mirror-ac/user/um/process.h

48 lines
1.3 KiB
C
Raw Normal View History

2023-08-15 14:02:17 +02:00
#ifndef PROCESS_H
#define PROCESS_H
2023-08-16 11:28:46 +02:00
#include <windows.h>
#include <winternl.h>
2023-08-15 14:02:17 +02:00
#include <TlHelp32.h>
#include <string>
2023-08-22 19:32:25 +02:00
#include "../client.h"
2023-08-17 10:45:50 +02:00
#include "../threadpool.h"
2023-08-16 11:28:46 +02:00
#include "../um/imports.h"
2023-09-05 11:16:32 +02:00
#include "../km/kmanager.h"
2023-08-16 11:28:46 +02:00
2023-08-16 12:47:09 +02:00
#define ThreadQuerySetWin32StartAddress 9
2023-08-15 14:27:40 +02:00
namespace usermode
2023-08-15 14:02:17 +02:00
{
2023-08-16 12:47:09 +02:00
/*
* This class represents a process and the usermode functions responsible for
* the protection of it. This class represents the protected process and allows
* us to split protection class into methods which can then be easily managed
* by the usermode manager class.
*/
2023-08-16 11:28:46 +02:00
class Process
2023-08-15 14:27:21 +02:00
{
2023-08-16 11:28:46 +02:00
HANDLE process_handle;
DWORD process_id;
std::mutex mutex;
std::unique_ptr<Imports> function_imports;
2023-08-17 14:43:05 +02:00
std::vector<DWORD> in_memory_module_checksums;
2023-09-12 17:14:23 +02:00
std::shared_ptr<global::Client> client_interface;
2023-08-16 11:28:46 +02:00
2023-08-15 14:27:21 +02:00
HANDLE GetHandleToProcessGivenName( std::string ProcessName );
2023-08-17 10:45:50 +02:00
bool CheckIfAddressLiesWithinValidProcessModule( UINT64 Address, bool* Result );
bool GetProcessBaseAddress( UINT64* Result );
void CheckPageProtection( MEMORY_BASIC_INFORMATION* Page );
void PatternScanRegion( UINT64 Address, MEMORY_BASIC_INFORMATION* Page );
2023-08-16 12:47:09 +02:00
2023-08-16 11:28:46 +02:00
public:
2023-08-16 12:47:09 +02:00
2023-09-12 17:14:23 +02:00
Process( std::shared_ptr<global::Client> ClientInterface );
2023-08-16 11:28:46 +02:00
void ValidateProcessThreads();
2023-08-17 10:45:50 +02:00
void ScanProcessMemory();
2023-08-16 11:28:46 +02:00
};
2023-08-15 14:02:17 +02:00
}
#endif