Last active
August 29, 2015 14:02
-
-
Save Noitidart/f691ab9a750f24be346f to your computer and use it in GitHub Desktop.
trying to get win task bar to seperate windows in winxp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Cu.import('resource://gre/modules/ctypes.jsm'); | |
var kernel32 = ctypes.open('kernel32.dll'); | |
var user32 = ctypes.open('user32.dll'); | |
/* http://msdn.microsoft.com/en-us/library/windows/desktop/ms633500%28v=vs.85%29.aspx | |
* HWND WINAPI FindWindowEx( | |
* __in_opt_ HWND hwndParent, | |
* __in_opt_ HWND hwndChildAfter, | |
* __in_opt_ LPCTSTR lpszClass, | |
* __in_opt_ LPCTSTR lpszWindow | |
* ); | |
*/ | |
var FindWindowEx = user32.declare('FindWindowExW', ctypes.winapi_abi, ctypes.voidptr_t, // HWND | |
ctypes.voidptr_t, // HWND | |
ctypes.voidptr_t, // HWND | |
ctypes.jschar.ptr, // LPCTSTR | |
ctypes.jschar.ptr // LPCTSTR | |
); | |
/* UNDOCUMENTED | |
* HWND WINAPI GetTaskmanWindow( | |
* ); | |
*/ | |
var GetTaskmanWindow = user32.declare('GetTaskmanWindow', ctypes.winapi_abi, ctypes.voidptr_t // HWND | |
); | |
/* http://msdn.microsoft.com/en-us/library/windows/desktop/ms644950%28v=vs.85%29.aspx | |
* LRESULT WINAPI SendMessage( | |
* __in HWND hWnd, | |
* __in UINT Msg, | |
* __in WPARAM wParam, | |
* __in LPARAM lParam | |
* ); | |
*/ | |
var SendMessage = user32.declare('SendMessageW', ctypes.winapi_abi, ctypes.uintptr_t, // LRESULT | |
ctypes.voidptr_t, // HWND | |
ctypes.unsigned_int, // UINT | |
ctypes.int32_t, // WPARAM | |
ctypes.voidptr_t // LPARAM | |
); | |
var struct_TBButton; | |
if (ctypes.voidptr_t.size == 4 /* 32-bit */ ) { | |
struct_TBButton = ctypes.StructType('TBButton', [ | |
{'iBitmap': ctypes.int}, | |
{'idCommand': ctypes.int}, | |
{'fbState': ctypes.unsigned_char}, | |
{'fsStyle': ctypes.unsigned_char}, | |
{'bReserved': ctypes.unsigned_char}, | |
{'bReserved2': ctypes.unsigned_char}, | |
{'dwData': ctypes.uintptr_t}, | |
{'iString': ctypes.intptr_t} | |
]); | |
} else if (ctypes.voidptr_t.size == 8 /* 64-bit */ ) { | |
struct_TBButton = ctypes.StructType('TBButton', [ | |
{'iBitmap': ctypes.int}, | |
{'idCommand': ctypes.int}, | |
{'fbState': ctypes.unsigned_char}, | |
{'fsStyle': ctypes.unsigned_char}, | |
{'bReserved': ctypes.unsigned_char}, | |
{'bReserved2': ctypes.unsigned_char}, | |
{'bReserved3': ctypes.unsigned_char}, | |
{'bReserved4': ctypes.unsigned_char}, | |
{'bReserved5': ctypes.unsigned_char}, | |
{'bReserved6': ctypes.unsigned_char}, | |
{'dwData': ctypes.uintptr_t}, | |
{'iString': ctypes.intptr_t} | |
]); | |
} else { | |
throw new Error('should never get here as process has to be either 32bit or 64bit'); | |
} | |
//console.log(struct_TBButton.size); // 20 on 32-bit, 32 on 64-bit | |
/* http://msdn.microsoft.com/en-us/library/windows/desktop/ms684320%28v=vs.85%29.aspx | |
* HANDLE WINAPI OpenProcess( | |
* __in_ DWORD dwDesiredAccess, | |
* __in_ BOOL bInheritHandle, | |
* __in_ DWORD dwProcessId | |
* ); | |
*/ | |
var OpenProcess = kernel32.declare('OpenProcess', ctypes.winapi_abi, ctypes.voidptr_t, //HANDLE | |
ctypes.unsigned_long, //DWORD | |
ctypes.bool, //BOOL | |
ctypes.unsigned_long //DWORD | |
); | |
/* http://msdn.microsoft.com/en-us/library/windows/desktop/aa366890%28v=vs.85%29.aspx | |
* LPVOID WINAPI VirtualAllocEx( | |
* __in_ HANDLE hProcess, | |
* __in_opt_ LPVOID lpAddress, | |
* __in_ SIZE_T dwSize, | |
* __in_ DWORD flAllocationType, | |
* __in_ DWORD flProtect | |
* ); | |
*/ | |
var VirtualAllocEx = kernel32.declare('VirtualAllocEx', ctypes.winapi_abi, ctypes.voidptr_t, //LPVOID | |
ctypes.voidptr_t, //HANDLE | |
ctypes.voidptr_t, //LPVOID | |
ctypes.voidptr_t.size == 8 ? ctypes.uint64_t : ctypes.unsigned_long, //SIZE_T | |
ctypes.unsigned_long, //DWORD | |
ctypes.unsigned_long //DWORD | |
); | |
/* http://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx | |
* BOOL WINAPI WriteProcessMemory( | |
* __in_ HANDLE hProcess, | |
* __in_ LPVOID lpBaseAddress, | |
* __in_ LPCVOID lpBuffer, | |
* __in_ SIZE_T nSize, | |
* __out_ SIZE_T *lpNumberOfBytesWritten | |
* ); | |
*/ | |
var WriteProcessMemory = kernel32.declare('WriteProcessMemory', ctypes.winapi_abi, ctypes.bool, //BOOL | |
ctypes.voidptr_t, //HANDLE | |
ctypes.voidptr_t, //LPVOID | |
ctypes.voidptr_t, //ctypes.char.ptr, //LPCVOID | |
ctypes.voidptr_t.size == 8 ? ctypes.uint64_t : ctypes.unsigned_long, //SIZE_T | |
ctypes.voidptr_t.size == 8 ? ctypes.uint64_t : ctypes.unsigned_long //SIZE_T | |
); | |
/* http://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx | |
* BOOL WINAPI ReadProcessMemory( | |
* __in_ HANDLE hProcess, | |
* __in_ LPCVOID lpBaseAddress, | |
* __out_ LPVOID lpBuffer, | |
* __in_ SIZE_T nSize, | |
* __out_ SIZE_T *lpNumberOfBytesRead | |
* ); | |
*/ | |
var ReadProcessMemory = kernel32.declare('ReadProcessMemory', ctypes.winapi_abi, ctypes.bool, //BOOL | |
ctypes.voidptr_t, //HANDLE | |
ctypes.voidptr_t, //ctypes.char.ptr, //LPCVOID | |
ctypes.voidptr_t, //LPVOID | |
ctypes.voidptr_t.size == 8 ? ctypes.uint64_t : ctypes.unsigned_long, //SIZE_T | |
ctypes.voidptr_t.size == 8 ? ctypes.uint64_t : ctypes.unsigned_long //SIZE_T | |
); | |
/* http://msdn.microsoft.com/en-us/library/windows/desktop/aa366894%28v=vs.85%29.aspx | |
* BOOL WINAPI VirtualFreeEx( | |
* __in_ HANDLE hProcess, | |
* __in_ LPVOID lpAddress, | |
* __in_ SIZE_T dwSize, | |
* __in_ DWORD dwFreeType | |
* ); | |
*/ | |
var VirtualFreeEx = kernel32.declare('VirtualFreeEx', ctypes.winapi_abi, ctypes.bool, //BOOL | |
ctypes.voidptr_t, //HANDLE | |
ctypes.voidptr_t, //LPVOID | |
ctypes.voidptr_t.size == 8 ? ctypes.uint64_t : ctypes.unsigned_long, //SIZE_T | |
ctypes.unsigned_long //DWORD | |
); | |
/* http://msdn.microsoft.com/en-us/library/windows/desktop/ms633522%28v=vs.85%29.aspx | |
* DWORD WINAPI GetWindowThreadProcessId( | |
* __in_ HWND hWnd, | |
* __out_opt_ LPDWORD lpdwProcessId | |
* ); | |
*/ | |
var GetWindowThreadProcessId = user32.declare('GetWindowThreadProcessId', ctypes.winapi_abi, ctypes.unsigned_long, //DWORD | |
ctypes.voidptr_t, //HWND | |
ctypes.unsigned_long.ptr //LPDWORD | |
); | |
///int main() | |
var me = Services.wm.getMostRecentWindow(null); | |
function main() { | |
var hHwnd = GetTaskmanWindow(); | |
if (!hHwnd) { | |
console.error('Failed to get GetTaskmanWindow!'); | |
return; | |
} | |
var hToolbar = FindWindowEx(hHwnd, ctypes.voidptr_t(0), 'ToolbarWindow32', null); | |
if (!hToolbar) { | |
console.error('Failed to get toolbar window!'); | |
return; | |
} | |
ralloc_constr(hToolbar); | |
var Count = SendMessage(hToolbar, 0x418 /** TB_BUTTONCOUNT **/ , 0, ctypes.voidptr_t(0)); | |
Services.wm.getMostRecentWindow(null).alert('Count of taskbar buttons = ' + Count); | |
for (var i = 0; i < Count; i++) { | |
var local_tbb = new struct_TBButton(); | |
remote_tbb = ralloc_alloc(struct_TBButton.size); | |
var rez = SendMessage(hToolbar, 0x417 /** TB_GETBUTTON **/ , i, ctypes.voidptr_t(remote_tbb)); | |
me.alert('SendMessage on TB_GETBUTTON = ' + rez); | |
var retRead = ralloc_read(remote_tbb, local_tbb.address()); | |
console.log('retRead=', retRead); | |
console.info('local_tbb ' + i, local_tbb); | |
for (var n in local_tbb) { | |
console.log(n, local_tbb[n]); | |
try { | |
console.log('toString', n, local_tbb[n].toString()); | |
} catch (ignore) {} | |
} | |
var freed = ralloc_free(remote_tbb); | |
console.log('freed', freed); | |
} | |
} | |
/*realloc_t class. | |
*I'm not going to make an actual declaration, | |
*because im lazy | |
*just stick the functions here | |
*/ | |
var PROCESS_VM_READ = 0x0010 | |
var PROCESS_VM_WRITE = 0x0020; | |
var PROCESS_VM_OPERATION = 0x0008; | |
var MEM_COMMIT = 0x1000; | |
var MEM_RESERVE = 0x2000; | |
var MEM_RELEASE = 0x8000; | |
var PAGE_READWRITE = 0x04; | |
var FALSE = 0; | |
var TRUE = 1; | |
var proc; | |
var buffers = []; /*MAP={output of virtualMallocEX, size}*/ | |
function ralloc_constr(hwnd) { | |
var pid = ctypes.cast(ctypes.voidptr_t(0), ctypes.unsigned_long); | |
var rez = GetWindowThreadProcessId(hwnd, pid.address()); | |
if (!rez) { | |
console.warn('dang, no dice on GetWindowThreadProcessId'); | |
} | |
proc = OpenProcess(PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, pid); | |
if (!proc) { | |
console.warn('no open for me!'); | |
} | |
} | |
function ralloc_alloc(size) { | |
var ret_address = VirtualAllocEx(proc, ctypes.voidptr_t(0), size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); | |
buffers.push([ret_address, size]); | |
return ret_address; | |
} | |
function ralloc_free(address) { | |
var found_addr; | |
for (var i = 0; i < buffers.length; i++) { | |
if (buffers[i][0] == address) { | |
found_addr = buffers[i] | |
break; | |
} | |
} | |
if (!found_addr) { | |
return null; | |
} | |
var rez = VirtualFreeEx(proc, found_addr[0], found_addr[1], MEM_RELEASE); | |
return rez; | |
} | |
/*local must be array as we need it passed as reference for one reason. readprocessmemory returns to that*/ | |
function ralloc_read(remote_address, local_buffer) { | |
var found_addr; | |
for (var i = 0; i < buffers.length; i++) { | |
if (buffers[i][0] == remote_address) { | |
found_addr = buffers[i] | |
break; | |
} | |
} | |
if (!found_addr) { | |
return null; | |
} | |
/*using the found remote address(found_addr[0]), | |
*i read size bytes (found_addr[1]) into my local_buffer*/ | |
//console.info('found_addr[0]', found_addr[0].toString()); | |
var rez = ReadProcessMemory(proc, found_addr[0], local_buffer, found_addr[1], 0); | |
return rez; | |
} | |
function ralloc_write(remote_address, local_buffer) { | |
var found_addr; | |
for (var i = 0; i < buffers.length; i++) { | |
if (buffers[i][0] == remote_address) { | |
found_addr = buffers[i] | |
break; | |
} | |
} | |
if (!found_addr) { | |
return null; | |
} | |
/*using the found remote address(found_addr[0]), | |
*write size bytes (found_addr[1]) from local_buffer to the remote address*/ | |
var rez = WriteProcessMemory(proc, found_addr[0], local_buffer, found_addr[1], 0) | |
return rez; | |
} | |
main(); |
trying to get button text
Cu.import('resource://gre/modules/ctypes.jsm');
var kernel32 = ctypes.open('kernel32.dll');
var user32 = ctypes.open('user32.dll');
/* http://msdn.microsoft.com/en-us/library/windows/desktop/ms633500%28v=vs.85%29.aspx
* HWND WINAPI FindWindowEx(
* __in_opt_ HWND hwndParent,
* __in_opt_ HWND hwndChildAfter,
* __in_opt_ LPCTSTR lpszClass,
* __in_opt_ LPCTSTR lpszWindow
* );
*/
var FindWindowEx = user32.declare('FindWindowExW', ctypes.winapi_abi, ctypes.voidptr_t, // HWND
ctypes.voidptr_t, // HWND
ctypes.voidptr_t, // HWND
ctypes.jschar.ptr, // LPCTSTR
ctypes.jschar.ptr // LPCTSTR
);
/* UNDOCUMENTED
* HWND WINAPI GetTaskmanWindow(
* );
*/
var GetTaskmanWindow = user32.declare('GetTaskmanWindow', ctypes.winapi_abi, ctypes.voidptr_t // HWND
);
/* http://msdn.microsoft.com/en-us/library/windows/desktop/ms644950%28v=vs.85%29.aspx
* LRESULT WINAPI SendMessage(
* __in HWND hWnd,
* __in UINT Msg,
* __in WPARAM wParam,
* __in LPARAM lParam
* );
*/
var SendMessage = user32.declare('SendMessageW', ctypes.winapi_abi, ctypes.uintptr_t, // LRESULT
ctypes.voidptr_t, // HWND
ctypes.unsigned_int, // UINT
ctypes.int32_t, // WPARAM
ctypes.voidptr_t // LPARAM
);
var struct_TBButton;
if (ctypes.voidptr_t.size == 4 /* 32-bit */ ) {
struct_TBButton = ctypes.StructType('TBButton', [
{'iBitmap': ctypes.int},
{'idCommand': ctypes.int},
{'fbState': ctypes.unsigned_char},
{'fsStyle': ctypes.unsigned_char},
{'bReserved': ctypes.unsigned_char},
{'bReserved2': ctypes.unsigned_char},
{'dwData': ctypes.uintptr_t},
{'iString': ctypes.intptr_t}
]);
} else if (ctypes.voidptr_t.size == 8 /* 64-bit */ ) {
struct_TBButton = ctypes.StructType('TBButton', [
{'iBitmap': ctypes.int},
{'idCommand': ctypes.int},
{'fbState': ctypes.unsigned_char},
{'fsStyle': ctypes.unsigned_char},
{'bReserved': ctypes.unsigned_char},
{'bReserved2': ctypes.unsigned_char},
{'bReserved3': ctypes.unsigned_char},
{'bReserved4': ctypes.unsigned_char},
{'bReserved5': ctypes.unsigned_char},
{'bReserved6': ctypes.unsigned_char},
{'dwData': ctypes.uintptr_t},
{'iString': ctypes.intptr_t}
]);
} else {
throw new Error('should never get here as process has to be either 32bit or 64bit');
}
//console.log(struct_TBButton.size); // 20 on 32-bit, 32 on 64-bit
var TB_HIDEBUTTON = 0x404;
var TB_GETBUTTON = 0x417;
var TB_BUTTONCOUNT = 0x418;
var TB_GETBUTTONTEXTA = 0x42D;
var TB_GETBUTTONTEXTW = 0x44B;
var TBSTATE_CHECKED = 0x01;
var TBSTATE_PRESSED = 0x02;
var TBSTATE_ENABLED = 0x04;
var TBSTATE_HIDDEN = 0x08;
var TBSTATE_INDETERMINATE = 0x10;
var TBSTATE_WRAP = 0x20;
var TBSTATE_ELLIPSES = 0x40;
var TBSTATE_MARKED = 0x80;
/* http://msdn.microsoft.com/en-us/library/windows/desktop/ms684320%28v=vs.85%29.aspx
* HANDLE WINAPI OpenProcess(
* __in_ DWORD dwDesiredAccess,
* __in_ BOOL bInheritHandle,
* __in_ DWORD dwProcessId
* );
*/
var OpenProcess = kernel32.declare('OpenProcess', ctypes.winapi_abi, ctypes.voidptr_t, //HANDLE
ctypes.unsigned_long, //DWORD
ctypes.bool, //BOOL
ctypes.unsigned_long //DWORD
);
/* http://msdn.microsoft.com/en-us/library/windows/desktop/aa366890%28v=vs.85%29.aspx
* LPVOID WINAPI VirtualAllocEx(
* __in_ HANDLE hProcess,
* __in_opt_ LPVOID lpAddress,
* __in_ SIZE_T dwSize,
* __in_ DWORD flAllocationType,
* __in_ DWORD flProtect
* );
*/
var VirtualAllocEx = kernel32.declare('VirtualAllocEx', ctypes.winapi_abi, ctypes.voidptr_t, //LPVOID
ctypes.voidptr_t, //HANDLE
ctypes.voidptr_t, //LPVOID
ctypes.voidptr_t.size == 8 ? ctypes.uint64_t : ctypes.unsigned_long, //SIZE_T
ctypes.unsigned_long, //DWORD
ctypes.unsigned_long //DWORD
);
/* http://msdn.microsoft.com/en-us/library/windows/desktop/ms681674%28v=vs.85%29.aspx
* BOOL WINAPI WriteProcessMemory(
* __in_ HANDLE hProcess,
* __in_ LPVOID lpBaseAddress,
* __in_ LPCVOID lpBuffer,
* __in_ SIZE_T nSize,
* __out_ SIZE_T *lpNumberOfBytesWritten
* );
*/
var WriteProcessMemory = kernel32.declare('WriteProcessMemory', ctypes.winapi_abi, ctypes.bool, //BOOL
ctypes.voidptr_t, //HANDLE
ctypes.voidptr_t, //LPVOID
ctypes.voidptr_t, //ctypes.char.ptr, //LPCVOID
ctypes.voidptr_t.size == 8 ? ctypes.uint64_t : ctypes.unsigned_long, //SIZE_T
ctypes.voidptr_t.size == 8 ? ctypes.uint64_t : ctypes.unsigned_long //SIZE_T
);
/* http://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx
* BOOL WINAPI ReadProcessMemory(
* __in_ HANDLE hProcess,
* __in_ LPCVOID lpBaseAddress,
* __out_ LPVOID lpBuffer,
* __in_ SIZE_T nSize,
* __out_ SIZE_T *lpNumberOfBytesRead
* );
*/
var ReadProcessMemory = kernel32.declare('ReadProcessMemory', ctypes.winapi_abi, ctypes.bool, //BOOL
ctypes.voidptr_t, //HANDLE
ctypes.voidptr_t, //ctypes.char.ptr, //LPCVOID
ctypes.voidptr_t, //LPVOID
ctypes.voidptr_t.size == 8 ? ctypes.uint64_t : ctypes.unsigned_long, //SIZE_T
ctypes.voidptr_t.size == 8 ? ctypes.uint64_t : ctypes.unsigned_long //SIZE_T
);
/* http://msdn.microsoft.com/en-us/library/windows/desktop/aa366894%28v=vs.85%29.aspx
* BOOL WINAPI VirtualFreeEx(
* __in_ HANDLE hProcess,
* __in_ LPVOID lpAddress,
* __in_ SIZE_T dwSize,
* __in_ DWORD dwFreeType
* );
*/
var VirtualFreeEx = kernel32.declare('VirtualFreeEx', ctypes.winapi_abi, ctypes.bool, //BOOL
ctypes.voidptr_t, //HANDLE
ctypes.voidptr_t, //LPVOID
ctypes.voidptr_t.size == 8 ? ctypes.uint64_t : ctypes.unsigned_long, //SIZE_T
ctypes.unsigned_long //DWORD
);
/* http://msdn.microsoft.com/en-us/library/windows/desktop/ms633522%28v=vs.85%29.aspx
* DWORD WINAPI GetWindowThreadProcessId(
* __in_ HWND hWnd,
* __out_opt_ LPDWORD lpdwProcessId
* );
*/
var GetWindowThreadProcessId = user32.declare('GetWindowThreadProcessId', ctypes.winapi_abi, ctypes.unsigned_long, //DWORD
ctypes.voidptr_t, //HWND
ctypes.unsigned_long.ptr //LPDWORD
);
///int main()
var me = Services.wm.getMostRecentWindow(null);
function main() {
var hHwnd = GetTaskmanWindow();
if (!hHwnd) {
console.error('Failed to get GetTaskmanWindow!');
return;
}
var hToolbar = FindWindowEx(hHwnd, ctypes.voidptr_t(0), 'ToolbarWindow32', null);
if (!hToolbar) {
console.error('Failed to get toolbar window!');
return;
}
ralloc_constr(hToolbar);
var Count = SendMessage(hToolbar, TB_BUTTONCOUNT, 0, ctypes.voidptr_t(0));
Services.wm.getMostRecentWindow(null).alert('Count of taskbar buttons = ' + Count);
for (var i = 0; i < Count; i++) {
var local_tbb = new struct_TBButton();
remote_tbb = ralloc_alloc(struct_TBButton.size);
var rez = SendMessage(hToolbar, TB_GETBUTTON, i, ctypes.voidptr_t(remote_tbb));
if (!rez) {
console.error('Failed on SendMessage of TB_GETBUTTON');
me.alert('Failed on SendMessage of TB_GETBUTTON = ' + rez);
return false;
}
var retRead = ralloc_read(remote_tbb, local_tbb.address());
var freed = ralloc_free(remote_tbb);
console.log('freed', freed);
console.info('local_tbb ' + i, local_tbb);
for (var n in local_tbb) {
console.log(n, local_tbb[n]);
try {
console.log('toString', n, local_tbb[n].toString());
} catch (ignore) {}
}
console.info('is button hidden? = ', (local_tbb.fbState & TBSTATE_HIDDEN));
var chars = SendMessage(hToolbar, TB_GETBUTTONTEXTW, local_tbb.idCommand, ctypes.voidptr_t(0)); //chars holds length of characters the button text is
console.log('chars=', chars, chars.toString(), uneval(chars));
if (chars > 0) {
var local_buf = ctypes.jschar; //WCHAR_T
var remote_buf = ralloc_alloc(chars.toString());
var charsRe = SendMessage(hToolbar, TB_GETBUTTONTEXTW, local_tbb.idCommand, ctypes.voidptr_t(remote_buf)); //chars holds length of characters the button text is
console.log('charsRe=', charsRe);
var retRead = ralloc_read(remote_buf, local_buf.address());
console.log('retRead=', retRead);
var freed = ralloc_free(remote_buf);
console.log('freed=', freed);
console.log('Button Text = ', local_buf, local_buf.toString());
} else {
console.log('Button Text = NONE');
}
me.alert('done i = ' + i);
}
}
/*realloc_t class.
*I'm not going to make an actual declaration,
*because im lazy
*just stick the functions here
*/
var PROCESS_VM_READ = 0x0010
var PROCESS_VM_WRITE = 0x0020;
var PROCESS_VM_OPERATION = 0x0008;
var MEM_COMMIT = 0x1000;
var MEM_RESERVE = 0x2000;
var MEM_RELEASE = 0x8000;
var PAGE_READWRITE = 0x04;
var FALSE = 0;
var TRUE = 1;
var proc;
var buffers = []; /*MAP={output of virtualMallocEX, size}*/
function ralloc_constr(hwnd) {
var pid = ctypes.cast(ctypes.voidptr_t(0), ctypes.unsigned_long);
var rez = GetWindowThreadProcessId(hwnd, pid.address());
if (!rez) {
console.warn('dang, no dice on GetWindowThreadProcessId');
}
proc = OpenProcess(PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, pid);
if (!proc) {
console.warn('no open for me!');
}
}
function ralloc_alloc(size) {
var ret_address = VirtualAllocEx(proc, ctypes.voidptr_t(0), size, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
buffers.push([ret_address, size]);
return ret_address;
}
function ralloc_free(address) {
var found_addr;
for (var i = 0; i < buffers.length; i++) {
if (buffers[i][0] == address) {
found_addr = buffers[i]
break;
}
}
if (!found_addr) {
return null;
}
var rez = VirtualFreeEx(proc, found_addr[0], found_addr[1], MEM_RELEASE);
return rez;
}
/*local must be array as we need it passed as reference for one reason. readprocessmemory returns to that*/
function ralloc_read(remote_address, local_buffer) {
var found_addr;
for (var i = 0; i < buffers.length; i++) {
if (buffers[i][0] == remote_address) {
found_addr = buffers[i]
break;
}
}
if (!found_addr) {
return null;
}
/*using the found remote address(found_addr[0]),
*i read size bytes (found_addr[1]) into my local_buffer*/
//console.info('found_addr[0]', found_addr[0].toString());
var rez = ReadProcessMemory(proc, found_addr[0], local_buffer, found_addr[1], 0);
return rez;
}
function ralloc_write(remote_address, local_buffer) {
var found_addr;
for (var i = 0; i < buffers.length; i++) {
if (buffers[i][0] == remote_address) {
found_addr = buffers[i]
break;
}
}
if (!found_addr) {
return null;
}
/*using the found remote address(found_addr[0]),
*write size bytes (found_addr[1]) from local_buffer to the remote address*/
var rez = WriteProcessMemory(proc, found_addr[0], local_buffer, found_addr[1], 0)
return rez;
}
main();
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
README
Continuing work from yajd / _ff-addon-snippet-GetTaskmanWindowCTypes.js (Main Gist and Comments)
Rev3
ReadProcessMemory
/WriteProcessMemory
this avoids the crashRev4
LPCVOID
correct to bectypes.voidptr_t
Rev5
console.info
onlocal_tbb