Aktuelle Zeit: 30.10.2020 18:44

Alle Zeiten sind UTC + 1 Stunde [ Sommerzeit ]




Ein neues Thema erstellen Auf das Thema antworten  [ 2 Beiträge ] 
Autor Nachricht
 Betreff des Beitrags: Memory-Dump mit dem Oldie directnt.sys
BeitragVerfasst: 11.03.2008 18:31 
Offline
Benutzeravatar

Registriert: 11.11.2004 16:13
Wohnort: Magdeburg
Aus der Reihe "Oldie but Goldie" hier ein Beispiel, wie mit der directnt.sys (s. c't 1/97 Matthias Witthopf, Andreas Stiller) der physikalische Speicher ausgelesen werden kann. Mit dieser SYS kann man u.a. auch Control-und Maschinen-Register auslesen, aber das ist mir hier zu gefährlich. Benutzung sowieso auf eigene Gefahr! Für ganz Vorsichtige: Ich habe nur einen BOD erhalten bei Zugriffsversuchen auf physikalisch nicht vorhandenen Speicher (wenn nur 2 GB drin ist kann man nicht bei 3 GB auslesen wollen).
Code:
;- Physikalisches RAM auslesen (Memory Dump) mit der directnt.sys
;- Benutzung auf eigene Gefahr! Ein BOD kann immer mal auftreten!
;- "Helle" Klaus Helbing, 11.03.2008, PB4.10
;- Für die Dienst-Installation sind Administrator-Rechte notwendig!

Global Buffer.l=AllocateMemory(32)     ;hier Ersatz für Struktur(en)
Global BufferNutz.l
Global DriverStart.l
Global hMgr.l
Global hDrv.l
Global Result.l
Global ResultSize.l = 4
Global ResultLen.l
Global SpeicherAdresse.l
 
;- Konstanten
#OP_ReadPhysMemDword    = 40           ;ein physikalisches Dword von Speicher-Adresse #Par1# lesen
#IOCTL_DIRECTNT_CONTROL = 2621464576   ;CTL_CODE_(DIRECTNT_TYPE, $0800, METHOD_BUFFERED,FILE_READ_ACCESS)

;------------------ Überprüfung, ob Registry-Eintrag für directnt existiert
Procedure RegTest()
hReg = RegOpenKeyEx_(#HKEY_LOCAL_MACHINE, "SYSTEM\CurrentControlSet\Services\dev_directnt", 0, #KEY_ALL_ACCESS, @hKey)
If hReg = 0
  MessageRequester("Statusmeldung von RegTest", "directnt ist im System schon registriert")
 Else
  MessageRequester("Statusmeldung von RegTest", "directnt ist dem System nicht bekannt")
EndIf
RegCloseKey_(hKey)
EndProcedure
;------------------ 

;------------------ Dienst installieren
Procedure DienstInst()
hMgrC = OpenSCManager_(0, 0, #SC_MANAGER_CREATE_SERVICE)
SystemDir$ = Space(255)
FileL = GetSystemDirectory_(SystemDir$, 255)
DriverDir$ = Left(SystemDir$, FileL) + "\drivers"
OpenFile(0, DriverDir$ + "\directnt.sys")
If Lof(0) = 0                          ;Datei existierte also noch nicht
  WriteData(0, ?directnt, 3424)
EndIf
CloseFile(0)
hInst = CreateService_(hMgrC, "dev_directnt", "dev_directnt", #SERVICE_ALL_ACCESS, #SERVICE_KERNEL_DRIVER, #SERVICE_DEMAND_START, #SERVICE_ERROR_NORMAL, DriverDir$ + "\directnt.sys", #Null, #Null, #Null, #Null, #Null)
If hInst <> 0
  MessageRequester("Statusmeldung von DienstInst", "directnt wurde als Dienst installiert !")
 Else
  MessageRequester("Statusmeldung von DienstInst", "directnt konnte nicht als Dienst installiert werden ! (ist evtl. schon installiert)")
EndIf   
CloseServiceHandle_(hInst)
CloseServiceHandle_(hMgrC)
EndProcedure
;------------------

;------------------ DienstStatus ermitteln
Procedure DienstStatus()
hSvc = OpenService_(hMgr, "dev_directnt", #SERVICE_QUERY_STATUS)
QueryServiceStatus_(hSvc, Buffer)      ;normalerweise wird dafür eine Struktur verwendet, aber es wird nur ein Wert benötigt
DriverStart = PeekL(Buffer+4)
If DriverStart = 4
  MessageRequester("Statusmeldung von DienstStatus", "directnt ist gestartet !")
 Else
  MessageRequester("Statusmeldung von DienstStatus", "directnt ist nicht gestartet !")
EndIf   
CloseServiceHandle_(hSvc)
EndProcedure
;------------------

;------------------ Dienst starten
Procedure DienstStart()
hSvc = OpenService_(hMgr, "dev_directnt", #SERVICE_ALL_ACCESS)
IsStart = StartService_(hSvc, 0, #Null)  ;0=war schon gestartet (lässt sich nicht starten)  1=wurde hiermit gestartet
If IsStart = 1
  MessageRequester("Statusmeldung von DienstStart", "directnt wurde gestartet !")
 Else
  MessageRequester("Statusmeldung von DienstStart", "directnt konnte nicht gestartet werden !")
EndIf     
CloseServiceHandle_(hSvc)
EndProcedure
;------------------

;------------------ Dienst beenden
Procedure DienstEnd()
hSvc = OpenService_(hMgr, "dev_directnt", #SERVICE_ALL_ACCESS)
IsEnd = ControlService_(hSvc, #SERVICE_CONTROL_STOP, Buffer)
If IsEnd = 1
  MessageRequester("Statusmeldung von DienstEnd", "directnt wurde beendet !")      ;1=beendet
 Else
  MessageRequester("Statusmeldung von DienstEnd", "directnt wurde nicht beendet !")
EndIf
CloseServiceHandle_(hSvc)
EndProcedure
;------------------

;------------------ Dienst entfernen, wer mag, kann hier auch die Datei directnt.sys löschen
Procedure DienstRemove()
hSvc = OpenService_(hMgr, "dev_directnt", #SERVICE_ALL_ACCESS)
IsDel = DeleteService_(hSvc)
If IsDel = 1
  MessageRequester("Statusmeldung von DienstRemove", "directnt wurde entfernt !")      ;1=entfernt
 Else
  MessageRequester("Statusmeldung von DienstRemove", "directnt wurde nicht entfernt !")
EndIf
CloseServiceHandle_(hSvc)
EndProcedure
;------------------

;------------------ "Gerät" öffnen
Procedure DeviceOpen()
hDrv = CreateFile_("\\.\dev_directnt", #GENERIC_READ, 0, #Null, #OPEN_EXISTING, #FILE_ATTRIBUTE_NORMAL, #Null)
If hDrv <> #INVALID_HANDLE_VALUE
  MessageRequester("Statusmeldung von Zugriff", "Zugriff O.K.!")
 Else
  MessageRequester("Statusmeldung von Zugriff", "Kein Zugriff !")
EndIf
EndProcedure
;------------------

Procedure DrvExec()
If DeviceIoControl_(hDrv, #IOCTL_DIRECTNT_CONTROL, Buffer, BufferNutz, @Result, ResultSize, @ResultLen, #Null)
  MessageRequester("Statusmeldung von DrvExec", "Zugriff O.K.!")
 Else
  MessageRequester("Statusmeldung von DrvExec", "Kein Zugriff !")
EndIf
CloseHandle_(hDrv)
EndProcedure
;------------------


;------------------ Programm-Anfang physikalisches RAM auslesen
RegTest()                    ;ob directnt in Registry vorhanden
DienstInst()
hMgr = OpenSCManager_(#Null, #Null, #GENERIC_READ)    ;Handle für Zugriff auf den Dienst-Manager
DienstStatus()               ;bei Programmstart überprüfen
If DriverStart <> 4
  DienstStart()              ;noch nicht gestartet, also jetzt starten
EndIf

DeviceOpen()

SpeicherAdresse = $100                 ;hier für Test, darf natürlich nicht grösser sein als vorhandener Speicher!
PokeL(Buffer, #OP_ReadPhysMemDword)    ;OpCode für 1 DWord vom phys. Speicher auslesen
PokeL(Buffer+4, SpeicherAdresse)       ;Parameter1 = Speicher-Adresse
BufferNutz = 8

DrvExec()
Result$ = "DWord-Wert an Adresse $"+Hex(SpeicherAdresse)+" : "+RSet(Hex(Result), 8, "0") + "  (Little-Endian-Format beachten !)"
MessageRequester("Physikalischen Speicher auslesen (Memory Dump)", Result$)

;- Ende
If DriverStart <> 4
  DienstEnd()                ;war vorher nicht gestartet, also jetzt wieder beenden
EndIf

;DienstRemove()               ;bei Bedarf
 
CloseServiceHandle_(hMgr)    ;hier erst beenden

End
;==================================================================================================
 
;-------------------------------------------------------------------------------------------------- 
DataSection                  ;directnt.sys hat eine Länge von 3424 Bytes
directnt:                    ;mal auf Long oder Quad umstellen 
  Data.b $4D, $5A, $90, $00, $03, $00, $00, $00, $04, $00, $00, $00, $FF, $FF, $00, $00
  Data.b $B8, $00, $00, $00, $00, $00, $00, $00, $40, $00, $00, $00, $00, $00, $00, $00
  Data.b $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $80, $00, $00, $00
  Data.b $0E, $1F, $BA, $0E, $00, $B4, $09, $CD, $21, $B8, $01, $4C, $CD, $21, $54, $68
  Data.b $69, $73, $20, $70, $72, $6F, $67, $72, $61, $6D, $20, $63, $61, $6E, $6E, $6F
  Data.b $74, $20, $62, $65, $20, $72, $75, $6E, $20, $69, $6E, $20, $44, $4F, $53, $20
  Data.b $6D, $6F, $64, $65, $2E, $0D, $0D, $0A, $24, $00, $00, $00, $00, $00, $00, $00
  Data.b $50, $45, $00, $00, $4C, $01, $05, $00, $35, $FD, $A5, $32, $00, $00, $00, $00
  Data.b $00, $00, $00, $00, $E0, $00, $0E, $01, $0B, $01, $02, $32, $20, $05, $00, $00
  Data.b $00, $06, $00, $00, $00, $00, $00, $00, $F9, $06, $00, $00, $40, $02, $00, $00
  Data.b $60, $07, $00, $00, $00, $00, $01, $00, $20, $00, $00, $00, $20, $00, $00, $00
  Data.b $04, $00, $00, $00, $01, $00, $00, $00, $04, $00, $00, $00, $00, $00, $00, $00
  Data.b $60, $0D, $00, $00, $40, $02, $00, $00, $D1, $B2, $00, $00, $01, $00, $00, $00
  Data.b $00, $00, $10, $00, $00, $10, $00, $00, $00, $00, $10, $00, $00, $10, $00, $00
  Data.b $00, $00, $00, $00, $10, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $C0, $07, $00, $00, $16, $02, $00, $00, $E0, $09, $00, $00, $0C, $03, $00, $00
  Data.b $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $00, $0D, $00, $00, $38, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $00, $00, $00, $00, $00, $00, $00, $00, $2E, $74, $65, $78, $74, $00, $00, $00
  Data.b $02, $05, $00, $00, $40, $02, $00, $00, $20, $05, $00, $00, $40, $02, $00, $00
  Data.b $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $20, $00, $00, $60
  Data.b $2E, $64, $61, $74, $61, $00, $00, $00, $56, $00, $00, $00, $60, $07, $00, $00
  Data.b $60, $00, $00, $00, $60, $07, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $00, $00, $00, $00, $40, $00, $00, $C0, $2E, $69, $64, $61, $74, $61, $00, $00
  Data.b $16, $02, $00, $00, $C0, $07, $00, $00, $20, $02, $00, $00, $C0, $07, $00, $00
  Data.b $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $40, $00, $00, $C0
  Data.b $2E, $72, $73, $72, $63, $00, $00, $00, $0C, $03, $00, $00, $E0, $09, $00, $00
  Data.b $20, $03, $00, $00, $E0, $09, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $00, $00, $00, $00, $40, $00, $00, $42, $2E, $72, $65, $6C, $6F, $63, $00, $00
  Data.b $50, $00, $00, $00, $00, $0D, $00, $00, $60, $00, $00, $00, $00, $0D, $00, $00
  Data.b $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $40, $00, $00, $42
  Data.b $55, $8B, $EC, $83, $EC, $10, $53, $8D, $4D, $F8, $56, $8B, $1D, $60, $08, $01
  Data.b $00, $57, $FF, $75, $08, $51, $FF, $D3, $8B, $75, $14, $8D, $4D, $F8, $56, $6A
  Data.b $00, $6A, $00, $FF, $75, $0C, $51, $68, $04, $20, $00, $00, $FF, $75, $10, $FF
  Data.b $15, $4C, $08, $01, $00, $85, $C0, $7C, $37, $8B, $06, $B9, $01, $08, $00, $00
  Data.b $68, $60, $07, $01, $00, $8B, $78, $28, $33, $C0, $F3, $AB, $8D, $4D, $F0, $51
  Data.b $FF, $D3, $8D, $4D, $F8, $8D, $55, $F0, $51, $52, $FF, $15, $5C, $08, $01, $00
  Data.b $8B, $F8, $85, $FF, $7D, $08, $FF, $36, $FF, $15, $78, $08, $01, $00, $8B, $C7
  Data.b $5F, $5E, $5B, $8B, $E5, $5D, $C2, $10, $00, $53, $56, $8B, $74, $24, $18, $57
  Data.b $55, $56, $6A, $01, $E8, $73, $04, $00, $00, $8B, $7C, $24, $18, $39, $7C, $24
  Data.b $1C, $7C, $2E, $8B, $C7, $B3, $01, $99, $83, $E2, $07, $03, $C2, $C1, $F8, $03
  Data.b $8D, $2C, $06, $8B, $C7, $99, $33, $C2, $47, $2B, $C2, $83, $E0, $07, $33, $C2
  Data.b $2B, $C2, $8A, $C8, $D2, $E3, $F6, $D3, $20, $5D, $00, $3B, $7C, $24, $1C, $7E
  Data.b $D2, $FF, $74, $24, $14, $FF, $15, $58, $08, $01, $00, $50, $E8, $25, $04, $00
  Data.b $00, $56, $6A, $01, $E8, $17, $04, $00, $00, $5D, $5F, $5E, $5B, $C2, $10, $00
  Data.b $53, $56, $8B, $74, $24, $18, $57, $55, $56, $6A, $01, $E8, $0C, $04, $00, $00
  Data.b $8B, $7C, $24, $18, $39, $7C, $24, $1C, $7C, $2C, $8B, $C7, $B3, $01, $99, $83
  Data.b $E2, $07, $03, $C2, $C1, $F8, $03, $8D, $2C, $06, $8B, $C7, $99, $33, $C2, $47
  Data.b $2B, $C2, $83, $E0, $07, $33, $C2, $2B, $C2, $8A, $C8, $D2, $E3, $08, $5D, $00
  Data.b $3B, $7C, $24, $1C, $7E, $D4, $FF, $74, $24, $14, $FF, $15, $58, $08, $01, $00
  Data.b $50, $E8, $C0, $03, $00, $00, $56, $6A, $01, $E8, $B2, $03, $00, $00, $5D, $5F
  Data.b $5E, $5B, $C2, $10, $00, $55, $8B, $EC, $83, $EC, $30, $53, $56, $57, $8B, $5D
  Data.b $0C, $8B, $73, $0C, $8B, $FE, $8B, $06, $83, $F8, $0A, $77, $23, $0F, $84, $D9
  Data.b $00, $00, $00, $83, $F8, $01, $0F, $84, $89, $00, $00, $00, $83, $F8, $02, $0F
  Data.b $84, $94, $00, $00, $00, $83, $F8, $03, $0F, $84, $A4, $00, $00, $00, $EB, $6B
  Data.b $83, $F8, $14, $77, $11, $0F, $84, $E0, $00, $00, $00, $83, $F8, $0B, $0F, $84
  Data.b $BF, $00, $00, $00, $EB, $55, $83, $F8, $1E, $77, $11, $0F, $84, $23, $01, $00
  Data.b $00, $83, $F8, $15, $0F, $84, $ED, $00, $00, $00, $EB, $3F, $83, $F8, $28, $0F
  Data.b $84, $3E, $01, $00, $00, $83, $F8, $32, $0F, $84, $67, $01, $00, $00, $83, $F8
  Data.b $33, $0F, $84, $7E, $01, $00, $00, $83, $F8, $34, $0F, $84, $89, $01, $00, $00
  Data.b $83, $F8, $3C, $0F, $84, $A0, $01, $00, $00, $83, $F8, $3D, $0F, $84, $E7, $01
  Data.b $00, $00, $83, $F8, $63, $0F, $84, $2A, $02, $00, $00, $B8, $0D, $00, $00, $C0
  Data.b $E9, $2E, $02, $00, $00, $33, $C0, $C7, $07, $78, $56, $34, $12, $C7, $43, $1C
  Data.b $04, $00, $00, $00, $E9, $1A, $02, $00, $00, $0F, $20, $C0, $89, $45, $DC, $8B
  Data.b $45, $DC, $89, $07, $33, $C0, $C7, $43, $1C, $04, $00, $00, $00, $E9, $01, $02
  Data.b $00, $00, $8B, $46, $04, $89, $45, $E0, $8B, $45, $E0, $0F, $09, $0F, $22, $C0
  Data.b $C7, $43, $1C, $00, $00, $00, $00, $E9, $E5, $01, $00, $00, $FF, $76, $04, $FF
  Data.b $15, $40, $08, $01, $00, $88, $07, $C7, $43, $1C, $01, $00, $00, $00, $E9, $CE
  Data.b $01, $00, $00, $FF, $76, $08, $FF, $76, $04, $FF, $15, $44, $08, $01, $00, $C7
  Data.b $43, $1C, $00, $00, $00, $00, $E9, $B6, $01, $00, $00, $8B, $46, $04, $89, $45
  Data.b $E4, $51, $52, $8B, $4D, $E4, $0F, $32, $89, $45, $E8, $89, $55, $EC, $59, $5A
  Data.b $8B, $45, $E8, $89, $07, $8B, $4D, $EC, $89, $4E, $04, $C7, $43, $1C, $08, $00
  Data.b $00, $00, $E9, $8A, $01, $00, $00, $8B, $46, $04, $89, $45, $F0, $8B, $4E, $08
  Data.b $89, $4D, $F4, $8B, $56, $0C, $89, $55, $F8, $51, $52, $8B, $4D, $F0, $8B, $45
  Data.b $F4, $8B, $55, $F8, $0F, $30, $5A, $59, $C7, $43, $1C, $00, $00, $00, $00, $E9
  Data.b $5D, $01, $00, $00, $83, $3D, $68, $08, $01, $00, $00, $74, $15, $8B, $46, $04
  Data.b $8B, $08, $33, $C0, $89, $0F, $C7, $43, $1C, $04, $00, $00, $00, $E9, $41, $01
  Data.b $00, $00, $C7, $43, $1C, $00, $00, $00, $00, $B8, $05, $00, $00, $C0, $E9, $30
  Data.b $01, $00, $00, $C7, $45, $D4, $00, $00, $00, $00, $6A, $00, $6A, $04, $FF, $75
  Data.b $D4, $FF, $76, $04, $FF, $15, $64, $08, $01, $00, $8B, $08, $6A, $04, $50, $89
  Data.b $0F, $FF, $15, $7C, $08, $01, $00, $C7, $43, $1C, $04, $00, $00, $00, $33, $C0
  Data.b $E9, $FE, $00, $00, $00, $8B, $45, $08, $83, $C0, $04, $50, $FF, $76, $08, $FF
  Data.b $76, $04, $6A, $01, $E8, $40, $FD, $FF, $FF, $C7, $43, $1C, $00, $00, $00, $00
  Data.b $E9, $DC, $00, $00, $00, $57, $6A, $01, $E8, $AF, $01, $00, $00, $C7, $43, $1C
  Data.b $00, $20, $00, $00, $E9, $C8, $00, $00, $00, $8B, $45, $08, $83, $C0, $04, $50
  Data.b $FF, $76, $08, $FF, $76, $04, $6A, $01, $E8, $73, $FD, $FF, $FF, $C7, $43, $1C
  Data.b $00, $00, $00, $00, $E9, $A8, $00, $00, $00, $BA, $FB, $0C, $00, $00, $EC, $0F
  Data.b $B6, $C8, $8B, $46, $08, $0D, $00, $00, $E0, $FF, $C1, $E0, $0A, $0B, $46, $04
  Data.b $89, $45, $FC, $66, $9C, $FA, $8A, $C1, $0C, $01, $EE, $BA, $FA, $0C, $00, $00
  Data.b $32, $C0, $EE, $BA, $F8, $0C, $00, $00, $8B, $45, $FC, $EF, $BA, $FC, $0C, $00
  Data.b $00, $ED, $BA, $FB, $0C, $00, $00, $89, $07, $8A, $C1, $EE, $66, $9D, $C7, $43
  Data.b $1C, $04, $00, $00, $00, $33, $C0, $EB, $5A, $BA, $FB, $0C, $00, $00, $8B, $7E
  Data.b $08, $EC, $0F, $B6, $C8, $81, $CF, $00, $00, $E0, $FF, $C1, $E7, $0A, $0B, $7E
  Data.b $04, $66, $9C, $FA, $8A, $C1, $0C, $01, $EE, $BA, $FA, $0C, $00, $00, $32, $C0
  Data.b $EE, $BA, $F8, $0C, $00, $00, $8B, $C7, $EF, $BA, $FC, $0C, $00, $00, $8B, $46
  Data.b $0C, $EF, $BA, $FB, $0C, $00, $00, $8A, $C1, $EE, $66, $9D, $C7, $43, $1C, $00
  Data.b $00, $00, $00, $EB, $0C, $9C, $58, $89, $45, $D8, $C7, $43, $1C, $04, $00, $00
  Data.b $00, $33, $C0, $5F, $5E, $5B, $8B, $E5, $5D, $C2, $10, $00, $8B, $44, $24, $04
  Data.b $56, $8B, $74, $24, $0C, $57, $BF, $02, $00, $00, $C0, $8B, $56, $60, $C7, $46
  Data.b $1C, $00, $00, $00, $00, $8B, $48, $28, $0F, $B6, $02, $85, $C0, $74, $0C, $83
  Data.b $F8, $02, $74, $07, $83, $F8, $0E, $74, $06, $EB, $19, $33, $FF, $EB, $15, $8B
  Data.b $42, $0C, $3D, $00, $60, $40, $9C, $75, $0B, $50, $52, $56, $51, $E8, $D3, $FC
  Data.b $FF, $FF, $8B, $F8, $33, $D2, $8B, $CE, $89, $7E, $18, $FF, $15, $6C, $08, $01
  Data.b $00, $8B, $C7, $5F, $5E, $C2, $08, $00, $83, $EC, $08, $8D, $44, $24, $00, $68
  Data.b $60, $07, $01, $00, $50, $FF, $15, $60, $08, $01, $00, $8D, $4C, $24, $00, $51
  Data.b $FF, $15, $70, $08, $01, $00, $8B, $4C, $24, $0C, $FF, $71, $04, $FF, $15, $78
  Data.b $08, $01, $00, $83, $C4, $08, $C2, $04, $00, $8B, $4C, $24, $04, $83, $EC, $04
  Data.b $B8, $6C, $06, $01, $00, $8D, $54, $24, $00, $52, $89, $41, $38, $51, $89, $41
  Data.b $40, $68, $40, $9C, $00, $00, $89, $41, $70, $C7, $41, $34, $C8, $06, $01, $00
  Data.b $68, $94, $07, $01, $00, $E8, $16, $FB, $FF, $FF, $83, $C4, $04, $C2, $08, $00
  Data.b $FF, $25, $50, $08, $01, $00, $FF, $25, $54, $08, $01, $00, $FF, $25, $74, $08
  Data.b $01, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $5C, $00, $44, $00, $6F, $00, $73, $00, $44, $00, $65, $00, $76, $00, $69, $00
  Data.b $63, $00, $65, $00, $73, $00, $5C, $00, $44, $00, $65, $00, $76, $00, $5F, $00
  Data.b $44, $00, $69, $00, $72, $00, $65, $00, $63, $00, $74, $00, $4E, $00, $54, $00
  Data.b $00, $00, $00, $00, $5C, $00, $44, $00, $65, $00, $76, $00, $69, $00, $63, $00
  Data.b $65, $00, $5C, $00, $44, $00, $69, $00, $72, $00, $65, $00, $63, $00, $74, $00
  Data.b $4E, $00, $54, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $08, $08, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $9A, $09, $00, $00
  Data.b $4C, $08, $00, $00, $FC, $07, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $CE, $09, $00, $00, $40, $08, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $BC, $09, $00, $00
  Data.b $A8, $09, $00, $00, $00, $00, $00, $00, $AE, $08, $00, $00, $D8, $08, $00, $00
  Data.b $EE, $08, $00, $00, $08, $09, $00, $00, $96, $08, $00, $00, $C0, $08, $00, $00
  Data.b $48, $09, $00, $00, $58, $09, $00, $00, $6C, $09, $00, $00, $82, $09, $00, $00
  Data.b $1E, $09, $00, $00, $84, $08, $00, $00, $36, $09, $00, $00, $00, $00, $00, $00
  Data.b $BC, $09, $00, $00, $A8, $09, $00, $00, $00, $00, $00, $00, $AE, $08, $00, $00
  Data.b $D8, $08, $00, $00, $EE, $08, $00, $00, $08, $09, $00, $00, $96, $08, $00, $00
  Data.b $C0, $08, $00, $00, $48, $09, $00, $00, $58, $09, $00, $00, $6C, $09, $00, $00
  Data.b $82, $09, $00, $00, $1E, $09, $00, $00, $84, $08, $00, $00, $36, $09, $00, $00
  Data.b $00, $00, $00, $00, $FB, $00, $49, $6F, $44, $65, $6C, $65, $74, $65, $44, $65
  Data.b $76, $69, $63, $65, $00, $00, $F7, $00, $49, $6F, $43, $72, $65, $61, $74, $65
  Data.b $53, $79, $6D, $62, $6F, $6C, $69, $63, $4C, $69, $6E, $6B, $00, $00, $F3, $00
  Data.b $49, $6F, $43, $72, $65, $61, $74, $65, $44, $65, $76, $69, $63, $65, $00, $00
  Data.b $D0, $02, $52, $74, $6C, $49, $6E, $69, $74, $55, $6E, $69, $63, $6F, $64, $65
  Data.b $53, $74, $72, $69, $6E, $67, $00, $00, $4C, $01, $4B, $65, $33, $38, $36, $53
  Data.b $65, $74, $49, $6F, $41, $63, $63, $65, $73, $73, $4D, $61, $70, $00, $4A, $01
  Data.b $4B, $65, $33, $38, $36, $49, $6F, $53, $65, $74, $41, $63, $63, $65, $73, $73
  Data.b $50, $72, $6F, $63, $65, $73, $73, $00, $0C, $01, $49, $6F, $47, $65, $74, $43
  Data.b $75, $72, $72, $65, $6E, $74, $50, $72, $6F, $63, $65, $73, $73, $00, $4B, $01
  Data.b $4B, $65, $33, $38, $36, $51, $75, $65, $72, $79, $49, $6F, $41, $63, $63, $65
  Data.b $73, $73, $4D, $61, $70, $00, $F7, $01, $4D, $6D, $55, $6E, $6D, $61, $70, $49
  Data.b $6F, $53, $70, $61, $63, $65, $00, $00, $E6, $01, $4D, $6D, $4D, $61, $70, $49
  Data.b $6F, $53, $70, $61, $63, $65, $00, $00, $DF, $01, $4D, $6D, $49, $73, $41, $64
  Data.b $64, $72, $65, $73, $73, $56, $61, $6C, $69, $64, $00, $00, $45, $01, $49, $6F
  Data.b $66, $43, $6F, $6D, $70, $6C, $65, $74, $65, $52, $65, $71, $75, $65, $73, $74
  Data.b $00, $00, $FC, $00, $49, $6F, $44, $65, $6C, $65, $74, $65, $53, $79, $6D, $62
  Data.b $6F, $6C, $69, $63, $4C, $69, $6E, $6B, $00, $00, $6E, $74, $6F, $73, $6B, $72
  Data.b $6E, $6C, $2E, $65, $78, $65, $00, $00, $57, $00, $57, $52, $49, $54, $45, $5F
  Data.b $50, $4F, $52, $54, $5F, $55, $43, $48, $41, $52, $00, $00, $51, $00, $52, $45
  Data.b $41, $44, $5F, $50, $4F, $52, $54, $5F, $55, $43, $48, $41, $52, $00, $48, $41
  Data.b $4C, $2E, $64, $6C, $6C, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $00, $00, $00, $00, $35, $FD, $A5, $32, $00, $00, $00, $00, $00, $00, $01, $00
  Data.b $10, $00, $00, $00, $18, $00, $00, $80, $00, $00, $00, $00, $35, $FD, $A5, $32
  Data.b $00, $00, $00, $00, $00, $00, $01, $00, $01, $00, $00, $00, $30, $00, $00, $80
  Data.b $00, $00, $00, $00, $35, $FD, $A5, $32, $00, $00, $00, $00, $00, $00, $01, $00
  Data.b $09, $04, $00, $00, $48, $00, $00, $00, $40, $0A, $00, $00, $AC, $02, $00, $00
  Data.b $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $AC, $02, $34, $00, $00, $00, $56, $00, $53, $00, $5F, $00, $56, $00, $45, $00
  Data.b $52, $00, $53, $00, $49, $00, $4F, $00, $4E, $00, $5F, $00, $49, $00, $4E, $00
  Data.b $46, $00, $4F, $00, $00, $00, $00, $00, $BD, $04, $EF, $FE, $00, $00, $01, $00
  Data.b $00, $00, $01, $00, $01, $00, $00, $00, $00, $00, $01, $00, $01, $00, $00, $00
  Data.b $00, $00, $00, $00, $00, $00, $00, $00, $04, $00, $04, $00, $03, $00, $00, $00
  Data.b $07, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $0A, $02, $00, $00
  Data.b $01, $00, $53, $00, $74, $00, $72, $00, $69, $00, $6E, $00, $67, $00, $46, $00
  Data.b $69, $00, $6C, $00, $65, $00, $49, $00, $6E, $00, $66, $00, $6F, $00, $00, $00
  Data.b $E6, $01, $00, $00, $01, $00, $30, $00, $34, $00, $30, $00, $39, $00, $30, $00
  Data.b $34, $00, $42, $00, $30, $00, $00, $00, $28, $00, $04, $00, $01, $00, $43, $00
  Data.b $6F, $00, $6D, $00, $70, $00, $61, $00, $6E, $00, $79, $00, $4E, $00, $61, $00
  Data.b $6D, $00, $65, $00, $00, $00, $00, $00, $63, $00, $27, $00, $74, $00, $00, $00
  Data.b $32, $00, $05, $00, $01, $00, $46, $00, $69, $00, $6C, $00, $65, $00, $44, $00
  Data.b $65, $00, $73, $00, $63, $00, $72, $00, $69, $00, $70, $00, $74, $00, $69, $00
  Data.b $6F, $00, $6E, $00, $00, $00, $00, $00, $31, $00, $2E, $00, $30, $00, $30, $00
  Data.b $00, $00, $00, $00, $2A, $00, $05, $00, $01, $00, $46, $00, $69, $00, $6C, $00
  Data.b $65, $00, $56, $00, $65, $00, $72, $00, $73, $00, $69, $00, $6F, $00, $6E, $00
  Data.b $00, $00, $00, $00, $31, $00, $2E, $00, $30, $00, $30, $00, $00, $00, $00, $00
  Data.b $3A, $00, $0D, $00, $01, $00, $49, $00, $6E, $00, $74, $00, $65, $00, $72, $00
  Data.b $6E, $00, $61, $00, $6C, $00, $4E, $00, $61, $00, $6D, $00, $65, $00, $00, $00
  Data.b $44, $00, $69, $00, $72, $00, $65, $00, $63, $00, $74, $00, $4E, $00, $54, $00
  Data.b $2E, $00, $73, $00, $79, $00, $73, $00, $00, $00, $00, $00, $58, $00, $1A, $00
  Data.b $01, $00, $4C, $00, $65, $00, $67, $00, $61, $00, $6C, $00, $43, $00, $6F, $00
  Data.b $70, $00, $79, $00, $72, $00, $69, $00, $67, $00, $68, $00, $74, $00, $00, $00
  Data.b $43, $00, $6F, $00, $70, $00, $79, $00, $72, $00, $69, $00, $67, $00, $68, $00
  Data.b $74, $00, $20, $00, $28, $00, $43, $00, $29, $00, $20, $00, $31, $00, $39, $00
  Data.b $39, $00, $36, $00, $20, $00, $62, $00, $79, $00, $20, $00, $63, $00, $27, $00
  Data.b $74, $00, $00, $00, $42, $00, $0D, $00, $01, $00, $4F, $00, $72, $00, $69, $00
  Data.b $67, $00, $69, $00, $6E, $00, $61, $00, $6C, $00, $46, $00, $69, $00, $6C, $00
  Data.b $65, $00, $6E, $00, $61, $00, $6D, $00, $65, $00, $00, $00, $44, $00, $69, $00
  Data.b $72, $00, $65, $00, $63, $00, $74, $00, $4E, $00, $54, $00, $2E, $00, $73, $00
  Data.b $79, $00, $73, $00, $00, $00, $00, $00, $40, $00, $10, $00, $01, $00, $50, $00
  Data.b $72, $00, $6F, $00, $64, $00, $75, $00, $63, $00, $74, $00, $4E, $00, $61, $00
  Data.b $6D, $00, $65, $00, $00, $00, $00, $00, $44, $00, $69, $00, $72, $00, $65, $00
  Data.b $63, $00, $74, $00, $4E, $00, $54, $00, $20, $00, $64, $00, $72, $00, $69, $00
  Data.b $76, $00, $65, $00, $72, $00, $00, $00, $2E, $00, $05, $00, $01, $00, $50, $00
  Data.b $72, $00, $6F, $00, $64, $00, $75, $00, $63, $00, $74, $00, $56, $00, $65, $00
  Data.b $72, $00, $73, $00, $69, $00, $6F, $00, $6E, $00, $00, $00, $31, $00, $2E, $00
  Data.b $30, $00, $30, $00, $00, $00, $00, $00, $44, $00, $00, $00, $01, $00, $56, $00
  Data.b $61, $00, $72, $00, $46, $00, $69, $00, $6C, $00, $65, $00, $49, $00, $6E, $00
  Data.b $66, $00, $6F, $00, $00, $00, $00, $00, $24, $00, $04, $00, $00, $00, $54, $00
  Data.b $72, $00, $61, $00, $6E, $00, $73, $00, $6C, $00, $61, $00, $74, $00, $69, $00
  Data.b $6F, $00, $6E, $00, $00, $00, $00, $00, $09, $04, $B0, $04, $00, $00, $00, $00
  Data.b $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $00, $00, $00, $00, $38, $00, $00, $00, $4D, $32, $71, $32, $81, $32, $9C, $32
  Data.b $AA, $32, $07, $33, $6C, $33, $81, $34, $9B, $34, $06, $35, $46, $35, $53, $35
  Data.b $BD, $36, $D0, $36, $D7, $36, $E2, $36, $EF, $36, $01, $37, $1C, $37, $21, $37
  Data.b $32, $37, $38, $37, $3E, $37, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
  Data.b $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00, $00
EndDataSection

Gruß
Helle


Nach oben
 Profil  
Mit Zitat antworten  
 Betreff des Beitrags:
BeitragVerfasst: 18.03.2008 11:20 
Offline
Benutzeravatar

Registriert: 29.08.2004 08:48
ne andere möglichkeit ohne externe treiber wäre dieses beispiel
(Geht nur fürs memory, nich für ports)

Code:
;Physically Memory
Procedure msg(Instring.s)
 MessageRequester("Info",Instring,0)
EndProcedure
#OBJ_INHERIT = $2
#OBJ_PERMANENT = $10
#OBJ_EXCLUSIVE = $20
#OBJ_CASE_INSENSITIVE = $40
#OBJ_OPENIF = $80
#OBJ_OPENLINK = $100
#OBJ_KERNEL_HANDLE = $200
#OBJ_VALID_ATTRIBUTES = $3F2

#SECTION_QUERY = $1
#SECTION_MAP_WRITE = $2
#SECTION_MAP_READ = $4
#SECTION_MAP_EXECUTE = $8

#PAGE_READONLY = 2
#PAGE_READWRITE=4
#VIEW_SHARE = 1

Structure UNICODE_STRING
  usLength.w
  usMaximumLength.w
  usBuffer.s
EndStructure
Structure UNICODE_lSTRING
  usLength.w
  usMaximumLength.w
  usBuffer.l
EndStructure
Structure OBJECT_ATTRIBUTES
    Length.l
    RootDirectory.l
    ObjectName.l
    Attributes.l
    SecurityDescriptor.l
    SecurityQualityOfService.l
EndStructure
Structure PHYSICAL_ADDRESS
    lowpart.l
    highpart.l
EndStructure

   status.l
   ia.OBJECT_ATTRIBUTES
   hdlPhysMem.l
   
;    usDevName.UNICODE_STRING
;    usDevName\usBuffer = "\device\physicalmemory"
;    usDevName\usMaximumLength = Len(usDevName\usBuffer) * 2
;    usDevName\usLength = usDevName\usMaximumLength - 2
;

mydevice.s="\device\physicalmemory" + Chr(0)

Buffer1 = AllocateMemory( Len(mydevice)*2 + 8)
;Dim Bytefeld.b(255)
;Buffer1.l=@Bytefeld(0)
Result=MultiByteToWideChar_(#CP_ACP ,0,@mydevice.s,-1,Buffer1,Len(mydevice.s)*2)
;msg(PeekS(Buffer1) )
;PeekS(Buffer1+2)
;Debug Hex(Buffer1)


usDevName.UNICODE_lSTRING
usDevName\usBuffer = Buffer1
usDevName\usMaximumLength = (Len(mydevice.s) * 2) +2
usDevName\usLength = Len(mydevice.s) * 2

   ia\Length = 24;SizeOf(OBJECT_ATTRIBUTES)
   ia\ObjectName = @usDevName
   ia\Attributes  = #OBJ_CASE_INSENSITIVE
   ia\SecurityDescriptor = 0
   ia\RootDirectory = 0
   ia\SecurityQualityOfService = 0
 
   
   status = NtOpenSection_(@hdlPhysMem, #SECTION_MAP_READ, @ia)

   If status<>0
    msg("NtOpenSection: "+ Hex(status))
    sBuffer.s=Space(256)
    Result=GetLastError_()
    FormatMessage_(#FORMAT_MESSAGE_FROM_SYSTEM,0,Result,0,@sBuffer,255,0)
    MessageRequester("Info NtOpenSection!",Hex(Result)+Chr(13)+sBuffer,0)
    End
   EndIf
   
   memVirtualAddress.l
   memLen.l
   memVirtualAddress.l = 0

;Goto weiter
   viewBase.PHYSICAL_ADDRESS
   viewBase\highpart = 0
   viewBase\lowpart = $400
   memLen = $10

   status = NtMapViewOfSection_(hdlPhysMem, -1, @memVirtualAddress,0, memLen, @viewBase, @memLen, #VIEW_SHARE, 0, #PAGE_READONLY)
   ;msg("NtMapViewOfSection: "+ Hex(status))
   
   If status<>0
    sBuffer.s=Space(256)
    Result=GetLastError_()
    FormatMessage_(#FORMAT_MESSAGE_FROM_SYSTEM,0,Result,0,@sBuffer,255,0)
    MessageRequester("Info NtMapViewOfSection!",Hex(Result)+Chr(13)+ sBuffer,0)
    End
   EndIf
   
   i=0
   MyInfo.s=MyInfo.s + "COM1="+Hex(PeekW(memVirtualAddress - viewBase\lowpart + $400 + i)) + Chr(13)
   i=2
   MyInfo.s=MyInfo.s + "COM2="+Hex(PeekW(memVirtualAddress - viewBase\lowpart + $400 + i)) + Chr(13)
   i=4
   MyInfo.s=MyInfo.s + "COM3="+Hex(PeekW(memVirtualAddress - viewBase\lowpart + $400 + i)) + Chr(13)
   i=8
   MyInfo.s=MyInfo.s + "LPT1="+Hex(PeekW(memVirtualAddress - viewBase\lowpart + $400 + i)) + Chr(13)
   adrLPT1.l=PeekW(memVirtualAddress - viewBase\lowpart + $400 + i)
   i=10
   MyInfo.s=MyInfo.s +"LPT2="+ Hex(PeekW(memVirtualAddress - viewBase\lowpart + $400 + i)) + Chr(13)
   i=12
   MyInfo.s=MyInfo.s +"LPT3="+ Hex(PeekW(memVirtualAddress - viewBase\lowpart + $400 + i)) + Chr(13)

   MessageRequester("Info",MyInfo.s,0)

   status = NtUnmapViewOfSection_(-1, memVirtualAddress)

weiter:

   Offset=$378
   viewBase.PHYSICAL_ADDRESS
   viewBase\highpart = 0
   viewBase\lowpart = Offset
   memLen = $10 ;16 Bytes
   
   memVirtualAddress=1
   
   status = NtMapViewOfSection_(hdlPhysMem, -1, @memVirtualAddress,0, memLen, @viewBase, @memLen, #VIEW_SHARE, 0, #PAGE_READONLY)
   
   If status<>0
    sBuffer.s=Space(256)
    Result=GetLastError_()
    FormatMessage_(#FORMAT_MESSAGE_FROM_SYSTEM,0,Result,0,@sBuffer,255,0)
    MessageRequester("Info NtMapViewOfSection!",Hex(Result)+Chr(13)+ sBuffer,0)
    End
   
   EndIf
;    i=0
;    Repeat
;     Event = WindowEvent()
;     Delay(50)
;     MyInfo=""
;     For i=0 To 9;memLen -1
;      MyInfo=Myinfo +Bin(PeekB(memVirtualAddress - viewBase\lowpart + Offset  + i)) +";"; Chr(13)
;      ;MyInfo=Myinfo +Right("00"+Hex(PeekB(memVirtualAddress - viewBase\lowpart + Offset  + i)),2) +";"; Chr(13)
;     Next i
;     If MyInfo.s<>Oldinfo.s
;      SetGadgetText(#Gadget_1,MyInfo.s)
;      OldInfo=MyInfo
;     EndIf
;    Until Event = #PB_EventCloseWindow
;   MessageRequester("Info",Hex(viewBase\lowpart)+ MyInfo.s,0)

 
   status = NtUnmapViewOfSection_(-1, memVirtualAddress)
   status = CloseHandle_(hdlPhysMem)
 
End

_________________
Rings hat geschrieben:
ziert sich nich beim zitieren


Nach oben
 Profil  
Mit Zitat antworten  
Beiträge der letzten Zeit anzeigen:  Sortiere nach  
Ein neues Thema erstellen Auf das Thema antworten  [ 2 Beiträge ] 

Alle Zeiten sind UTC + 1 Stunde [ Sommerzeit ]


Wer ist online?

Mitglieder in diesem Forum: 0 Mitglieder und 6 Gäste


Sie dürfen keine neuen Themen in diesem Forum erstellen.
Sie dürfen keine Antworten zu Themen in diesem Forum erstellen.
Sie dürfen Ihre Beiträge in diesem Forum nicht ändern.
Sie dürfen Ihre Beiträge in diesem Forum nicht löschen.

Suche nach:
Gehe zu:  

 


Powered by phpBB © 2008 phpBB Group | Deutsche Übersetzung durch phpBB.de
subSilver+ theme by Canver Software, sponsor Sanal Modifiye