DWORD WINAPI tenkBackChannel(LPVOID lpvParam) {
HANDLE hPipe;
TCHAR buf[BUFSIZE+1];
ULONG bytesRead, bytesWritten;
BOOL fSuccess;
ULONG64 funcAddr64;
ULONG *funcAddr, i;
struct AllocateStruct *aStruct = (struct AllocateStruct *)buf;
struct ReallocateStruct *rStruct = (struct ReallocateStruct *)buf;
struct FreeStruct *fStruct = (struct FreeStruct *)buf;
struct CreateStruct *cStruct = (struct CreateStruct *)buf;
struct DestroyStruct *dStruct = (struct DestroyStruct *)buf;
struct CoalesceStruct *cfbStruct = (struct CoalesceStruct *)buf;
hPipe = (HANDLE) lpvParam;
dprintf("[Byakugan] Waiting for named pipe connection...\n");
for(;!ConnectNamedPipe(hPipe, NULL) == TRUE;) { dprintf("[B] waiting for connection...\n"); }
dprintf("[Byakugan] Connected to back channel. :)\n");
// Load addresses from symbols if possible for undoumented interfaces
i = 0;
while (undocdFunc[i] != NULL) {
dprintf("[T] Sending address of %s\n", undocdFunc[i]);
fSuccess = WriteFile(hPipe, &(undocdAddr[i]), sizeof(ULONG), &bytesWritten, NULL);
if (!fSuccess || bytesWritten != sizeof(ULONG))
dprintf("[T] Failed to send address of %s\n", undocdFunc[i]);
i++;
}
//FlushFileBuffers(hPipe);
dprintf("[T] Sent addresses of %d undocumented functions.\n", i);
initializeHeapModel(&heapModel);
#undef THREEDHEAPFU_ENABLED //Place this in setup.bat
#if 0 //#ifdef THREEDHEAPFU_ENABLED
//Create a heap event proxy, play these back out to 3dheapfu
LPTSTR lpszProxyPipename = TEXT("\\\\.\\pipe\\tenketsuProxy");
BOOL fProxySuccess;
DWORD dwProxyMode = PIPE_READMODE_MESSAGE;
ULONG bytesProxyWritten;
static BOOL fDontAttemptProxyWrite = false;
HANDLE hProxyPipe = CreateFile(lpszProxyPipename,
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
0,
NULL);
if (hProxyPipe == INVALID_HANDLE_VALUE)
dprintf("hProxyPipe == invalid handle\n");
else
dprintf("hProxyPipe == good\n");
SetNamedPipeHandleState(hProxyPipe, &dwProxyMode, NULL, NULL); //?
#endif
while (1) {
fSuccess = ReadFile( hPipe,
buf,
BUFSIZE*sizeof(TCHAR),
&bytesRead,
NULL);
if (!fSuccess || bytesRead == 0) {
dprintf("[Byakugan] ReadFile failed, or read 0 bytes.\n");
continue;
}
#if 0 //#ifdef THREEDHEAPFU_ENABLED
//dprintf("jc: receieved an event of size %d. Forwarding on to ProxyPipe\n", bytesRead);
//WriteFile(hPipe, &freeinfo, sizeof(struct FreeStruct), &bytesWritten, NULL);
if (!fDontAttemptProxyWrite)
{
fProxySuccess = WriteFile(hProxyPipe, buf, bytesRead, &bytesProxyWritten, NULL);
if (bytesRead != bytesProxyWritten)
{
dprintf("Partial write to proxy on last event! ;(\n");
dprintf("event size was %d. wrote %d\n", bytesRead, bytesProxyWritten);
dprintf("Disabling message proxying until explicitly enabled.\n");
fDontAttemptProxyWrite = true;
}
}
#endif
switch ( *((BYTE *) buf) ) {
case ALLOCATESTRUCT:
//dprintf("[T] New Chunk @ 0x%08x\n", aStruct->ret);
//dprintf("Heap: 0x%08x\tFlags: 0x%08x\tSize: 0x%08x\n\n",
// aStruct->heapHandle, aStruct->flags, aStruct->size);
if (heapModel.state & MODEL) heapAllocate(&heapModel, aStruct);
if (heapModel.state & LOG) logAllocate(&heapModel, aStruct);
break;
case REALLOCATESTRUCT:
//dprintf("[T] Realloc'd Chunk @ 0x%08x\n", rStruct->ret);
//dprintf("Heap: 0x%08x\tFlags: 0x%08x\tSize: 0x%08x\n",
// rStruct->heapHandle, rStruct->flags, rStruct->size);
//if (rStruct->ret != (PVOID) rStruct->memoryPointer)
// dprintf("Replaces chunk @ 0x%08x\n", rStruct->memoryPointer);
//dprintf("\n");
if (heapModel.state & MODEL) heapReallocate(&heapModel, rStruct);
if (heapModel.state & LOG) logReallocate(&heapModel, rStruct);
break;
case FREESTRUCT:
//dprintf("[T] Free'd Chunk @ 0x%08x\n", fStruct->memoryPointer);
//dprintf("Heap: 0x%08x\tFlags: 0x%08x\n\n", fStruct->heapHandle, fStruct->flags);
if (heapModel.state & MODEL) heapFree(&heapModel, fStruct);
if (heapModel.state & LOG) logFree(&heapModel, fStruct);
break;
case CREATESTRUCT:
dprintf("[T] New Heap: 0x%08x\n", cStruct->ret);
dprintf("Base: 0x%08x\tReserve: 0x%08x\tFlags: 0x%08x\n",
cStruct->base, cStruct->reserve, cStruct->flags);
//dprintf("Commit: 0x%08x\tLock: 0x%08x\n\n", cStruct->commit, cStruct->lock);
if (heapModel.state & MODEL) heapCreate(&heapModel, cStruct);
break;
case DESTROYSTRUCT:
dprintf("[T] Heap Destroyed: 0x%08x\n\n", dStruct->heapHandle);
if (heapModel.state & MODEL) heapDestroy(&heapModel, dStruct);
break;
case COALESCESTRUCT:
//dprintf("[T] Free Block Consolidation (returned 0x%08x)\n", cfbStruct->ret);
//dprintf("Heap: 0x%08x\tArg2: 0x%08x\tArg3: 0x%08x\tArg4: 0x%08x\n\n",
// cfbStruct->heapHandle, cfbStruct->arg2, cfbStruct->arg3, cfbStruct->arg4);
if (heapModel.state & MODEL) heapCoalesce(&heapModel, cfbStruct);
break;
default:
dprintf("[Byakugan] Tenketsu: Unrecognized data was returned.\n");
}
}
return (0);
}
void *heapAllocateValue(Value_Type type) {
return heapAllocate(type->Size);
}
