View previous topic :: View next topic |
Author |
Message |
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Mon Jun 01, 2020 2:17 am Post subject: Also show drivers in the modulelist dropdown for scanning |
|
|
One of my patreon members requested the function to show drivers in the dropdown list for memory scanning, so I made him a script and also posting it here for those that are interested
It builds upon the already existing modulelistscan.lua which is in the autorun folder
Code: |
function getDriverList()
local r
local _need=createMemoryStream()
_need.writeDword(0)
local i
i=ExecuteCodeLocalEx('EnumDeviceDrivers',0,0,_need.Memory)
if i==1 then
local need=readIntegerLocal(_need.Memory)
local _buffer=createMemoryStream()
_buffer.Size=need*2
writeIntegerLocal(_need.Memory,0)
i=ExecuteCodeLocalEx('EnumDeviceDrivers',_buffer.Memory,_buffer.Size,_need.Memory)
if i==1 then
r={}
local _drivername=createMemoryStream()
_drivername.size=255
local need=readIntegerLocal(_need.Memory)
local count=need / 8 --change to 4 if on 32-bit windows
local di
for di=1,count do
r[di]={}
r[di].Base=_buffer.readQword() --change to Dword on 32-bit
ExecuteCodeLocalEx('GetDevicedriverBaseNameA',r[di].Base,_drivername.Memory, 255);
r[di].Name=readStringLocal(_drivername.Memory,255)
ExecuteCodeLocalEx('GetDevicedriverFileNameA',r[di].Base,_drivername.Memory, 255);
local filename=readStringLocal(_drivername.Memory,255)
filename=string.lower(filename) --windows isn't case sensitive
filename=filename:gsub([[\systemroot\]],[[c:\windows\]])
filename=filename:gsub([[\%?%?\]],'')
r[di].Path=filename
r[di].Size=getImageSize(filename)
end
_drivername.destroy()
else
_buffer.destroy()
return nil, "EnumDeviceDrivers with buffer failed"
end
_buffer.destroy()
else
_need.destroy()
return nil, "EnumDeviceDrivers init failed"
end
_need.destroy()
return r
end
function getImageSize(path)
local stream=createMemoryStream()
local f=io.open(path,'r')
if not f then
return nil,'Can not open' --todo, read the kernel memory pe header instead or psloadedModules
end
f:close()
stream.loadFromFile(path)
if (byteTableToString(stream.read(2))~='MZ') then
stream.destroy()
return nil,'Not a valid executable'
end
stream.Position=60;
local lfanew=stream.readDword();
stream.Position=lfanew;
if (byteTableToString(stream.read(2))~='PE') then
stream.destroy()
return nil, 'Not a valid windows executable'
end
stream.Position=stream.Position+2
--fileheader
stream.Position=stream.Position+20
--Optional Header
stream.Position=stream.Position+56
--imagesize
local imagesize=stream.readDword()
stream.destroy()
return imagesize
end
local originalOnDropDown
local originalOnSelect
local currentDriverStartIndex
local currentDriverList
local i
for i=0,MainForm.gbScanOptions.ControlCount-1 do
local c=MainForm.gbScanOptions.Control[i]
if c.ClassName=='TComboBox' then
originalOnDropDown=c.OnDropDown
c.OnDropDown=function(sender)
if originalOnDropDown then
originalOnDropDown(sender)
end
currentDriverStartIndex=c.Items.Count
currentDriverList=getDriverList()
local j
for j=1,#currentDriverList do
c.Items.Add(currentDriverList[j].Name)
end
end
originalOnSelect=c.OnSelect
c.OnSelect=function(sender)
if c.ItemIndex>=currentDriverStartIndex then
local e=currentDriverList[1+c.ItemIndex-currentDriverStartIndex]
showMessage(e.Name)
MainForm.FromAddress.Text=string.format("%.16x",e.Base)
if e.Size then
MainForm.ToAddress.Text=string.format("%.16x",e.Base+e.Size)
else
MainForm.ToAddress.Text=''
end
else
originalOnSelect(sender)
end
end
break
end
end
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
danrevella Master Cheater Reputation: 2
Joined: 11 Jun 2008 Posts: 290
|
Posted: Sun Jun 07, 2020 12:35 am Post subject: |
|
|
hi!!
May you gently tell me how may utilize it?
I have saved it and copied in the autorun dir, but I see no differences at all...
Thanks
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Mon Jun 08, 2020 4:28 am Post subject: |
|
|
This script is an extension to already existing extension.
Add above code at the end of modulelistscan.lua file
or create new file which filename is alphabetically after modulelistscan.lua, e.g. modulelistscan_showdrivers.lua
PS: you probably will want line "showMessage(e.Name)" commented/removed.
_________________
|
|
Back to top |
|
|
Csimbi I post too much Reputation: 94
Joined: 14 Jul 2007 Posts: 3110
|
Posted: Mon Jun 08, 2020 4:49 am Post subject: |
|
|
Good stuff!
Why not make it official and include it in the next release?
|
|
Back to top |
|
|
danrevella Master Cheater Reputation: 2
Joined: 11 Jun 2008 Posts: 290
|
Posted: Mon Jun 08, 2020 5:31 am Post subject: |
|
|
Wow!!!!!!!
@mgr.inz.Player Great!!! Now it works
I do like this extension!!!!!!
@Dark Byte
Many thanks!!!
Now I wanna experiment in running CE as user SYSTEM ^_^
Last moment sad news, after a reboot it no loger work, trying on another computer with win10 2004 NOT working......
Simple I see no differences with the normal version...
Maybe it work only on beta version of CE?
Thanks
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Tue Jun 09, 2020 5:21 am Post subject: |
|
|
what exactly you did? Did you append script to an existing modulelistscan.lua?
_________________
|
|
Back to top |
|
|
danrevella Master Cheater Reputation: 2
Joined: 11 Jun 2008 Posts: 290
|
Posted: Tue Jun 09, 2020 5:25 am Post subject: |
|
|
mgr.inz.Player wrote: | what exactly you did? Did you append script to an existing modulelistscan.lua? |
yes exactelly...
|
|
Back to top |
|
|
|