
-			}
-			while(Process32Next(hProcessSnap, &pe32));
-		}
-
-		CloseHandle(hProcessSnap);
-		hProcessSnap = NULL;
-		return TRUE;
-	}
-
-	BOOL CProcessImpl::CreateLowIntegrityProcess(PWSTR pszCommandLine)
-	{
-		DWORD dwError = ERROR_SUCCESS;
-		HANDLE hToken = NULL;
-		HANDLE hNewToken = NULL;
-		SID_IDENTIFIER_AUTHORITY MLAuthority = SECURITY_MANDATORY_LABEL_AUTHORITY;
-		PSID pIntegritySid = NULL;
-		TOKEN_MANDATORY_LABEL tml = { 0 };
-		STARTUPINFO si = { sizeof(si) };
-		PROCESS_INFORMATION pi = { 0 };
-
-		// Open the primary access token of the process.
-		if (!OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE | TOKEN_QUERY |
-			TOKEN_ADJUST_DEFAULT | TOKEN_ASSIGN_PRIMARY, &hToken))
-		{
-			dwError = GetLastError();
-			goto Cleanup;
-		}
-
-		// Duplicate the primary token of the current process.
-		if (!DuplicateTokenEx(hToken, 0, NULL, SecurityImpersonation, 
-			TokenPrimary, &hNewToken))
-		{
-			dwError = GetLastError();
-			goto Cleanup;
-		}
-
-		// Create the low integrity SID.
-		if (!AllocateAndInitializeSid(&MLAuthority, 1, SECURITY_MANDATORY_LOW_RID, 
-			0, 0, 0, 0, 0, 0, 0, &pIntegritySid))
-		{
-			dwError = GetLastError();
-			goto Cleanup;
-		}
-
-		tml.Label.Attributes = SE_GROUP_INTEGRITY;
-		tml.Label.Sid = pIntegritySid;
-
-		// Set the integrity level in the access token to low.
-		if (!SetTokenInformation(hNewToken, TokenIntegrityLevel, &tml, 
-			(sizeof(tml) + GetLengthSid(pIntegritySid))))
-		{
-			dwError = GetLastError();
-			goto Cleanup;
-		}
-
-		// Create the new process at the Low integrity level.
-		if (!CreateProcessAsUser(hNewToken, NULL, pszCommandLine, NULL, NULL, 
-			FALSE, 0, NULL, NULL, &si, &pi))
-		{
-			dwError = GetLastError();
-			goto Cleanup;
-		}
+    BOOL CProcessImpl::EnumProcess(std::vector<PROCESSENTRY32>& proVec)
+    {
+        PROCESSENTRY32 pe32 = {sizeof(pe32)};
+        HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
+
+        if(INVALID_HANDLE_VALUE == hProcessSnap) return FALSE;
+
+        if(Process32First(hProcessSnap, &pe32))
+        {
+            do
+            {
+                proVec.push_back(pe32);
+            }
+            while(Process32Next(hProcessSnap, &pe32));
+        }
+
+        CloseHandle(hProcessSnap);
+        hProcessSnap = NULL;
+        return TRUE;
+    }
+
+    BOOL CProcessImpl::CreateLowIntegrityProcess(PWSTR pszCommandLine)
+    {
+        DWORD dwError = ERROR_SUCCESS;
+        HANDLE hToken = NULL;
+        HANDLE hNewToken = NULL;
+        SID_IDENTIFIER_AUTHORITY MLAuthority = SECURITY_MANDATORY_LABEL_AUTHORITY;
+        PSID pIntegritySid = NULL;
+        TOKEN_MANDATORY_LABEL tml = { 0 };
+        STARTUPINFO si = { sizeof(si) };
+        PROCESS_INFORMATION pi = { 0 };
+
+        // Open the primary access token of the process.
+        if(!OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE | TOKEN_QUERY |
+                             TOKEN_ADJUST_DEFAULT | TOKEN_ASSIGN_PRIMARY, &hToken))
+        {
+            dwError = GetLastError();
+            goto Cleanup;
+        }
+
+        // Duplicate the primary token of the current process.
+        if(!DuplicateTokenEx(hToken, 0, NULL, SecurityImpersonation,
+                             TokenPrimary, &hNewToken))
+        {
+            dwError = GetLastError();
+            goto Cleanup;
+        }
+
+        // Create the low integrity SID.
+        if(!AllocateAndInitializeSid(&MLAuthority, 1, SECURITY_MANDATORY_LOW_RID,
+                                     0, 0, 0, 0, 0, 0, 0, &pIntegritySid))
+        {
+            dwError = GetLastError();
+            goto Cleanup;
+        }
+
+        tml.Label.Attributes = SE_GROUP_INTEGRITY;
+        tml.Label.Sid = pIntegritySid;
+
+        // Set the integrity level in the access token to low.
+        if(!SetTokenInformation(hNewToken, TokenIntegrityLevel, &tml,
+                                (sizeof(tml) + GetLengthSid(pIntegritySid))))
+        {
+            dwError = GetLastError();
+            goto Cleanup;
+        }
+
+        // Create the new process at the Low integrity level.
+        if(!CreateProcessAsUser(hNewToken, NULL, pszCommandLine, NULL, NULL,
+                                FALSE, 0, NULL, NULL, &si, &pi))
+        {
+            dwError = GetLastError();
+            goto Cleanup;
+        }
 
 Cleanup:
-		// Centralized cleanup for all allocated resources.
-		if (hToken)
-		{
-			CloseHandle(hToken);
-			hToken = NULL;
-		}
-		if (hNewToken)
-		{
-			CloseHandle(hNewToken);
-			hNewToken = NULL;
-		}
-		if (pIntegritySid)
-		{
-			FreeSid(pIntegritySid);
-			pIntegritySid = NULL;
-		}
-		if (pi.hProcess)
-		{
-			CloseHandle(pi.hProcess);
-			pi.hProcess = NULL;
-		}
-		if (pi.hThread)
-		{
-			CloseHandle(pi.hThread);
-			pi.hThread = NULL;
-		}
-
-		if (ERROR_SUCCESS != dwError)
-		{
-			// Make sure that the error code is set for failure.
-			SetLastError(dwError);
-			return FALSE;
-		}
-		else
-		{
-			return TRUE;
-		}
-	}
+
+        // Centralized cleanup for all allocated resources.
+        if(hToken)
+        {
+            CloseHandle(hToken);
+            hToken = NULL;
+        }
+
+        if(hNewToken)
+        {
+            CloseHandle(hNewToken);
+            hNewToken = NULL;
+        }
+
+        if(pIntegritySid)
+        {
+            FreeSid(pIntegritySid);
+            pIntegritySid = NULL;
+        }
+
+        if(pi.hProcess)
+        {
+            CloseHandle(pi.hProcess);
+            pi.hProcess = NULL;
+        }
+
+        if(pi.hThread)
+        {
+            CloseHandle(pi.hThread);
+            pi.hThread = NULL;
+        }
+
+        if(ERROR_SUCCESS != dwError)
+        {
+            // Make sure that the error code is set for failure.
+            SetLastError(dwError);
+            return FALSE;
+        }
+        else
+        {
+            return TRUE;
+        }
+    }
+
+    SIZE_T CProcessImpl::VirtualQueryEx(LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength)
+    {
+        return ::VirtualQueryEx(m_hProcess, lpAddress, lpBuffer, dwLength);
+    }
+
+    BOOL CProcessImpl::IsOpened()
+    {
+        return (NULL != m_hProcess);
+    }
 
 }