forked from cheat-engine/cheat-engine
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDBK64SecondaryLoader.pas
139 lines (112 loc) · 4.09 KB
/
DBK64SecondaryLoader.pas
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
unit DBK64SecondaryLoader;
{$mode delphi}
interface
uses
jwawindows, windows, Classes, SysUtils, cefuncproc, NewKernelHandler, dialogs;
function SecondaryDriverLoad: THandle;
function SecondaryDeviceIoControl(dwIoControlCode: DWORD; lpInBuffer: Pointer; nInBufferSize: DWORD; lpOutBuffer: Pointer; nOutBufferSize: DWORD; var lpBytesReturned: DWORD; lpOverlapped: POverlapped): BOOL; stdcall;
implementation
uses dbk32functions, vmxfunctions, ManualModuleLoader, ctypes, Globals;
const IRP_MJ_CREATE =$00;
const IRP_MJ_CREATE_NAMED_PIPE =$01;
const IRP_MJ_CLOSE =$02;
const IRP_MJ_READ =$03;
const IRP_MJ_WRITE =$04;
const IRP_MJ_QUERY_INFORMATION =$05;
const IRP_MJ_SET_INFORMATION =$06;
const IRP_MJ_QUERY_EA =$07;
const IRP_MJ_SET_EA =$08;
const IRP_MJ_FLUSH_BUFFERS =$09;
const IRP_MJ_QUERY_VOLUME_INFORMATION =$0a;
const IRP_MJ_SET_VOLUME_INFORMATION =$0b;
const IRP_MJ_DIRECTORY_CONTROL =$0c;
const IRP_MJ_FILE_SYSTEM_CONTROL =$0d;
const IRP_MJ_DEVICE_CONTROL =$0e;
const IRP_MJ_INTERNAL_DEVICE_CONTROL =$0f;
const IRP_MJ_SHUTDOWN =$10;
const IRP_MJ_LOCK_CONTROL =$11;
const IRP_MJ_CLEANUP =$12;
const IRP_MJ_CREATE_MAILSLOT =$13;
const IRP_MJ_QUERY_SECURITY =$14;
const IRP_MJ_SET_SECURITY =$15;
const IRP_MJ_POWER =$16;
const IRP_MJ_SYSTEM_CONTROL =$17;
const IRP_MJ_DEVICE_CHANGE =$18;
const IRP_MJ_QUERY_QUOTA =$19;
const IRP_MJ_SET_QUOTA =$1a;
const IRP_MJ_PNP =$1b;
const IRP_MJ_MAXIMUM_FUNCTION = $1b;
type DRIVER_OBJECT=record
_Type: cshort;
Size: cshort;
DeviceObject: pointer;
Flags: ULONG;
DriverStart: pointer;
DriverSize: ULONG;
DriverSection: PVOID;
DriverExtension: pointer;
DriverName: UNICODE_STRING ;
HardwareDatabase: PUNICODE_STRING;
FastIoDispatch: pointer;
DriverInit: pointer;
DriverStartIo: pointer;
DriverUnload: pointer;
MajorFunction: array [0..IRP_MJ_MAXIMUM_FUNCTION] of pointer;
end;
var dobject: DRIVER_OBJECT;
function SecondaryDriverLoad: THandle;
var ml: TModuleLoader;
r: integer;
part: integer;
begin
part:=0;
result:=INVALID_HANDLE_VALUE;
//ShowMessage('SecondaryDriverLoad');
try
part:=1;
// ShowMessage('Part 1');
//load the 64 bit driver
if dbvm_version =0 then
begin
showmessage('seems like dbvm isn''t loaded after all');
exit;
end;
part:=2;
//ShowMessage('Part 2');
ml:=TModuleLoader.create(CheatEngineDir+'dbk64.sys');
part:=3;
// ShowMessage('Part 3');
if ml.loaded then
begin
part:=4;
ZeroMemory(@dobject, sizeof(dobject));
r:=dbvm_executeDriverEntry(pointer(ml.entrypoint), @dobject,nil);
part:=5;
if r=0 then
begin
result:=$fff00fff;
part:=6;
ShowMessage('Success. The driver has been loaded thanks to dbvm');
end
else
showMessage('The driver failed to initialize');
part:=7;
end
else
showmessage('ModuleLoader failed to map dbk64.sys to memory');
part:=8;
except
on e: exception do
showmessage('Error while trying to load the driver at part '+inttostr(part)+': '+e.message);
end;
end;
function SecondaryDeviceIoControl(dwIoControlCode: DWORD; lpInBuffer: Pointer; nInBufferSize: DWORD; lpOutBuffer: Pointer; nOutBufferSize: DWORD; var lpBytesReturned: DWORD; lpOverlapped: POverlapped): BOOL; stdcall;
begin
outputdebugstring('SecondaryDeviceIoControl: dwIoControlCode='+inttohex(dwIoControlCode,1));
result:=dbvm_executeDispatchIoctl(pointer(dobject.MajorFunction[IRP_MJ_DEVICE_CONTROL]), @dobject, dwIoControlCode, lpInBuffer, nInBufferSize, lpOutBuffer, nOutBufferSize, @lpBytesReturned);
if result then
outputdebugstring('Returned true')
else
outputdebugstring('Returned false');
end;
end.