E:/PROJECTS/cvsed/mixed/VIRTUA~1/kdclient/patchapi.cpp File Reference

Contains implementation for API simplifying VM patching. More...

#include "stdafx.h"
#include "patchapi.h"
#include "findproc.h"
#include <TlHelp32.h>
#include <assert.h>
#include "loader.h"
#include "hook64.h"
#include "32to64.h"
#include <bzswin/wow64.h>
#include <ShellApi.h>
#include "../VBoxDD/VBoxCmdLine.h"

Include dependency graph for patchapi.cpp:

Go to the source code of this file.

Functions

static bool IsRundll64Required (unsigned PID)

void EnableDebugPrivilege ()

Enables debugging privilege for calling process. Required to debug system services.

HANDLE CreateVMSessionList ()

Creates a list of active VM sessions.

void CloseVMSessionList (HANDLE hList)

Frees a list of active VM sessions.

unsigned GetNextVMSessionPID (HANDLE hList)

Gets a PID of a next VM session from a given list.

unsigned GetNextVMSessionPIDEx (HANDLE hList, VMType *pVMType)

unsigned SessionNameFromVMWareCmdLineW (wchar_t *pszCmdLine, wchar_t *pName, size_t MaxNameLength)

unsigned SessionNameFromVMCmdLineW (wchar_t *pszCmdLine, wchar_t *pName, size_t MaxNameLength)

unsigned GetVMSessionNameW (unsigned PID, wchar_t *pName, size_t MaxNameLength)

Retrieves the name of a virtual machine (VM directory name), corresponding to a given session PID.

bool IsVMSessionPatched (unsigned PID)

Determines, whether a given VM session is already patched by KDVM.

HANDLE StartPatcherThread (unsigned PID, DWORD *pPatcherThreadID=NULL)

HANDLE StartUnpatcherThread (unsigned PID, DWORD *pPatcherThreadID=NULL)

static bool DoSynchronousThreadOperation (HANDLE hThread)

bool PatchVMSessionIfNeeded (unsigned PID)

Loads KDCLIENT.DLL into VM session, if it is not already loaded.

bool UnpatchVMSessionIfNeeded (unsigned PID)

Unloads KDCLIENT.DLL from a VM session, if it was loaded.

HTHREAD StartVMSessionPatching (unsigned PID)

Unloads KDCLIENT.DLL from a VM session, if it was loaded. Returns NULL if already done.

HTHREAD StartVMSessionUnpatching (unsigned PID)

Unloads KDCLIENT.DLL from a VM session, if it was loaded. Returns NULL if already done.

int FindVMSessionByNameW (const wchar_t *pName)

Returns a PID of a VM session with a given name (VM dir name), or 0 if it does not exist.

unsigned GetVMPipeNameW (unsigned PID, wchar_t *pName, size_t MaxNameLength, bool TryReconstructingIfNotAvailable)

Gets a pipe name for a given VM session.

Variables

BazisLib::WOW64APIProvider g_Wow64

HMODULE g_hThisDll

static bool s_bUserWarnedAboutVBox = false

Detailed Description

Contains implementation for API simplifying VM patching.

Author:: Ivan Shcherbakov (Bazis)

Id: patchapi.cpp,v 1.5 2009/06/07 15:31:55 Administrator Exp

Definition in file patchapi.cpp.

Function Documentation

void CloseVMSessionList ( HANDLE hList )

Frees a list of active VM sessions.

Definition at line 68 of file patchapi.cpp.

HANDLE CreateVMSessionList ( )

Creates a list of active VM sessions.

Returns:: If this function succeeds, it returns a handle that can be used with GetNextVMSessionPID(). If the function fails, it returns INVALID_HANDLE_VALUE.

Remarks:: All handles obtained by this function should be closed with CloseVMSessionList().

Definition at line 54 of file patchapi.cpp.

static bool DoSynchronousThreadOperation ( HANDLE hThread ) [static]

Definition at line 232 of file patchapi.cpp.

void EnableDebugPrivilege ( )

Enables debugging privilege for calling process. Required to debug system services.

Definition at line 34 of file patchapi.cpp.

int FindVMSessionByNameW ( const wchar_t * pName )

Returns a PID of a VM session with a given name (VM dir name), or 0 if it does not exist.

Definition at line 316 of file patchapi.cpp.

Here is the call graph for this function:

unsigned GetNextVMSessionPID ( HANDLE hList )

Gets a PID of a next VM session from a given list.

Returns:: If no more VM sessions exist in the list, this function returns zero.

Remarks:: To get a full list of VM session PIDs, simply call GetNextVMSessionPID() with a given list handle repeatedly, until it returns zero.

Definition at line 73 of file patchapi.cpp.

Here is the call graph for this function:

unsigned GetNextVMSessionPIDEx	(	HANDLE	hList,
		VMType *	pVMType
	)

Definition at line 78 of file patchapi.cpp.

Here is the call graph for this function:

unsigned GetVMPipeNameW	(	unsigned	PID,
		wchar_t *	pName,
		size_t	MaxNameLength,
		bool	TryReconstructingIfNotAvailable
	)

Gets a pipe name for a given VM session.

Definition at line 337 of file patchapi.cpp.

Here is the call graph for this function:

unsigned GetVMSessionNameW	(	unsigned	PID,
		wchar_t *	pName,
		size_t	MaxNameLength
	)

Retrieves the name of a virtual machine (VM directory name), corresponding to a given session PID.

Definition at line 164 of file patchapi.cpp.

Here is the call graph for this function:

static bool IsRundll64Required ( unsigned PID ) [static]

Definition at line 22 of file patchapi.cpp.

bool IsVMSessionPatched ( unsigned PID )

Determines, whether a given VM session is already patched by KDVM.

Definition at line 182 of file patchapi.cpp.

Here is the call graph for this function:

bool PatchVMSessionIfNeeded ( unsigned PID )

Loads KDCLIENT.DLL into VM session, if it is not already loaded.

Definition at line 248 of file patchapi.cpp.

Here is the call graph for this function:

unsigned SessionNameFromVMCmdLineW	(	wchar_t *	pszCmdLine,
		wchar_t *	pName,
		size_t	MaxNameLength
	)

Definition at line 148 of file patchapi.cpp.

Here is the call graph for this function:

unsigned SessionNameFromVMWareCmdLineW	(	wchar_t *	pszCmdLine,
		wchar_t *	pName,
		size_t	MaxNameLength
	)

Definition at line 115 of file patchapi.cpp.

HANDLE StartPatcherThread	(	unsigned	PID,
		DWORD *	pPatcherThreadID = `NULL`
	)

Definition at line 198 of file patchapi.cpp.

Here is the call graph for this function:

HANDLE StartUnpatcherThread	(	unsigned	PID,
		DWORD *	pPatcherThreadID = `NULL`
	)

Definition at line 221 of file patchapi.cpp.

Here is the call graph for this function:

HTHREAD StartVMSessionPatching ( unsigned PID )

Unloads KDCLIENT.DLL from a VM session, if it was loaded. Returns NULL if already done.

Definition at line 270 of file patchapi.cpp.

Here is the call graph for this function:

HTHREAD StartVMSessionUnpatching ( unsigned PID )

Unloads KDCLIENT.DLL from a VM session, if it was loaded. Returns NULL if already done.

Definition at line 293 of file patchapi.cpp.

Here is the call graph for this function:

bool UnpatchVMSessionIfNeeded ( unsigned PID )

Unloads KDCLIENT.DLL from a VM session, if it was loaded.

Definition at line 259 of file patchapi.cpp.

Here is the call graph for this function:

Variable Documentation

HMODULE g_hThisDll

Definition at line 12 of file dllmain.cpp.

BazisLib::WOW64APIProvider g_Wow64

Definition at line 20 of file patchapi.cpp.

bool s_bUserWarnedAboutVBox = false [static]

Definition at line 196 of file patchapi.cpp.


Functions
static bool	IsRundll64Required (unsigned PID)
void	EnableDebugPrivilege ()
	Enables debugging privilege for calling process. Required to debug system services.
HANDLE	CreateVMSessionList ()
	Creates a list of active VM sessions.
void	CloseVMSessionList (HANDLE hList)
	Frees a list of active VM sessions.
unsigned	GetNextVMSessionPID (HANDLE hList)
	Gets a PID of a next VM session from a given list.
unsigned	GetNextVMSessionPIDEx (HANDLE hList, VMType *pVMType)
unsigned	SessionNameFromVMWareCmdLineW (wchar_t pszCmdLine, wchar_t pName, size_t MaxNameLength)
unsigned	SessionNameFromVMCmdLineW (wchar_t pszCmdLine, wchar_t pName, size_t MaxNameLength)
unsigned	GetVMSessionNameW (unsigned PID, wchar_t *pName, size_t MaxNameLength)
	Retrieves the name of a virtual machine (VM directory name), corresponding to a given session PID.
bool	IsVMSessionPatched (unsigned PID)
	Determines, whether a given VM session is already patched by KDVM.
HANDLE	StartPatcherThread (unsigned PID, DWORD *pPatcherThreadID=NULL)
HANDLE	StartUnpatcherThread (unsigned PID, DWORD *pPatcherThreadID=NULL)
static bool	DoSynchronousThreadOperation (HANDLE hThread)
bool	PatchVMSessionIfNeeded (unsigned PID)
	Loads KDCLIENT.DLL into VM session, if it is not already loaded.
bool	UnpatchVMSessionIfNeeded (unsigned PID)
	Unloads KDCLIENT.DLL from a VM session, if it was loaded.
HTHREAD	StartVMSessionPatching (unsigned PID)
	Unloads KDCLIENT.DLL from a VM session, if it was loaded. Returns NULL if already done.
HTHREAD	StartVMSessionUnpatching (unsigned PID)
	Unloads KDCLIENT.DLL from a VM session, if it was loaded. Returns NULL if already done.
int	FindVMSessionByNameW (const wchar_t *pName)
	Returns a PID of a VM session with a given name (VM dir name), or 0 if it does not exist.
unsigned	GetVMPipeNameW (unsigned PID, wchar_t *pName, size_t MaxNameLength, bool TryReconstructingIfNotAvailable)
	Gets a pipe name for a given VM session.
Variables
BazisLib::WOW64APIProvider	g_Wow64
HMODULE	g_hThisDll
static bool	s_bUserWarnedAboutVBox = false