BOOLEAN
ObReadObject(
_In_ ULONG64 Object,
_Out_ PHANDLE_OBJECT HandleObj
)
/*++
Routine Description:
Description.
Arguments:
Object -
HandleObj -
Return Value:
BOOLEAN.
--*/
{
BOOLEAN Result = FALSE;
LPWSTR ObjName = NULL;
ULONG BodyOffset = 0;
GetFieldOffset("nt!_OBJECT_HEADER", "Body", &BodyOffset);
WCHAR TypeStr[64] = { 0 };
if ((!Object) || (!IsValid(Object))) return FALSE;
if (!ObTypeInit)
{
ObjTypeTable = ExtRemoteTyped("(nt!_OBJECT_TYPE **)@$extin", GetExpression("nt!ObTypeIndexTable"));
ObTypeInit = TRUE;
}
ULONG64 ObjHeaderAddr = Object - BodyOffset;
if (!IsValid(ObjHeaderAddr)) return FALSE;
ExtRemoteTyped ObjHeader("(nt!_OBJECT_HEADER *)@$extin", ObjHeaderAddr);
HandleObj->ObjectPtr = Object; // ObjHeader.Field("Body").GetPointerTo().GetPtr();
if (ObjHeader.HasField("TypeIndex"))
{
HandleObj->ObjectTypeIndex = ObjHeader.Field("TypeIndex").GetChar();
if ((HandleObj->ObjectTypeIndex <= 1) || (HandleObj->ObjectTypeIndex >= 45)) return FALSE;
ExtRemoteTypedEx::GetUnicodeString(ObjTypeTable.ArrayElement(HandleObj->ObjectTypeIndex).Field("Name"), TypeStr, sizeof(TypeStr));
wcscpy_s(HandleObj->Type, TypeStr);
}
else
{
if (!IsValid(ObjHeader.Field("Type").GetPtr())) goto CleanUp;
ExtRemoteTypedEx::GetUnicodeString(ObjHeader.Field("Type").Field("Name"), TypeStr, sizeof(TypeStr));
wcscpy_s(HandleObj->Type, TypeStr);
}
if (_wcsicmp(TypeStr, L"File") == 0)
{
ExtRemoteTyped FileObject("(nt!_FILE_OBJECT *)@$extin", HandleObj->ObjectPtr);
ObjName = ExtRemoteTypedEx::GetUnicodeString2(FileObject.Field("FileName"));
}
else if (_wcsicmp(TypeStr, L"Driver") == 0)
{
ExtRemoteTyped DrvObject("(nt!_DRIVER_OBJECT *)@$extin", HandleObj->ObjectPtr);
ObjName = ExtRemoteTypedEx::GetUnicodeString2(DrvObject.Field("DriverName"));
}
else if (_wcsicmp(TypeStr, L"Process") == 0)
{
ExtRemoteTyped ProcessObj("(nt!_EPROCESS *)@$extin", HandleObj->ObjectPtr);
ObjName = ExtRemoteTypedEx::GetUnicodeString2(ProcessObj.Field("ImageFileName"));
}
else if (_wcsicmp(TypeStr, L"ALPC Port") == 0)
{
// dt nt!_ALPC_PORT
}
else if (_wcsicmp(TypeStr, L"EtwRegistration") == 0)
{
// dt nt!_ETW_?
}
else if (_wcsicmp(TypeStr, L"Thread") == 0)
{
// dt nt!_ETHREAD
}
else if (_wcsicmp(TypeStr, L"Event") == 0)
{
// dt nt!_KTHREAD
}
else if (_wcsicmp(TypeStr, L"Key") == 0)
{
ExtRemoteTyped KeyObject("(nt!_CM_KEY_BODY *)@$extin", HandleObj->ObjectPtr);
HandleObj->ObjectKcb = KeyObject.Field("KeyControlBlock").GetPtr();
ObjName = RegGetKeyName(KeyObject.Field("KeyControlBlock"));
// dt nt!_CM_KEY_BODY -> nt!_CM_KEY_CONTROL_BLOCK
}
else
{
ULONG Offset = 0;
UCHAR InfoMask = 0;
if (ObjHeader.HasField("InfoMask"))
{
InfoMask = ObjHeader.Field("InfoMask").GetUchar();
if (InfoMask & OBP_NAME_INFO_BIT)
{
if (InfoMask & OBP_CREATOR_INFO_BIT) Offset += GetTypeSize("nt!_OBJECT_HEADER_CREATOR_INFO");
Offset += GetTypeSize("nt!_OBJECT_HEADER_NAME_INFO");
}
}
else
{
Offset = ObjHeader.Field("NameInfoOffset").GetUchar();
}
if (Offset)
{
ExtRemoteTyped ObjNameInfo("(nt!_OBJECT_HEADER_NAME_INFO *)@$extin", ObjHeaderAddr - Offset);
ObjName = ExtRemoteTypedEx::GetUnicodeString2(ObjNameInfo.Field("Name"));
}
}
if (ObjName)
{
wcscpy_s(HandleObj->Name, ObjName);
free(ObjName);
ObjName = NULL;
}
Result = TRUE;
CleanUp:
return Result;
}
//MAIN LOGIC BEGINS
int main() {
//first unsigned int=total length of the actual representation, char = first 8 digits of the actual representation,
//each KeyObject has these properties:
//unsigned int unencodedLength; the total length of the unencoded number
//unsigned int firstNDigits; the first 32 digits of the unencoded number
//unsigned int primeRepresentation; the encoded representation of the number/key
std::vector<KeyObject> keys;
for(unsigned int i=0; i < 10000; i++){
keys.push_back(KeyObject());
}
//unsigned int initialLowerBoundIndex = 0;
//recursiveFillKeys(lowerBounds,upperBounds,initialLowerBoundIndex,keys,primes);
//simple examle of generating the keys structure. (these are the numbers we will reduce the file to,
//we store them in our ultra compact representation with some identifying info)
//for (unsigned int i=6; i<10; i++){
// for (unsigned int j=6; j<10; j++){
// keys[(h-6)*16 + (i-6)*4 + (j-6)] = unsigned integerExponent(prime[0],i)*unsigned integerExponent(prime[1],j)....
// }
//}
Vvi input(build_input());
std::cout << input << "\n";
Vvi output;
cart_product(input, output);
std::cout << output << "\n";
//sample input/output
//input
// (
// (0, 1, 2, )
// (10, 11, 12, )
// (20, 21, 22, )
// )
// output
// (
// (0, 10, 20, )
// (1, 10, 20, )
// (2, 10, 20, )
// (0, 11, 20, )
// (1, 11, 20, )
// (2, 11, 20, )
// (0, 12, 20, )
// (1, 12, 20, )
// (2, 12, 20, )
// (0, 10, 21, )
// (1, 10, 21, )
// (2, 10, 21, )
// (0, 11, 21, )
// (1, 11, 21, )
// (2, 11, 21, )
// (0, 12, 21, )
// (1, 12, 21, )
// (2, 12, 21, )
// (0, 10, 22, )
// (1, 10, 22, )
// (2, 10, 22, )
// (0, 11, 22, )
// (1, 11, 22, )
// (2, 11, 22, )
// (0, 12, 22, )
// (1, 12, 22, )
// (2, 12, 22, ))
unsigned int counter = 0;
for(Vvi::iterator it = output.begin(); ; ) {
//keyExponentValues gives us a vector with all the exponents we need to use
//to create a key
//here we calculate the number represented by the exponents
mpz_t n;
mpz_init(n);
mpz_set(n,1);
for (Vi::iterator keyExponentValues = it->begin(); ; ){
mpz_t k;
mpz_init(k);
mpz_set(k,globals.primes[counter]);
mpz_mul(n,n,k);
n *= k;
mpz_clear (k);
//mpz_sizeinbase (mpz_t op, int base)
//mpz_sizeinbase (mpz_t op, int base)
//base can only be up to size 62 max!
//here we store the length of the number represented by the exponents
keys[counter].unencodedLength = 0;
//here we store the first n digits of the number represented by the exponents
keys[counter].firstNDigits = 0;
mpz_clear (n);
//this simulates log base 2
unsigned int bitsToStoreExponent= 0;
unsigned int exponentRange = globals.exponentMax - globals.exponentMin;
while (exponentRange >>= 1) ++bitsToStoreExponent;
//IMPORTANT ENCODING LOCATED RIGHT HERE IN THIS COMMENT!!!
//00 = 6th power, 01=7th, 10=8th, 11=9th,
//first 2 bits are for 2, next 2 are for 3, next 2 are for 5, etc. etc.
unsigned int exponentCounter = 0;
for(Vi::iterator keyExponentValues = it->begin(); ; ) {
for (int j=globals.exponentMin; j<globals.exponentMax; j++){
for (int k=0;k<bitsToStoreExponent;k++){
//set i'th prime number bits to appropiate value between 0 and 2^k for exponent value j
//globals.exponentMin - j want to turn this into binary representation, get appropriate number for ith place
if (k==j){
//keys[counter].primeRepresentation();
//(globals.exponentMin - j) might be useful
if (*keyExponentValues % intPow(2,k)==0){//base 10 number convert to base two, get ith digit.
keys[counter].primeRepresentation.set(globals.howManyOfFirstNBitsStoredInKey
- exponentCounter*bitsToStoreExponent,1);
}
else{
keys[counter].primeRepresentation.set(globals.howManyOfFirstNBitsStoredInKey
- exponentCounter*bitsToStoreExponent,0);
}
}
}
}
//illustrative but less general example
//switch(keyExponentValues->me[i]){
// case 6:
// keys[counter].primeRepresentation();
// keys[counter].primeRepresentation.set[32-i*2,0];
// keys[counter].primeRepresentation.set[31-i*2,0];
// break;
// case 7:
// keys[counter].primeRepresentation();
// keys[counter].primeRepresentation.set[32,0];
// keys[counter].primeRepresentation.set[31,1];
// break;
// case 8:
// keys[counter].primeRepresentation();
// keys[counter].primeRepresentation.set[32,1];
// keys[counter].primeRepresentation.set[31,0];
// break;
// case 9:
// keys[counter].primeRepresentation();
// keys[counter].primeRepresentation.set[32,1];
// keys[counter].primeRepresentation.set[31,1];
// break;
//}
exponentCounter++;
keyExponentValues++;
}
}
counter++;
it++;
}
//HERE IS WHERE WE READ THE FILE IN THAT WE WILL ENCODE
//TODO move this to a different section
//char* input = getInputFromFile();
//unsigned int i = 0;
//while (input[i] != '\0'){
//}
return 0;
}