feat: WindowsAttachedProcess.kernel32Mode

Jire · Dec 21, 2020 · ffc0e36 · ffc0e36
1 parent eade2b5
commit ffc0e36
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/src/main/kotlin/org/jire/kna/attach/windows/WindowsAttachedProcess.kt b/src/main/kotlin/org/jire/kna/attach/windows/WindowsAttachedProcess.kt
@@ -4,23 +4,33 @@ import com.sun.jna.Memory
 import com.sun.jna.Pointer
 import com.sun.jna.platform.win32.WinNT
 import org.jire.kna.attach.AbstractAttachedProcess
+import org.jire.kna.nativelib.windows.Kernel32
 import org.jire.kna.nativelib.windows.NTDLL
 
 class WindowsAttachedProcess(val handle: WinNT.HANDLE) : AbstractAttachedProcess() {
 
+	@Volatile
+	var kernel32Mode = false
+
 	override val modules = WindowsAttachedModules()
 
 	// we need these separate so it doesn't override writes of size 8
 	private val readMemory = Memory(8)
 	private val writtenMemory = Memory(8)
 
 	override fun read(address: Pointer, data: Pointer, bytesToRead: Long): Boolean {
+		if (kernel32Mode) {
+			return Kernel32.ReadProcessMemory(handle.pointer, address, data, bytesToRead.toInt(), 0) > 0
+		}
 		NTDLL.NtReadVirtualMemory(handle.pointer, address, data, bytesToRead, readMemory)
 		val readBytes = readMemory.getLong(0)
 		return readBytes != 0L
 	}
 
 	override fun write(address: Pointer, data: Pointer, bytesToWrite: Long): Boolean {
+		if (kernel32Mode) {
+			return Kernel32.WriteProcessMemory(handle.pointer, address, data, bytesToWrite.toInt(), 0) > 0
+		}
 		NTDLL.NtWriteVirtualMemory(handle.pointer, address, data, bytesToWrite, writtenMemory)
 		val writtenBytes = writtenMemory.getLong(0)
 		return writtenBytes != 0L