文件映射相关操作(CreateFileMapping\MapViewOfFile)--TitanEngine
日期: 2020-05-12 分类: 个人收藏 386次阅读
BOOL KtMapFileEx(const wchar_t* FileName, DWORD ReadOrWrite,
LPHANDLE FileHandle, LPDWORD FileSize,
LPHANDLE FileMap, LPVOID FileMapVA,
DWORD SizeModifier)
{
DWORD FileAccess = 0;
DWORD FileMapType = 0;
DWORD FileMapViewType = 0;
if (ReadOrWrite == UE_ACCESS_READ)
{
FileAccess = GENERIC_READ;
FileMapType = PAGE_READONLY;
FileMapViewType = FILE_MAP_READ;
}
else if (ReadOrWrite == UE_ACCESS_WRITE)
{
FileAccess = GENERIC_WRITE;
FileMapType = PAGE_READWRITE;
FileMapViewType = FILE_MAP_WRITE;
}
else if (ReadOrWrite == UE_ACCESS_ALL)
{
FileAccess = GENERIC_READ + GENERIC_WRITE + GENERIC_EXECUTE;
FileMapType = PAGE_EXECUTE_READWRITE;
FileMapViewType = FILE_MAP_WRITE;
}
else
{
FileAccess = GENERIC_READ + GENERIC_WRITE + GENERIC_EXECUTE;
FileMapType = PAGE_EXECUTE_READWRITE;
FileMapViewType = FILE_MAP_ALL_ACCESS;
}
HANDLE v1 = CreateFileW(FileName,
FileAccess,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (v1 != INVALID_HANDLE_VALUE)
{
*FileHandle = v1;
DWORD v7 = GetFileSize(v1, NULL);
v7 = v7 + SizeModifier;
*FileSize = v7;
HANDLE v5 = CreateFileMapping(v1,
NULL,
FileMapType,
NULL,
v7,
NULL);
if (v5 != NULL)
{
*FileMap = v5;
LPVOID v10 = MapViewOfFile(v5, FileMapViewType, NULL, NULL, NULL);
/*
v10 = 0x003b0000
0x003B0000 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff MZ?...........
0x003B000E 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 ..?.......@...
0x003B001C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..............
0x003B002A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..............
0x003B0038 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 ....?.....?..?
0x003B0046 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 .?!?.L?!This p
0x003B0054 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 rogram cannot
0x003B0062 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 be run in DOS
0x003B0070 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 mode....$.....
*/
if (v10 != NULL)//v10是映射出来的地址
{
//将v10所指向的地址值放入FileMapVA中
RtlMoveMemory(FileMapVA, &v10, sizeof ULONG_PTR);
return true;
}
}
RtlZeroMemory(FileMapVA, sizeof ULONG_PTR);
*FileHandle = NULL;
*FileSize = NULL;
KtCloseHandle(v1);
}
else
{
RtlZeroMemory(FileMapVA, sizeof ULONG_PTR);
}
return false;
}
VOID KtUnMapFileEx(HANDLE FileHandle, DWORD FileSize, HANDLE FileMap, ULONG_PTR FileMapVA)
{
if (UnmapViewOfFile((void*)FileMapVA))
{
KtCloseHandle(FileMap);
SetFilePointer(FileHandle, FileSize, NULL, FILE_BEGIN);
SetEndOfFile(FileHandle);
KtCloseHandle(FileHandle);
}
}
除特别声明,本站所有文章均为原创,如需转载请以超级链接形式注明出处:SmartCat's Blog
标签:经典开源代码笔记积累
上一篇: 用5G或需要换SIM卡;微软将放弃对32位Windows 10系统支持;TypeScript 3.9发布|极客头条...
下一篇: 使用CreateRemoteThread进行Dll注入(Win7-x86\x64 Win10-x86\x64)
精华推荐