dev140

"-dmp pid" command added
jdzjames · Oct 21, 2023 · 8cd4cdd · 8cd4cdd
1 parent 448585f
commit 8cd4cdd
Show file tree

Hide file tree

Showing 18 changed files with 511 additions and 104 deletions.
diff --git a/Source/Hamakaze/KDU.vcxproj.user b/Source/Hamakaze/KDU.vcxproj.user
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <LocalDebuggerCommandArguments>-test</LocalDebuggerCommandArguments>
+    <LocalDebuggerCommandArguments>-prv 21 -dmp 672</LocalDebuggerCommandArguments>
     <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">

diff --git a/Source/Hamakaze/idrv/dbk.cpp b/Source/Hamakaze/idrv/dbk.cpp
@@ -4,9 +4,9 @@
 *
 *  TITLE:       DBK.CPP
 *
-*  VERSION:     1.32
+*  VERSION:     1.40
 *
-*  DATE:        10 Jun 2023
+*  DATE:        20 Oct 2023
 *
 *  Cheat Engine's DBK driver routines.
 *
@@ -651,3 +651,36 @@ BOOL DbkControlDSE(
 
     return bResult;
 }
+
+/*
+* DbkOpenProcess
+*
+* Purpose:
+*
+* Open process via CheatEngine driver.
+*
+*/
+BOOL WINAPI DbkOpenProcess(
+    _In_ HANDLE DeviceHandle,
+    _In_ HANDLE ProcessId,
+    _In_ ACCESS_MASK DesiredAccess,
+    _Out_ PHANDLE ProcessHandle)
+{
+    UNREFERENCED_PARAMETER(DesiredAccess);
+
+    struct {
+        HANDLE ProcessHandle;
+        BYTE Special;
+    } outputBuffer = { NULL, 0 };
+
+    BOOL bResult = supCallDriver(DeviceHandle,
+        IOCTL_CE_OPENPROCESS,
+        &ProcessId,
+        sizeof(DWORD),
+        &outputBuffer,
+        sizeof(outputBuffer));
+
+    *ProcessHandle = outputBuffer.ProcessHandle;
+
+    return bResult;
+}
diff --git a/Source/Hamakaze/idrv/dbk.h b/Source/Hamakaze/idrv/dbk.h
@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2022
+*  (C) COPYRIGHT AUTHORS, 2022 - 2023
 *
 *  TITLE:       DBK.H
 *
-*  VERSION:     1.20
+*  VERSION:     1.40
 *
-*  DATE:        14 Feb 2022
+*  DATE:        20 Oct 2023
 *
 *  Cheat Engine's DBK driver interface header.
 *
@@ -25,6 +25,7 @@
 
 #define DBK_DEVICE_TYPE (DWORD)FILE_DEVICE_UNKNOWN
 
+#define DBK_FUNC_OPEN_PROCESS (DWORD)0x0802
 #define DBK_FUNC_ALLOCATEMEM_NONPAGED (DWORD)0x0826
 #define DBK_FUNC_FREEMEM (DWORD)0x084C
 #define DBK_FUNC_MAP_MEMORY (DWORD)0x084D
@@ -46,6 +47,10 @@
 #define IOCTL_CE_EXECUTE_CODE    \
     CTL_CODE(DBK_DEVICE_TYPE, DBK_FUNC_EXECUTE_CODE, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
 
+#define IOCTL_CE_OPENPROCESS     \
+    CTL_CODE(DBK_DEVICE_TYPE, DBK_FUNC_OPEN_PROCESS, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
+
+
 BOOL DbkStartVulnerableDriver(
     _In_ KDU_CONTEXT* Context);
 
@@ -57,3 +62,9 @@ BOOL DbkControlDSE(
     _In_ PKDU_CONTEXT Context,
     _In_ ULONG DSEValue,
     _In_ ULONG_PTR Address);
+
+BOOL WINAPI DbkOpenProcess(
+    _In_ HANDLE DeviceHandle,
+    _In_ HANDLE ProcessId,
+    _In_ ACCESS_MASK DesiredAccess,
+    _Out_ PHANDLE ProcessHandle);
diff --git a/Source/Hamakaze/idrv/kph.cpp b/Source/Hamakaze/idrv/kph.cpp
@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2022
+*  (C) COPYRIGHT AUTHORS, 2022 - 2023
 *
 *  TITLE:       KPH.CPP
 *
-*  VERSION:     1.20
+*  VERSION:     1.40
 *
-*  DATE:        08 Feb 2022
+*  DATE:        20 Oct 2023
 *
 *  KProcessHacker2 driver routines.
 *
@@ -292,14 +292,14 @@ BOOL KphpDuplicateHandle(
 }
 
 /*
-* KphpOpenProcess
+* KphOpenProcess
 *
 * Purpose:
 *
 * Open process handle via KPH driver request.
 *
 */
-BOOL KphpOpenProcess(
+BOOL WINAPI KphOpenProcess(
     _In_ HANDLE DeviceHandle,
     _In_ HANDLE ProcessId,
     _In_ ACCESS_MASK DesiredAccess,
@@ -339,7 +339,7 @@ BOOL WINAPI KphRegisterDriver(
     UNREFERENCED_PARAMETER(Param);
 
     return supOpenPhysicalMemory(DeviceHandle,
-        (pfnOpenProcessCallback)KphpOpenProcess,
+        (pfnOpenProcessCallback)KphOpenProcess,
         (pfnDuplicateHandleCallback)KphpDuplicateHandle,
         &g_KphPhysicalMemorySection);
 }

diff --git a/Source/Hamakaze/idrv/kph.h b/Source/Hamakaze/idrv/kph.h
@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2022
+*  (C) COPYRIGHT AUTHORS, 2022 - 2023
 *
 *  TITLE:       KPH.H
 *
-*  VERSION:     1.20
+*  VERSION:     1.40
 *
-*  DATE:        08 Feb 2022
+*  DATE:        20 Oct 2023
 *
 *  KProcessHacker2 driver interface header.
 *
@@ -85,3 +85,9 @@ BOOL WINAPI KphWriteKernelVirtualMemory(
     _In_ ULONG_PTR Address,
     _In_reads_bytes_(NumberOfBytes) PVOID Buffer,
     _In_ ULONG NumberOfBytes);
+
+BOOL WINAPI KphOpenProcess(
+    _In_ HANDLE DeviceHandle,
+    _In_ HANDLE ProcessId,
+    _In_ ACCESS_MASK DesiredAccess,
+    _Out_ PHANDLE ProcessHandle);
diff --git a/Source/Hamakaze/idrv/procexp.cpp b/Source/Hamakaze/idrv/procexp.cpp
@@ -4,9 +4,9 @@
 *
 *  TITLE:       PROCEXP.CPP
 *
-*  VERSION:     1.32
+*  VERSION:     1.40
 *
-*  DATE:        10 Jun 2023
+*  DATE:        20 Oct 2023
 *
 *  Process Explorer driver routines.
 *
@@ -277,14 +277,14 @@ BOOL PexpDuplicateHandle(
 }
 
 /*
-* PexpOpenProcess
+* PexOpenProcess
 *
 * Purpose:
 *
 * Open process handle via ProcExp driver request.
 *
 */
-BOOL PexpOpenProcess(
+BOOL WINAPI PexOpenProcess(
     _In_ HANDLE DeviceHandle,
     _In_ HANDLE ProcessId,
     _In_ ACCESS_MASK DesiredAccess,
@@ -324,7 +324,7 @@ BOOL WINAPI PexRegisterDriver(
     context->Victim = &g_ProcExpVictimSelf;
 
     return supOpenPhysicalMemory(DeviceHandle,
-        PexpOpenProcess,
+        PexOpenProcess,
         PexpDuplicateHandle,
         &g_PexPhysicalMemorySection);
 }

diff --git a/Source/Hamakaze/idrv/procexp.h b/Source/Hamakaze/idrv/procexp.h
@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2022
+*  (C) COPYRIGHT AUTHORS, 2022 - 2023
 *
 *  TITLE:       PROCEXP.H
 *
-*  VERSION:     1.20
+*  VERSION:     1.40
 *
-*  DATE:        08 Feb 2022
+*  DATE:        20 Oct 2023
 *
 *  Process Explorer driver interface header.
 *
@@ -80,3 +80,9 @@ BOOL WINAPI PexWriteKernelVirtualMemory(
     _In_ ULONG_PTR Address,
     _In_reads_bytes_(NumberOfBytes) PVOID Buffer,
     _In_ ULONG NumberOfBytes);
+
+BOOL WINAPI PexOpenProcess(
+    _In_ HANDLE DeviceHandle,
+    _In_ HANDLE ProcessId,
+    _In_ ACCESS_MASK DesiredAccess,
+    _Out_ PHANDLE ProcessHandle);
diff --git a/Source/Hamakaze/idrv/zemana.cpp b/Source/Hamakaze/idrv/zemana.cpp
@@ -4,9 +4,9 @@
 *
 *  TITLE:       ZEMANA.CPP
 *
-*  VERSION:     1.30
+*  VERSION:     1.40
 *
-*  DATE:        20 Mar 2023
+*  DATE:        20 Oct 2023
 *
 *  Zemana driver routines.
 *
@@ -524,6 +524,34 @@ BOOL ZmControlDSE(
     return bResult;
 }
 
+/*
+* ZmOpenProcess
+*
+* Purpose:
+*
+* Open process via Zemana driver.
+*
+*/
+BOOL WINAPI ZmOpenProcess(
+    _In_ HANDLE DeviceHandle,
+    _In_ HANDLE ProcessId,
+    _In_ ACCESS_MASK DesiredAccess,
+    _Out_ PHANDLE ProcessHandle)
+{
+    UNREFERENCED_PARAMETER(DesiredAccess);
+
+    BOOL bResult = FALSE;
+
+    *ProcessHandle = NULL;
+
+    return supCallDriver(DeviceHandle,
+        IOCTL_ZEMANA_OPEN_PROCESS,
+        &ProcessId,
+        sizeof(ProcessId),
+        ProcessHandle,
+        sizeof(ProcessHandle));
+}
+
 /*
 * ZmRegisterDriver
 *

diff --git a/Source/Hamakaze/idrv/zemana.h b/Source/Hamakaze/idrv/zemana.h
@@ -1,12 +1,12 @@
 /*******************************************************************************
 *
-*  (C) COPYRIGHT AUTHORS, 2022
+*  (C) COPYRIGHT AUTHORS, 2022 - 2023
 *
 *  TITLE:       ZEMANA.H
 *
-*  VERSION:     1.27
+*  VERSION:     1.40
 *
-*  DATE:        08 Nov 2022
+*  DATE:        20 Oct 2023
 *
 *  Zemana driver interface header.
 *
@@ -34,6 +34,7 @@
 #define ZEMANA_SCSI_WRITE        (DWORD)0x806
 #define ZEMANA_PROTECT_REGISTRY  (DWORD)0x810
 #define ZEMANA_SAVE_MINIPORT_FIX (DWORD)0x811
+#define ZEMANA_OPEN_PROCESS      (DWORD)0x813
 
 #define IOCTL_ZEMANA_REGISTER_PROCESS       \
     CTL_CODE(FILE_DEVICE_ZEMANA, ZEMANA_REGISTER_PROCESS, METHOD_BUFFERED, FILE_ANY_ACCESS) //0x80002010
@@ -50,6 +51,9 @@
 #define IOCTL_ZEMANA_PROTECT_REGISTRY      \
     CTL_CODE(FILE_DEVICE_ZEMANA, ZEMANA_PROTECT_REGISTRY, METHOD_BUFFERED, FILE_ANY_ACCESS) //0x80002040
 
+#define IOCTL_ZEMANA_OPEN_PROCESS      \
+    CTL_CODE(FILE_DEVICE_ZEMANA, ZEMANA_OPEN_PROCESS, METHOD_BUFFERED, FILE_ANY_ACCESS) //0x8000204C  
+
 BOOL ZmMapDriver(
     _In_ PKDU_CONTEXT Context,
     _In_ PVOID ImageBase);
@@ -59,6 +63,12 @@ BOOL ZmControlDSE(
     _In_ ULONG DSEValue,
     _In_ ULONG_PTR Address);
 
+BOOL WINAPI ZmOpenProcess(
+    _In_ HANDLE DeviceHandle,
+    _In_ HANDLE ProcessId,
+    _In_ ACCESS_MASK DesiredAccess,
+    _Out_ PHANDLE ProcessHandle);
+
 BOOL WINAPI ZmRegisterDriver(
     _In_ HANDLE DeviceHandle,
     _In_opt_ PVOID Param);