-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathread.go
113 lines (102 loc) · 2.65 KB
/
read.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
package memprocfs
// #include <stdlib.h>
// #include "leechcore.h"
// #include "vmmdll.h"
import "C"
import (
"encoding/binary"
"math"
)
func (h *MemProcFS) MemReadChain(pid int32, addr []uintptr, size int32) ([]byte, error) {
// Resolve chain target addr
tempAddr := addr[0]
for i := 1; i < len(addr); i++ {
buff, err := h.MemRead(pid, tempAddr, 8)
if err != nil {
return nil, err
}
tempAddr = uintptr(binary.LittleEndian.Uint64(buff))
tempAddr = tempAddr + addr[i]
}
return h.MemRead(pid, tempAddr, size)
}
func (h *MemProcFS) ReadInt32(pid int32, addr []uintptr) (int32, error) {
data, err := h.MemReadChain(pid, addr, 4)
if err != nil {
return 0, err
}
var value int32
value |= int32(data[0])
value |= int32(data[1]) << 8
value |= int32(data[2]) << 16
value |= int32(data[3]) << 24
return value, nil
}
func (h *MemProcFS) ReadInt16(pid int32, addr []uintptr) (int16, error) {
data, err := h.MemReadChain(pid, addr, 2)
if err != nil {
return 0, err
}
var value int16
value |= int16(data[0])
value |= int16(data[1]) << 8
return value, nil
}
func (h *MemProcFS) ReadInt64(pid int32, addr []uintptr) (int64, error) {
data, err := h.MemReadChain(pid, addr, 8)
if err != nil {
return 0, err
}
var value int64
value |= int64(data[0])
value |= int64(data[1]) << 8
value |= int64(data[2]) << 16
value |= int64(data[3]) << 24
value |= int64(data[3]) << 32
value |= int64(data[3]) << 40
value |= int64(data[3]) << 48
value |= int64(data[3]) << 56
return value, nil
}
func (h *MemProcFS) ReadUInt32(pid int32, addr []uintptr) (uint32, error) {
data, err := h.MemReadChain(pid, addr, 8)
if err != nil {
return 0, err
}
return binary.LittleEndian.Uint32(data), nil
}
func (h *MemProcFS) ReadUInt64(pid int32, addr []uintptr) (uint64, error) {
data, err := h.MemReadChain(pid, addr, 8)
if err != nil {
return 0, err
}
return binary.LittleEndian.Uint64(data), nil
}
func (h *MemProcFS) ReadPtr(pid int32, addr []uintptr) (uintptr, error) {
data, err := h.MemReadChain(pid, addr, 8)
if err != nil {
return 0, err
}
return uintptr(binary.LittleEndian.Uint64(data)), nil
}
func (h *MemProcFS) ReadFloat32(pid int32, addr []uintptr) (float32, error) {
temp, err := h.ReadUInt32(pid, addr)
if err != nil {
return 0, err
}
return math.Float32frombits(temp), nil
}
func (h *MemProcFS) ReadFloat64(pid int32, addr []uintptr) (float64, error) {
temp, err := h.ReadUInt64(pid, addr)
if err != nil {
return 0, err
}
return math.Float64frombits(temp), nil
}
func (h *MemProcFS) ReadBool(pid int32, addr []uintptr) (bool, error) {
data, err := h.MemReadChain(pid, addr, 1)
if err != nil {
return false, err
}
return data[0] > 0, nil
}