-
Notifications
You must be signed in to change notification settings - Fork 45
/
Copy pathmain.cpp
117 lines (95 loc) · 3.33 KB
/
main.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#include <iostream>
#include "query_pdb.h"
int main() {
qpdb::set_default_server("http://www.zzzou.xyz:9025");
try {
qpdb pdb(R"(C:\Windows\System32\ntoskrnl.exe)");
// output hex value
std::cout << std::hex;
////////////////////////////////////////////////////////////////////////
// query global offset
{
// method 1
auto offset = pdb.get_symbol("KdpStub");
std::cout << offset << std::endl;
}
{
// method 2
auto offsets = pdb.get_symbol(std::set<std::string>{
"KdpStub",
"MmAccessFault"
});
std::cout << offsets["KdpStub"] << std::endl;
std::cout << offsets["MmAccessFault"] << std::endl;
}
////////////////////////////////////////////////////////////////////////
// query struct field offset
{
// method 1
auto field = pdb.get_struct("_KPROCESS", "DirectoryTableBase");
std::cout << field.offset << ", " << field.bitfield_offset << std::endl;
}
{
// method 2
auto fields = pdb.get_struct(
"_KPROCESS", std::set<std::string>{
"DirectoryTableBase",
"DisableQuantum"
}
);
std::cout << fields["DirectoryTableBase"].offset <<
fields["DirectoryTableBase"].bitfield_offset << std::endl;
std::cout << fields["DisableQuantum"].offset <<
fields["DisableQuantum"].bitfield_offset << std::endl;
}
{
// method 3
auto structs = pdb.get_struct({
{"_KPROCESS", {
"DirectoryTableBase",
"DisableQuantum"
}},
{"_KTHREAD", {
"Teb"
}}
});
std::cout << structs["_KTHREAD"]["Teb"].offset <<
structs["_KTHREAD"]["Teb"].bitfield_offset << std::endl;
}
////////////////////////////////////////////////////////////////////////
// query enum value
{
// method 1
auto value = pdb.get_enum("_POOL_TYPE", "PagedPool");
std::cout << value << std::endl;
}
{
// method 2
auto values = pdb.get_enum(
"_POOL_TYPE", std::set<std::string>{
"PagedPool",
"NonPagedPool"
}
);
std::cout << values["PagedPool"] << std::endl;
std::cout << values["NonPagedPool"] << std::endl;
}
{
// method 3
auto enums = pdb.get_enum({
{"_POOL_TYPE", {
"PagedPool",
"NonPagedPool"
}},
{"_EX_POOL_PRIORITY", {
"NormalPoolPriority"
}}
});
std::cout << enums["_POOL_TYPE"]["PagedPool"] << std::endl;
}
} catch (std::exception &e) {
std::cerr << e.what() << std::endl;
return 1;
}
return 0;
}