// Is called for every instruction and instruments reads and writes VOID Instruction(INS ins, VOID *v) { BOOL hasReadSegmentedMemAccess = FALSE; BOOL hasWriteSegmentedMemAccess = FALSE; if (INS_SegmentRegPrefix(ins) == TESTED_SEG_REG) //INS_OperandMemorySegmentReg, INS_SegPrefixIsMemoryRead, INS_OperandMemoryDisplacement { if (INS_IsMemoryRead(ins)) { HandleAccess (ins, TRUE /* isRead*/, &hasReadSegmentedMemAccess) ; } if (INS_IsMemoryWrite(ins)) { HandleAccess (ins, FALSE /* isRead*/, &hasWriteSegmentedMemAccess); } if (!hasReadSegmentedMemAccess && !hasWriteSegmentedMemAccess) { fprintf(trace, "**ERROR SegMemAccess-Lies %p %s\n", INS_Address(ins), INS_Disassemble(ins).c_str()); hadError = TRUE; } } /*fprintf(trace, "%p %s\n", INS_Address(ins), INS_Disassemble(ins).c_str()); fflush (trace);*/ }
void AccessToken::AdjustPrivilege(RCString spriv) { TOKEN_PRIVILEGES tp = { 1 }; Win32Check(::LookupPrivilegeValue(0, spriv, &tp.Privileges[0].Luid)); tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; ::SetLastError(0); Win32Check(::AdjustTokenPrivileges((HANDLE)(intptr_t)HandleAccess(_self), FALSE, &tp, 0, (PTOKEN_PRIVILEGES)0, 0) && !::GetLastError()); // can return TRUE even when ERROR_NOT_ALL_ASSIGNED }
int FrameBuffer::ExceptionFilter(unsigned int code, struct _EXCEPTION_POINTERS *ep) { if (ep->ExceptionRecord->ExceptionCode != EXCEPTION_ACCESS_VIOLATION) return EXCEPTION_CONTINUE_SEARCH; if ((m_pEvenLines == NULL) || (m_pOddLines == NULL)) return EXCEPTION_CONTINUE_SEARCH; char* pMemAddr = (char*) ep->ExceptionRecord->ExceptionInformation[1]; if (IsInBlock(m_pEvenLines, 720*576, pMemAddr)) return HandleAccess(m_pEvenLines, pMemAddr, ep->ExceptionRecord->ExceptionInformation[0]); if (IsInBlock(m_pOddLines, 720*576, pMemAddr)) return HandleAccess(m_pOddLines, pMemAddr, ep->ExceptionRecord->ExceptionInformation[0]); return EXCEPTION_CONTINUE_SEARCH; }
Sid AccessToken::get_User() { BYTE buf[1000]; DWORD dw; Win32Check(::GetTokenInformation((HANDLE)(intptr_t)HandleAccess(_self), TokenUser, buf, sizeof(buf), &dw)); return (SID*)((TOKEN_USER*)buf)->User.Sid; }
AccessToken::AccessToken(Process& process) { HANDLE h; Win32Check(::OpenProcessToken((HANDLE)(intptr_t)HandleAccess(*process.m_pimpl), MAXIMUM_ALLOWED, &h)); Attach(h); }
// Is called for every instruction and instruments reads and writes VOID Instruction(INS ins, VOID *v) { BOOL readsMemory, writesMemory, hasReadSegmentedMemAccess, hasWriteSegmentedMemAccess; if (INS_EffectiveAddressWidth(ins)==16) { if (INS_SegmentRegPrefix(ins) == TESTED_SEG_REG) { readsMemory = INS_SegPrefixIsMemoryRead(ins); writesMemory = INS_SegPrefixIsMemoryWrite(ins); if(readsMemory) { if (INS_IsMemoryRead(ins)) { HandleSegmentedAccess (ins, TRUE /* isRead*/, &hasReadSegmentedMemAccess) ; } } if (writesMemory) { if (INS_IsMemoryWrite(ins)) { HandleSegmentedAccess (ins, FALSE /* isRead*/, &hasWriteSegmentedMemAccess); } } if (!hasReadSegmentedMemAccess && !hasWriteSegmentedMemAccess) { fprintf(trace, "**ERROR SegMemAccess-Lies %p %s\n", INS_Address(ins), INS_Disassemble(ins).c_str()); hadError = TRUE; } else { fprintf (trace, "Instrumented ins: %x %s\n", INS_Address(ins), INS_Disassemble(ins).c_str()); } fflush(trace); } else if (INS_IsMemoryRead(ins) || INS_IsMemoryWrite(ins)) { fprintf (trace, "Instrumented ins: %x %s\n", INS_Address(ins), INS_Disassemble(ins).c_str()); fflush (trace); HandleAccess (ins, INS_IsMemoryRead(ins)) ; } } #ifndef TARGET_LINUX UINT32 operandCount = INS_OperandCount (ins); UINT32 i; for (i=0; i<operandCount; i++) { if (INS_OperandIsReg (ins, i) && REG_is_seg(INS_OperandReg (ins, i)) && INS_OperandWritten(ins, i)) { fprintf(trace, "**ERROR SegOperand-WRITE, not supported %p %s\n", INS_Address(ins), INS_Disassemble(ins).c_str()); fflush(trace); hadError = TRUE; } } #endif /*fprintf(trace, "%p %s\n", INS_Address(ins), INS_Disassemble(ins).c_str()); fflush (trace);*/ }