TSMemoryAPI.h

#pragma once

#include "ASM/MgAsmCom.h"
#include "ASM/MgAsmComDef.h"
#include <string>

#define  FINDDATATYPE_FINDDATAEX		1	
#define  FINDDATATYPE_FINDDOUBLEEX		2
#define  FINDDATATYPE_FINDFLOATEX		3
#define  FINDDATATYPE_FINDINTEX			4
#define  FINDDATATYPE_FINDSTRINGEX		5

typedef struct  _FindDataInfo //线程传参数结构体
	{
		HANDLE hprocess;
		DWORD dwncount;	//要找的地址数据个数
		int count;//记录个数
		double double_value_min;
		double double_value_max;
		float float_value_min;
		float float_value_max;
		LONG int_value_min;
		LONG int_value_max;
		BYTE FindIntType;//找0:32位,1:16位,2:8位
		LONG FindDataType;//找数据的类型
		wchar_t Findstring[MAX_PATH];
		DWORD Finddata[MAX_PATH];  //要找的数据字符串
		DWORD dwbegin[MAX_PATH*10];
		DWORD dwend[MAX_PATH*10];
		bool bfindindex[MAX_PATH*10];//做地址标志位,标识多线程要处理的地址
		wchar_t *retstr;
		CRITICAL_SECTION m_mutex;//多线程临界区
	   _FindDataInfo()
		   {
			  hprocess=NULL;
			  retstr=NULL;
			  dwncount=0;
			  count=0;
			  double_value_min=0;
			  double_value_max=0;
			  float_value_min=0;
			  float_value_max=0;
			  int_value_min=0;
			  int_value_max=0;
			  FindIntType=-1;//找0:32位,1:16位,2:8位
			  FindDataType=-1;//找数据的类型
			  memset(Finddata,0,MAX_PATH*sizeof(DWORD));
			  memset(Findstring,0,MAX_PATH);
			  memset(dwbegin,0,MAX_PATH*10);
			  memset(dwend,0,MAX_PATH*10);
			  memset(bfindindex,0,MAX_PATH*10);	//模式为false
		   }
	}FindDataInfo, *PFindDataInfo;

typedef struct {
	unsigned short Length;
	unsigned short MaximumLength;
	unsigned short *Buffer;
	} UNICODE_STRING;
typedef UNICODE_STRING *PUNICODE_STRING;

typedef struct _CLIENT_ID {
	HANDLE UniqueProcess;
	HANDLE UniqueThread;
	} CLIENT_ID;
typedef CLIENT_ID *PCLIENT_ID;

typedef struct _OBJECT_ATTRIBUTES {
	ULONG  Length;
	HANDLE  RootDirectory;
	PUNICODE_STRING  ObjectName;
	ULONG  Attributes;
	PVOID  SecurityDescriptor;
	PVOID  SecurityQualityOfService;
	} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
typedef CONST OBJECT_ATTRIBUTES *PCOBJECT_ATTRIBUTES;



typedef struct {
	unsigned long AllocationSize;
	unsigned long ActualSize;
	unsigned long Flags;
	unsigned long Unknown1;
	UNICODE_STRING Unknown2;
	void *InputHandle;
	void *OutputHandle;
	void *ErrorHandle;
	UNICODE_STRING CurrentDirectory;
	void *CurrentDirectoryHandle;
	UNICODE_STRING SearchPaths;
	UNICODE_STRING ApplicationName;
	UNICODE_STRING CommandLine;
	void *EnvironmentBlock;
	unsigned long Unknown[9];
	UNICODE_STRING Unknown3;
	UNICODE_STRING Unknown4;
	UNICODE_STRING Unknown5;
	UNICODE_STRING Unknown6;
	} PROCESS_PARAMETERS;

typedef struct {
	unsigned long AllocationSize;
	unsigned long Unknown1;
	void *ProcessHinstance;
	void *ListDlls;
	PROCESS_PARAMETERS *ProcessParameters;
	unsigned long Unknown2;
	void *Heap;
	} PEB;

typedef struct {
	unsigned int ExitStatus;
	PEB *PebBaseAddress;
	unsigned int AffinityMask;
	unsigned int BasePriority;
	unsigned long UniqueProcessId;
	unsigned long InheritedFromUniqueProcessId;
	} PROCESS_BASIC_INFORMATION;


class TSMemoryAPI
	{
	public:
		TSMemoryAPI(void);
		~TSMemoryAPI(void);
	CMgAsmBase tsasm;
	CMgDisasmBase tsdsm;
	public:
		bool TSValueTypeToData(int type,wchar_t *retstr,double dvalue=NULL,float fvalue=NULL,int ivalue=0,wchar_t *svalue=NULL,int type1=0);
		bool TSFindData(LONG hwnd,wchar_t * addr_range,wchar_t *data,wchar_t *retstr,bool threadtype=false);
		bool TSFindDouble(LONG hwnd,wchar_t * addr_range,wchar_t *retstr,double double_value_min,double double_value_max,bool threadtype=false);
		bool TSFindFloat(LONG hwnd,wchar_t * addr_range,wchar_t *retstr,FLOAT float_value_min, FLOAT float_value_max,bool threadtype=false);
		bool TSFindInt(LONG hwnd,wchar_t * addr_range,wchar_t *retstr,LONG int_value_min, LONG int_value_max,LONG type,bool threadtype=false);
		bool TSFindString(LONG hwnd,wchar_t * addr_range,wchar_t *retstr,wchar_t*string_value,LONG type,bool threadtype=false);
		bool TSReadData(LONG hwnd,wchar_t*addr,wchar_t *retstr,LONG len);
		bool TSReadDouble(LONG hwnd,wchar_t*addr,double &dvalue,float &fvalue,int type=0); //type0:DOUBLE,1:FLOAT
		bool TSReadInt(LONG hwnd,wchar_t*addr,int &ivalue,short &svalue,BYTE &bvalue,int type);
		bool TSReadString(LONG hwnd,wchar_t*addr,wchar_t *retstr,LONG len,int type);
		bool TSTerminateProcess(LONG pid);
		bool TSVirtualAllocEx(LONG hwnd,LONG &addr,LONG size,LONG type);
		bool TSVirtualFreeEx(LONG hwnd,LONG addr);
		bool TSWriteData(LONG hwnd,wchar_t * addr,wchar_t *data);
		bool TSWriteDouble(LONG hwnd,wchar_t *addr,DOUBLE dvalue=0,FLOAT fvlaue=0);
		bool TSWriteInt(LONG hwnd,wchar_t *addr,int ivalue=0,short svalue=0,BYTE bvalue=0);
		bool TSWriteString(LONG hwnd,wchar_t*addr,wchar_t* strvalue,LONG type);
		bool TSGetCmdLine(LONG hwnd,wchar_t *retstr);
		bool TSAsmAdd(wchar_t*asm_ins);
		bool TSAsmCall(LONG hwnd,LONG mode);
		bool TSAsmClear();
		bool TSAsmCode(LONG base_addr,wchar_t *retstr);
		bool TSAssemble(wchar_t * asm_code,LONG base_addr,LONG is_upper,wchar_t *retstr);
		bool TSFreeProcessMemory(LONG hwnd);
	private:
	DWORD nPid;
	int retstringlen;//线程函数返回地址的长度
	CMgAsmBase::t_asmmodel  am;
	std::string asmcodearry;//存储AsmAdd的指令
	char Asmcalladdr[MAX_PATH]; //记录保存CALL指令
	LPVOID allocatememory;
	
	
	DWORD TSGetFindDataAddr(wchar_t* strs, DWORD pid);//读取要读写的多层级别的地址指针
	bool TSGetaddr_range(wchar_t* strs,LONG &begin,LONG &end,DWORD *addr_range,int &nconut); //读取要找的地址集合
	bool TSGetDataValue(wchar_t* strs,DWORD *Data_range,int &nconut);
	//void FindDataThread(void *para);
	bool GetFindaddr(HANDLE hprocess,PVOID  lpbegin,PVOID lpend,DWORD *ibegin,DWORD *ipend,int &ncount);

	DWORD GetCallstartData(DWORD Allocaddr,DWORD * startaddr,char *code=NULL);//获取CALL地址前的汇编指令
	};