|
|
|
|
@ -6,45 +6,10 @@
|
|
|
|
|
|
|
|
|
|
namespace physmeme
|
|
|
|
|
{
|
|
|
|
|
//--- ranges of physical memory
|
|
|
|
|
static std::map<std::uintptr_t, std::size_t> pmem_ranges;
|
|
|
|
|
|
|
|
|
|
//--- validates the address
|
|
|
|
|
static bool is_valid(std::uintptr_t addr)
|
|
|
|
|
{
|
|
|
|
|
for (auto range : pmem_ranges)
|
|
|
|
|
if (addr >= range.first && addr <= range.first + range.second)
|
|
|
|
|
return true;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Author: Remy Lebeau
|
|
|
|
|
// taken from here: https://stackoverflow.com/questions/48485364/read-reg-resource-list-memory-values-incorrect-value
|
|
|
|
|
static const auto init_ranges = ([&]() -> bool
|
|
|
|
|
{
|
|
|
|
|
HKEY h_key;
|
|
|
|
|
DWORD type, size;
|
|
|
|
|
LPBYTE data;
|
|
|
|
|
RegOpenKeyEx(HKEY_LOCAL_MACHINE, "HARDWARE\\RESOURCEMAP\\System Resources\\Physical Memory", 0, KEY_READ, &h_key);
|
|
|
|
|
RegQueryValueEx(h_key, ".Translated", NULL, &type, NULL, &size); //get size
|
|
|
|
|
data = new BYTE[size];
|
|
|
|
|
RegQueryValueEx(h_key, ".Translated", NULL, &type, data, &size);
|
|
|
|
|
DWORD count = *(DWORD*)(data + 16);
|
|
|
|
|
auto pmi = data + 24;
|
|
|
|
|
for (int dwIndex = 0; dwIndex < count; dwIndex++)
|
|
|
|
|
{
|
|
|
|
|
pmem_ranges.emplace(*(uint64_t*)(pmi + 0), *(uint64_t*)(pmi + 8));
|
|
|
|
|
pmi += 20;
|
|
|
|
|
}
|
|
|
|
|
delete[] data;
|
|
|
|
|
RegCloseKey(h_key);
|
|
|
|
|
return true;
|
|
|
|
|
})();
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
please code this function depending on your method of physical read/write.
|
|
|
|
|
*/
|
|
|
|
|
static std::uintptr_t map_phys(
|
|
|
|
|
inline std::uintptr_t map_phys(
|
|
|
|
|
std::uintptr_t addr,
|
|
|
|
|
std::size_t size
|
|
|
|
|
)
|
|
|
|
|
@ -62,7 +27,7 @@ namespace physmeme
|
|
|
|
|
/*
|
|
|
|
|
please code this function depending on your method of physical read/write.
|
|
|
|
|
*/
|
|
|
|
|
static bool unmap_phys(
|
|
|
|
|
inline bool unmap_phys(
|
|
|
|
|
std::uintptr_t addr,
|
|
|
|
|
std::size_t size
|
|
|
|
|
)
|
|
|
|
|
@ -76,7 +41,7 @@ namespace physmeme
|
|
|
|
|
/*
|
|
|
|
|
please code this function depending on your method of physical read/write.
|
|
|
|
|
*/
|
|
|
|
|
static HANDLE load_drv()
|
|
|
|
|
inline HANDLE load_drv()
|
|
|
|
|
{
|
|
|
|
|
static const auto load_driver_ptr =
|
|
|
|
|
reinterpret_cast<__int64(*)()>(
|
|
|
|
|
@ -92,7 +57,7 @@ namespace physmeme
|
|
|
|
|
/*
|
|
|
|
|
please code this function depending on your method of physical read/write.
|
|
|
|
|
*/
|
|
|
|
|
static bool unload_drv()
|
|
|
|
|
inline bool unload_drv()
|
|
|
|
|
{
|
|
|
|
|
static const auto unload_driver_ptr =
|
|
|
|
|
reinterpret_cast<__int64(*)()>(
|
|
|
|
|
|
xerox
5 years ago