-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathReClassNET_Plugin.hpp
264 lines (220 loc) · 4.06 KB
/
ReClassNET_Plugin.hpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
#pragma once
#include <type_traits>
#include <algorithm>
#include <cstdint>
#include <codecvt>
#include <locale>
#include <cstring>
// Types
using RC_Pointer = void*;
using RC_Size = size_t;
using RC_UnicodeChar = char16_t;
// Constants
const int PATH_MAXIMUM_LENGTH = 260;
// Enumerations
enum class ProcessAccess
{
Read,
Write,
Full
};
enum class SectionProtection
{
NoAccess = 0,
Read = 1,
Write = 2,
Execute = 4,
Guard = 8
};
inline SectionProtection operator|(SectionProtection lhs, SectionProtection rhs)
{
using T = std::underlying_type_t<SectionProtection>;
return static_cast<SectionProtection>(static_cast<T>(lhs) | static_cast<T>(rhs));
}
inline SectionProtection& operator|=(SectionProtection& lhs, SectionProtection rhs)
{
using T = std::underlying_type_t<SectionProtection>;
lhs = static_cast<SectionProtection>(static_cast<T>(lhs) | static_cast<T>(rhs));
return lhs;
}
enum class SectionType
{
Unknown,
Private,
Mapped,
Image
};
enum class SectionCategory
{
Unknown,
CODE,
DATA,
HEAP
};
enum class ControlRemoteProcessAction
{
Suspend,
Resume,
Terminate
};
enum class DebugContinueStatus
{
Handled,
NotHandled
};
enum class HardwareBreakpointRegister
{
InvalidRegister,
Dr0,
Dr1,
Dr2,
Dr3
};
enum class HardwareBreakpointTrigger
{
Execute,
Access,
Write,
};
enum class HardwareBreakpointSize
{
Size1 = 1,
Size2 = 2,
Size4 = 4,
Size8 = 8
};
// Structures
#pragma pack(push, 1)
struct EnumerateProcessData
{
RC_Size Id;
RC_UnicodeChar ModulePath[PATH_MAXIMUM_LENGTH];
};
struct InstructionData
{
int Length;
uint8_t Data[15];
RC_UnicodeChar Instruction[64];
};
struct EnumerateRemoteSectionData
{
RC_Pointer BaseAddress;
RC_Size Size;
SectionType Type;
SectionCategory Category;
SectionProtection Protection;
RC_UnicodeChar Name[16];
RC_UnicodeChar ModulePath[PATH_MAXIMUM_LENGTH];
};
struct EnumerateRemoteModuleData
{
RC_Pointer BaseAddress;
RC_Size Size;
RC_UnicodeChar Path[PATH_MAXIMUM_LENGTH];
};
struct ExceptionDebugInfo
{
RC_Size ExceptionCode;
RC_Size ExceptionFlags;
RC_Pointer ExceptionAddress;
HardwareBreakpointRegister CausedBy;
struct RegisterInfo
{
#ifdef RECLASSNET64
RC_Pointer Rax;
RC_Pointer Rbx;
RC_Pointer Rcx;
RC_Pointer Rdx;
RC_Pointer Rdi;
RC_Pointer Rsi;
RC_Pointer Rsp;
RC_Pointer Rbp;
RC_Pointer Rip;
RC_Pointer R8;
RC_Pointer R9;
RC_Pointer R10;
RC_Pointer R11;
RC_Pointer R12;
RC_Pointer R13;
RC_Pointer R14;
RC_Pointer R15;
#else
RC_Pointer Eax;
RC_Pointer Ebx;
RC_Pointer Ecx;
RC_Pointer Edx;
RC_Pointer Edi;
RC_Pointer Esi;
RC_Pointer Esp;
RC_Pointer Ebp;
RC_Pointer Eip;
#endif
};
RegisterInfo Registers;
};
struct DebugEvent
{
DebugContinueStatus ContinueStatus;
RC_Pointer ProcessId;
RC_Pointer ThreadId;
ExceptionDebugInfo ExceptionInfo;
};
struct DebugRegister6
{
union
{
uintptr_t Value;
struct
{
unsigned DR0 : 1;
unsigned DR1 : 1;
unsigned DR2 : 1;
unsigned DR3 : 1;
unsigned Reserved : 9;
unsigned BD : 1;
unsigned BS : 1;
unsigned BT : 1;
};
};
};
struct DebugRegister7
{
union
{
uintptr_t Value;
struct
{
unsigned G0 : 1;
unsigned L0 : 1;
unsigned G1 : 1;
unsigned L1 : 1;
unsigned G2 : 1;
unsigned L2 : 1;
unsigned G3 : 1;
unsigned L3 : 1;
unsigned GE : 1;
unsigned LE : 1;
unsigned Reserved : 6;
unsigned RW0 : 2;
unsigned Len0 : 2;
unsigned RW1 : 2;
unsigned Len1 : 2;
unsigned RW2 : 2;
unsigned Len2 : 2;
unsigned RW3 : 2;
unsigned Len3 : 2;
};
};
};
#pragma pack(pop)
// Helpers
inline void MultiByteToUnicode(const char* src, RC_UnicodeChar* dst, int size)
{
#if _MSC_VER >= 1900
// VS Bug: https://connect.microsoft.com/VisualStudio/feedback/details/1348277/link-error-when-using-std-codecvt-utf8-utf16-char16-t
auto temp = std::wstring_convert<std::codecvt_utf8_utf16<int16_t>, int16_t>{}.from_bytes(src);
#else
auto temp = std::wstring_convert<std::codecvt_utf8_utf16<char16_t>, char16_t>{}.from_bytes(src);
#endif
std::memcpy(dst, temp.c_str(), std::min<int>(static_cast<int>(temp.length()), size) * sizeof(char16_t));
}