noury/mirror-ac
1
0
Fork 0
mirror of https://github.com/donnaskiez/ac.git synced 2024-11-21 22:24:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

database models updateeee c:

Browse source
This commit is contained in:
lhodges1 2023-09-22 22:29:51 +10:00
parent 737b64e195
commit 6f7f6b101a
15 changed files with 631 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
server/Database/Entity/Report/Types/AttachProcessEntity.cs Normal file
View file

@ -0,0 +1,26 @@
using server.Database.Model;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace server.Database.Entity.Report.Types
{
public class AttachProcessEntity : ReportTypeAttachProcess, IReportEntity
{
private readonly ModelContext _modelContext;
public ReportEntity ReportEntity { get; set; }
public AttachProcessEntity(ModelContext modelContext)
{
ReportEntity = new ReportEntity(modelContext);
_modelContext = modelContext;
}
public void InsertReport()
{
_modelContext.ReportTypeAttachProcess.Add(this);
}
}
}

26
server/Database/Entity/Report/Types/HiddenSystemThreadEntity.cs Normal file
View file

@ -0,0 +1,26 @@
using server.Database.Model;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace server.Database.Entity.Report.Types
{
public class HiddenSystemThreadEntity : ReportTypeHiddenSystemThread, IReportEntity
{
private readonly ModelContext _modelContext;
public ReportEntity ReportEntity { get; set; }
public HiddenSystemThreadEntity(ModelContext modelContext)
{
ReportEntity = new ReportEntity(modelContext);
_modelContext = modelContext;
}
public void InsertReport()
{
_modelContext.ReportTypeHiddenSystemThread.Add(this);
}
}
}

2
server/Database/Entity/Report/Types/IllegalHandleOperationEntity.cs
View file

@ -10,7 +10,7 @@ namespace server.Database.Entity.Report.Types
public class ReportTypeIllegalHandleOperationEntity : ReportTypeIllegalHandleOperation, IReportEntity
{
private readonly ModelContext _modelContext;
public Report.ReportEntity ReportEntity { get; set; }
public ReportEntity ReportEntity { get; set; }
public ReportTypeIllegalHandleOperationEntity(ModelContext modelContext)
{

26
server/Database/Entity/Report/Types/InvalidProcessAllocationEntity.cs Normal file
View file

@ -0,0 +1,26 @@
using server.Database.Model;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace server.Database.Entity.Report.Types
{
public class InvalidProcessAllocationEntity : ReportTypeInvalidProcessAllocation, IReportEntity
{
private readonly ModelContext _modelContext;
public ReportEntity ReportEntity { get; set; }
public InvalidProcessAllocationEntity(ModelContext modelContext)
{
ReportEntity = new ReportEntity(modelContext);
_modelContext = modelContext;
}
public void InsertReport()
{
_modelContext.ReportTypeInvalidProcessAllocation.Add(this);
}
}
}

18
server/Database/Entity/Report/Types/NmiCallbackEntity.cs
View file

@ -1,4 +1,5 @@
using System;
using server.Database.Model;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
@ -6,7 +7,20 @@ using System.Threading.Tasks;
namespace server.Database.Entity.Report.Types
{
internal class NmiCallbackEntity
public class NmiCallbackEntity : ReportTypeNmiCallback, IReportEntity
{
private readonly ModelContext _modelContext;
public ReportEntity ReportEntity { get; set; }
public NmiCallbackEntity(ModelContext modelContext)
{
ReportEntity = new ReportEntity(modelContext);
_modelContext = modelContext;
}
public void InsertReport()
{
_modelContext.ReportTypeNmiCallback.Add(this);
}
}
}

18
server/Database/Entity/Report/Types/PageProtectionEntity.cs
View file

@ -1,4 +1,5 @@
using System;
using server.Database.Model;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
@ -6,7 +7,20 @@ using System.Threading.Tasks;
namespace server.Database.Entity.Report.Types
{
internal class PageProtectionEntity
public class PageProtectionEntity : ReportTypePageProtection, IReportEntity
{
private readonly ModelContext _modelContext;
public ReportEntity ReportEntity { get; set; }
public PageProtectionEntity(ModelContext modelContext)
{
ReportEntity = new ReportEntity(modelContext);
_modelContext = modelContext;
}
public void InsertReport()
{
_modelContext.ReportTypePageProtection.Add(this);
}
}
}

18
server/Database/Entity/Report/Types/PatternScanEntity.cs
View file

@ -1,4 +1,5 @@
using System;
using server.Database.Model;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
@ -6,7 +7,20 @@ using System.Threading.Tasks;
namespace server.Database.Entity.Report.Types
{
internal class PatternScanEntity
public class PatternScanEntity : ReportTypePatternScan, IReportEntity
{
private readonly ModelContext _modelContext;
public ReportEntity ReportEntity { get; set; }
public PatternScanEntity(ModelContext modelContext)
{
ReportEntity = new ReportEntity(modelContext);
_modelContext = modelContext;
}
public void InsertReport()
{
_modelContext.ReportTypePatternScan.Add(this);
}
}
}

27
server/Database/Entity/Report/Types/ProcessModuleIntegrityCheckEntity.cs Normal file
View file

@ -0,0 +1,27 @@
using server.Database.Model;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace server.Database.Entity.Report.Types
{
public class ProcessModuleIntegrityCheckEntity : ReportTypeProcessModuleIntegrityCheck, IReportEntity
{
private readonly ModelContext _modelContext;
public ReportEntity ReportEntity { get; set; }
public ProcessModuleIntegrityCheckEntity(ModelContext modelContext)
{
ReportEntity = new ReportEntity(modelContext);
_modelContext = modelContext;
}
public void InsertReport()
{
_modelContext.ReportTypeProcessModuleIntegrityCheck.Add(this);
}
}
}

18
server/Database/Entity/Report/Types/StartAddressEntity.cs
View file

@ -1,4 +1,5 @@
using System;
using server.Database.Model;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
@ -6,7 +7,20 @@ using System.Threading.Tasks;
namespace server.Database.Entity.Report.Types
{
internal class StartAddressEntity
public class StartAddressEntity : ReportTypeStartAddress, IReportEntity
{
private readonly ModelContext _modelContext;
public ReportEntity ReportEntity { get; set; }
public StartAddressEntity(ModelContext modelContext)
{
ReportEntity = new ReportEntity(modelContext);
_modelContext = modelContext;
}
public void InsertReport()
{
_modelContext.ReportTypeStartAddress.Add(this);
}
}
}

18
server/Database/Entity/Report/Types/SystemModuleValidationEntity.cs
View file

@ -1,4 +1,5 @@
using System;
using server.Database.Model;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
@ -6,7 +7,20 @@ using System.Threading.Tasks;
namespace server.Database.Entity.Report.Types
{
internal class SystemModuleValidationEntity
public class SystemModuleValidationEntity : ReportTypeSystemModuleValidation, IReportEntity
{
private readonly ModelContext _modelContext;
public ReportEntity ReportEntity { get; set; }
public SystemModuleValidationEntity(ModelContext modelContext)
{
ReportEntity = new ReportEntity(modelContext);
_modelContext = modelContext;
}
public void InsertReport()
{
_modelContext.ReportTypeSystemModuleValidation.Add(this);
}
}
}

39
server/Database/Model/Model.cs
View file

@ -38,6 +38,10 @@ namespace server.Database.Model
public virtual ICollection<ReportTypePatternScan> ReportTypePatternScans { get; set; }
public virtual ICollection<ReportTypeNmiCallback> ReportTypeNmiCallbacks { get; set; }
public virtual ICollection<ReportTypeSystemModuleValidation> ReportTypeSystemModuleValidations { get; set; }
public virtual ICollection<ReportTypeHiddenSystemThread> ReportTypeHiddenSystemThreads { get; set; }
public virtual ICollection<ReportTypeAttachProcess> ReportTypeAttachProcesses { get; set; }
public virtual ICollection<ReportTypeInvalidProcessAllocation> ReportTypeInvalidProcessAllocations { get; set; }
public virtual ICollection<ReportTypeProcessModuleIntegrityCheck> ReportTypeProcessModuleIntegrityChecks { get; set; }
}
public class ReportTypeIllegalHandleOperation
@ -95,4 +99,39 @@ namespace server.Database.Model
public long DriverSize { get; set; }
public string ModuleName { get; set; }
}
public class ReportTypeHiddenSystemThread
{
public virtual Report Report { get; set; }
public int ReportNumber { get; set; }
public int FoundInKThreadList { get; set; }
public int FoundInPspCidTable { get; set; }
public long ThreadAddress { get; set; }
public int ThreadId { get; set; }
public byte[] ThreadStructure { get; set; }
}
public class ReportTypeAttachProcess
{
public virtual Report Report { get; set; }
public int ReportNumber { get; set; }
public int ThreadId { get; set; }
public long ThreadAddress { get; set; }
}
public class ReportTypeInvalidProcessAllocation
{
public virtual Report Report { get; set; }
public int ReportNumber { get; set; }
public byte[] ProcessStructure { get; set; }
}
public class ReportTypeProcessModuleIntegrityCheck
{
public virtual Report Report { get; set; }
public int ReportNumber { get; set; }
public long ModuleBaseAddress { get; set; }
public int ModuleSize { get; set; }
public string ModuleName { get; set; }
}
}

84
server/Database/Model/ModelContext.cs
View file

@ -21,6 +21,10 @@ namespace server.Database.Model
public DbSet<ReportTypePatternScan> ReportTypePatternScan { get; set; }
public DbSet<ReportTypeNmiCallback> ReportTypeNmiCallback { get; set; }
public DbSet<ReportTypeSystemModuleValidation> ReportTypeSystemModuleValidation { get; set; }
public DbSet<ReportTypeHiddenSystemThread> ReportTypeHiddenSystemThread { get; set; }
public DbSet<ReportTypeAttachProcess> ReportTypeAttachProcess { get; set; }
public DbSet<ReportTypeInvalidProcessAllocation> ReportTypeInvalidProcessAllocation { get; set; }
public DbSet<ReportTypeProcessModuleIntegrityCheck> ReportTypeProcessModuleIntegrityCheck { get; set; }
protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
{
@ -201,6 +205,86 @@ namespace server.Database.Model
entity.HasOne(d => d.Report)
.WithMany(f => f.ReportTypeSystemModuleValidations);
});
modelBuilder.Entity<ReportTypeHiddenSystemThread>(entity =>
{
entity.HasKey(e => e.ReportNumber);
entity.Property(e => e.ReportNumber)
.UseMySQLAutoIncrementColumn(entity.Property(e => e.ReportNumber).Metadata.Name);
entity.Property(e => e.FoundInKThreadList)
.IsRequired();
entity.Property(e => e.FoundInPspCidTable)
.IsRequired();
entity.Property(e => e.ThreadAddress)
.IsRequired();
entity.Property(e => e.ThreadId)
.IsRequired();
entity.Property(e => e.ThreadStructure)
.IsRequired();
entity.HasOne(d => d.Report)
.WithMany(f => f.ReportTypeHiddenSystemThreads);
});
modelBuilder.Entity<ReportTypeAttachProcess>(entity =>
{
entity.HasKey(e => e.ReportNumber);
entity.Property(e => e.ReportNumber)
.UseMySQLAutoIncrementColumn(entity.Property(e => e.ReportNumber).Metadata.Name);
entity.Property(e => e.ThreadId)
.IsRequired();
entity.Property(e => e.ThreadAddress)
.IsRequired();
entity.Property(e => e.ThreadAddress)
.IsRequired();
entity.HasOne(d => d.Report)
.WithMany(f => f.ReportTypeAttachProcesses);
});
modelBuilder.Entity<ReportTypeInvalidProcessAllocation>(entity =>
{
entity.HasKey(e => e.ReportNumber);
entity.Property(e => e.ReportNumber)
.UseMySQLAutoIncrementColumn(entity.Property(e => e.ReportNumber).Metadata.Name);
entity.Property(e => e.ProcessStructure)
.IsRequired();
entity.HasOne(d => d.Report)
.WithMany(f => f.ReportTypeInvalidProcessAllocations);
});
modelBuilder.Entity<ReportTypeProcessModuleIntegrityCheck>(entity =>
{
entity.HasKey(e => e.ReportNumber);
entity.Property(e => e.ReportNumber)
.UseMySQLAutoIncrementColumn(entity.Property(e => e.ReportNumber).Metadata.Name);
entity.Property(e => e.ModuleBaseAddress)
.IsRequired();
entity.Property(e => e.ModuleSize)
.IsRequired();
entity.Property(e => e.ModuleName)
.IsRequired();
entity.HasOne(d => d.Report)
.WithMany(f => f.ReportTypeProcessModuleIntegrityChecks);
});
}
}
}

299
server/Message/ClientReport.cs
View file

@ -87,31 +87,39 @@ namespace server.Message
_logger.Information("REPORT CODE: MODULE_VERIFICATION");
break;
case (int)CLIENT_SEND_REPORT_ID.START_ADDRESS_VERIFICATION:
_logger.Information("REPORT_CODE_START_ADDRESS_VERIFICATION");
_logger.Information("REPORT CODE: START_ADDRESS_VERIFICATION");
HandleReportStartAddressVerification();
break;
case (int)CLIENT_SEND_REPORT_ID.PAGE_PROTECTION_VERIFICATION:
_logger.Information("REPORT_PAGE_PROTECTION_VERIFICATION");
_logger.Information("REPORT CODE: PAGE_PROTECTION_VERIFICATION");
HandleReportPageProtection();
break;
case (int)CLIENT_SEND_REPORT_ID.PATTERN_SCAN_FAILURE:
_logger.Information("REPORT_PATTERN_SCAN_FAILURE");
HandleReportPatternScan();
break;
case (int)CLIENT_SEND_REPORT_ID.NMI_CALLBACK_FAILURE:
_logger.Information("REPORT_NMI_CALLBACK_FAILURE");
HandleReportNmiCallback();
break;
case (int)CLIENT_SEND_REPORT_ID.MODULE_VALIDATION_FAILURE:
_logger.Information("REPORT_MODULE_VALIDATION_FAILURE");
HandleReportSystemModuleValidation();
break;
case (int)CLIENT_SEND_REPORT_ID.ILLEGAL_HANDLE_OPERATION:
HandleReportIllegalHandleOperation();
break;
case (int)CLIENT_SEND_REPORT_ID.INVALID_PROCESS_ALLOCATION:
_logger.Information("REPORT_INVALID_PROCESS_ALLOCATION");
HandleInvalidProcessAllocation();
break;
case (int)CLIENT_SEND_REPORT_ID.HIDDEN_SYSTEM_THREAD:
_logger.Information("REPORT_HIDDEN_SYSTEM_THREAD");
HandleReportHiddenSystemThread();
break;
case (int)CLIENT_SEND_REPORT_ID.ILLEGAL_ATTACH_PROCESS:
_logger.Information("REPORT_ILLEGAL_ATTACH_PROCESS");
HandleReportAttachProcess();
break;
default:
_logger.Information("Report code not handled yet");
@ -124,8 +132,8 @@ namespace server.Message
unsafe public void HandleReportIllegalHandleOperation()
{
OPEN_HANDLE_FAILURE_REPORT report =
Helper.BytesToStructure<OPEN_HANDLE_FAILURE_REPORT>(_buffer, sizeof(PACKET_HEADER));
OPEN_HANDLE_FAILURE report =
Helper.BytesToStructure<OPEN_HANDLE_FAILURE>(_buffer, sizeof(PACKET_HEADER));
_logger.Information("ProcessName: {0}, ProcessID: {1:x}, ThreadId: {2:x}, DesiredAccess{3:x}",
report.ProcessName,
@ -164,5 +172,288 @@ namespace server.Message
context.SaveChanges();
}
}
unsafe public void HandleReportStartAddressVerification()
{
PROCESS_THREAD_START_FAILURE report =
Helper.BytesToStructure<PROCESS_THREAD_START_FAILURE>(_buffer, sizeof(PACKET_HEADER));
_logger.Information("ThreadId: {0}, ThreadStartAddress: {1:x}",
report.ThreadId,
report.StartAddress);
using (var context = new ModelContext())
{
UserEntity user = new UserEntity(context);
var newReport = new ReportEntity(context)
{
User = user.GetUserBySteamId(this._packetHeader.steam64_id),
ReportCode = (int)CLIENT_SEND_REPORT_ID.START_ADDRESS_VERIFICATION
};
newReport.InsertReport();
var reportTypeStartAddress = new StartAddressEntity(context)
{
Report = newReport,
ThreadId = report.ThreadId,
ThreadStartAddress = report.StartAddress
};
reportTypeStartAddress.InsertReport();
context.SaveChanges();
}
}
unsafe public void HandleReportPageProtection()
{
PAGE_PROTECTION_FAILURE report =
Helper.BytesToStructure<PAGE_PROTECTION_FAILURE>(_buffer, sizeof(PACKET_HEADER));
_logger.Information("Page base address: {0:x}, allocation protection: {1:x}, allocation state: {2:x}, allocationtype: {3:x}",
report.PageBaseAddress,
report.AllocationProtection,
report.AllocationState,
report.AllocationType);
using (var context = new ModelContext())
{
UserEntity user = new UserEntity(context);
var newReport = new ReportEntity(context)
{
User = user.GetUserBySteamId(this._packetHeader.steam64_id),
ReportCode = (int)CLIENT_SEND_REPORT_ID.PAGE_PROTECTION_VERIFICATION
};
newReport.InsertReport();
var reportTypePageProtection = new PageProtectionEntity(context)
{
Report = newReport,
PageBaseAddress = report.PageBaseAddress,
AllocationProtection = report.AllocationProtection,
AllocationState = report.AllocationState,
AllocationType = report.AllocationType
};
reportTypePageProtection.InsertReport();
context.SaveChanges();
}
}
unsafe public void HandleReportPatternScan()
{
PATTERN_SCAN_FAILURE report =
Helper.BytesToStructure<PATTERN_SCAN_FAILURE>(_buffer, sizeof(PACKET_HEADER));
_logger.Information("signature id: {0}, address: {1:x}",
report.SignatureId,
report.Address);
using (var context = new ModelContext())
{
UserEntity user = new UserEntity(context);
var newReport = new ReportEntity(context)
{
User = user.GetUserBySteamId(this._packetHeader.steam64_id),
ReportCode = (int)CLIENT_SEND_REPORT_ID.PATTERN_SCAN_FAILURE
};
newReport.InsertReport();
var reportTypePatternScan = new PatternScanEntity(context)
{
Report = newReport,
SignatureId = report.SignatureId,
Address = report.Address
};
reportTypePatternScan.InsertReport();
context.SaveChanges();
}
}
unsafe public void HandleReportNmiCallback()
{
NMI_CALLBACK_FAILURE report =
Helper.BytesToStructure<NMI_CALLBACK_FAILURE>(_buffer, sizeof(PACKET_HEADER));
_logger.Information("were nmis disabled: {0}, kthread: {1:x}, invalid rip: {2:x}",
report.WereNmisDisabled,
report.KThreadAddress,
report.InvalidRip);
using (var context = new ModelContext())
{
UserEntity user = new UserEntity(context);
var newReport = new ReportEntity(context)
{
User = user.GetUserBySteamId(this._packetHeader.steam64_id),
ReportCode = (int)CLIENT_SEND_REPORT_ID.NMI_CALLBACK_FAILURE
};
newReport.InsertReport();
var reportTypeNmiCallback = new NmiCallbackEntity(context)
{
Report = newReport,
WereNmisDisabled = report.WereNmisDisabled,
KThreadAddress = report.KThreadAddress,
InvalidRip = report.InvalidRip
};
reportTypeNmiCallback.InsertReport();
context.SaveChanges();
}
}
unsafe public void HandleReportSystemModuleValidation()
{
MODULE_VALIDATION_FAILURE report =
Helper.BytesToStructure<MODULE_VALIDATION_FAILURE>(_buffer, sizeof(PACKET_HEADER));
_logger.Information("report type: {0}, driver base: {1:x}, size: {2}, module name: {3}",
report.ReportType,
report.DriverBaseAddress,
report.DriverSize,
report.ModuleName);
using (var context = new ModelContext())
{
UserEntity user = new UserEntity(context);
var newReport = new ReportEntity(context)
{
User = user.GetUserBySteamId(this._packetHeader.steam64_id),
ReportCode = (int)CLIENT_SEND_REPORT_ID.MODULE_VALIDATION_FAILURE
};
newReport.InsertReport();
var reportTypeSystemModuleValidation = new SystemModuleValidationEntity(context)
{
Report = newReport,
ReportType = report.ReportType,
DriverBaseAddress = report.DriverBaseAddress,
DriverSize = report.DriverSize,
ModuleName = report.ModuleName
};
reportTypeSystemModuleValidation.InsertReport();
context.SaveChanges();
}
}
unsafe public void HandleReportHiddenSystemThread()
{
HIDDEN_SYSTEM_THREAD_FAILURE report =
Helper.BytesToStructure<HIDDEN_SYSTEM_THREAD_FAILURE>(_buffer, sizeof(PACKET_HEADER));
_logger.Information("found in kthread list: {0}, found in pspcidtable: {1}, thread address: {2:x}, thread id: {3:x}",
report.FoundInKThreadList,
report.FoundInPspCidTable,
report.ThreadAddress,
report.ThreadId);
using (var context = new ModelContext())
{
UserEntity user = new UserEntity(context);
var newReport = new ReportEntity(context)
{
User = user.GetUserBySteamId(this._packetHeader.steam64_id),
ReportCode = (int)CLIENT_SEND_REPORT_ID.HIDDEN_SYSTEM_THREAD
};
newReport.InsertReport();
var reportTypeHiddenSystemThread = new HiddenSystemThreadEntity(context)
{
Report = newReport,
FoundInKThreadList = report.FoundInKThreadList,
FoundInPspCidTable = report.FoundInPspCidTable,
ThreadAddress = report.ThreadAddress,
ThreadId = report.ThreadId
};
reportTypeHiddenSystemThread.InsertReport();
context.SaveChanges();
}
}
unsafe public void HandleReportAttachProcess()
{
ATTACH_PROCESS_FAILURE report =
Helper.BytesToStructure<ATTACH_PROCESS_FAILURE>(_buffer, sizeof(PACKET_HEADER));
_logger.Information("thread id: {0:x}, thread address: {1:x}",
report.ThreadId,
report.ThreadAddress);
using (var context = new ModelContext())
{
UserEntity user = new UserEntity(context);
var newReport = new ReportEntity(context)
{
User = user.GetUserBySteamId(this._packetHeader.steam64_id),
ReportCode = (int)CLIENT_SEND_REPORT_ID.ILLEGAL_ATTACH_PROCESS
};
newReport.InsertReport();
var reportTypeAttachProcess = new AttachProcessEntity(context)
{
Report = newReport,
ThreadId = report.ThreadId,
ThreadAddress = report.ThreadAddress,
};
reportTypeAttachProcess.InsertReport();
context.SaveChanges();
}
}
unsafe public void HandleInvalidProcessAllocation()
{
INVALID_PROCESS_ALLOCATION_FAILURE report =
Helper.BytesToStructure<INVALID_PROCESS_ALLOCATION_FAILURE>(_buffer, sizeof(PACKET_HEADER));
_logger.Information("received invalid process allocation structure");
using (var context = new ModelContext())
{
UserEntity user = new UserEntity(context);
var newReport = new ReportEntity(context)
{
User = user.GetUserBySteamId(this._packetHeader.steam64_id),
ReportCode = (int)CLIENT_SEND_REPORT_ID.INVALID_PROCESS_ALLOCATION
};
newReport.InsertReport();
var reportTypeInvalidProcessAllocation = new InvalidProcessAllocationEntity(context)
{
Report = newReport,
ProcessStructure = report.ProcessStructure
};
reportTypeInvalidProcessAllocation.InsertReport();
context.SaveChanges();
}
}
}
}

31
server/Types.cs
View file

@ -43,7 +43,7 @@ namespace server
{
public int ReportCode;
public UInt64 ModuleBaseAddress;
public UInt64 ModuleSize;
public int ModuleSize;
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 256)]
public string ModuleName;
}
@ -51,8 +51,8 @@ namespace server
public struct PROCESS_THREAD_START_FAILURE
{
public int ReportCode;
public long ThreadId;
public UInt64 StartAddress;
public int ThreadId;
public long StartAddress;
}
public struct PAGE_PROTECTION_FAILURE
@ -91,7 +91,7 @@ namespace server
}
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Ansi)]
public unsafe struct OPEN_HANDLE_FAILURE_REPORT
public unsafe struct OPEN_HANDLE_FAILURE
{
public int ReportCode;
public int IsKernelHandle;
@ -102,6 +102,29 @@ namespace server
public string ProcessName;
}
public struct INVALID_PROCESS_ALLOCATION_FAILURE
{
public int ReportCode;
public byte[] ProcessStructure;
}
public struct HIDDEN_SYSTEM_THREAD_FAILURE
{
public int ReportCode;
public int FoundInKThreadList;
public int FoundInPspCidTable;
public long ThreadAddress;
public int ThreadId;
public byte[] ThreadStructure;
}
public struct ATTACH_PROCESS_FAILURE
{
public int ReportCode;
public int ThreadId;
public long ThreadAddress;
}
}
}
}

1
user/client.h
View file

@ -178,7 +178,6 @@ namespace global
CHAR thread[ 4096 ];
};
struct ATTACH_PROCESS_REPORT
{
INT report_code;