clean.bat

Author: TinySec

bin/js.exe

@@ -564,15 +564,6 @@ function system_handleInfomation()
 		sizeof_SYSTEM_HANDLE_TABLE_ENTRY_INFO = 0x10;
 	}
 
-	if ( 'x64' == process.arch )
-	{
-		entryBaseOffset = 8;
-	}
-	else
-	{
-		entryBaseOffset = 4;
-	}
-	
 	NumberOfHandles = lpBuffer.readUInt32LE( 0 );
 
 	for ( entryIndex = 0; entryIndex < NumberOfHandles; entryIndex++ )
@@ -598,25 +589,200 @@ function system_handleInfomation()
 
 		stHandleNode.HandleValue =  lpBuffer.readUInt16LE( entryBaseOffset + offset_SYSTEM_HANDLE_TABLE_ENTRY_INFO_HandleValue );
 
+		stHandleNode.ObjectAddress =  lpBuffer.readULONG_PTR( entryBaseOffset + offset_SYSTEM_HANDLE_TABLE_ENTRY_INFO_Object );
+
+		stHandleNode.GrantedAccess =  lpBuffer.readUInt32LE( entryBaseOffset + offset_SYSTEM_HANDLE_TABLE_ENTRY_INFO_GrantedAccess );
+			
+
+		// push node 
+		handleArray.push( stHandleNode ); 
+	}
+	
+	if ( lpBuffer )
+	{
+		lpBuffer.free();
+		lpBuffer = null;
+	}
+
+	return handleArray;
+}
+exports.handleInfomation = system_handleInfomation;
+
+
+function fix_module_path(  arg_src_path )
+{
+    if ( 0 == arg_src_path.length )
+    {
+        return arg_src_path;
+    }
+
+    var windows_folder = process.env["SystemRoot"];
+
+    var windows_folder_lower = windows_folder.toLowerCase();
+  
+    var src_path = arg_src_path.replace(/\//g , "\\\\");
+    var src_path_lower = src_path.toLowerCase();
+    var dest_path = '';
+
+    if ( 0 == src_path_lower.indexOf( '\\systemroot\\') )
+    {
+        dest_path = windows_folder + src_path.substring( 11 , src_path.length );
+    }
+    else if ( 0 == src_path_lower.indexOf( '\\??\\') )
+    {
+        dest_path = src_path.substring( 4 , src_path.length );
+    }
+    else if ( 0 == src_path_lower.indexOf( '\\\\?\\') )
+    {
+        dest_path = src_path.substring( 4 , src_path.length );
+    }
+    else if ( 0 == src_path_lower.indexOf( '\\windows\\') )
+    {
+        dest_path = windows_folder + src_path.substring( 8 , src_path.length );
+    }
+    else if ( 0 == src_path_lower.indexOf( '\\program files\\') )
+    {
+        dest_path = process.env["SystemDrive"] + src_path;
+    }
+    else
+    {
+        dest_path = src_path;
+    }
+   
+    return dest_path;
+}
+
+function system_moduleInformation()
+{
+	var lpBuffer = null;
+	
+	var entryBaseOffset = 0;
+
+	var stModuleNode = {};
+	var moduleArray = [];
+	
+	var NumberOfModules = 0;
+	var entryIndex = 0;
+	
+	lpBuffer = helper_querySystemInfomation2( 11 , 1024 * 10 );
+	if ( !lpBuffer )
+	{
+		return moduleArray;
+	}
+	
+	// init offsets
+	var offset_RTL_PROCESS_MODULE_INFORMATION_Section = 0x00;
+		
+	var offset_RTL_PROCESS_MODULE_INFORMATION_MappedBase = 0x00;
+		
+	var offset_RTL_PROCESS_MODULE_INFORMATION_ImageBase = 0x00;
+		
+	var offset_RTL_PROCESS_MODULE_INFORMATION_ImageSize = 0x00;
+		
+	var offset_RTL_PROCESS_MODULE_INFORMATION_Flags = 0x00;
+		
+	var offset_RTL_PROCESS_MODULE_INFORMATION_LoadOrderIndex = 0x00;
+		
+	var offset_RTL_PROCESS_MODULE_INFORMATION_InitOrderIndex = 0x00;
+	
+	var offset_RTL_PROCESS_MODULE_INFORMATION_LoadCount = 0x00;
+	
+	var offset_RTL_PROCESS_MODULE_INFORMATION_OffsetToFileName = 0x00;
+	
+	var offset_RTL_PROCESS_MODULE_INFORMATION_FullPathName = 0x00;
+	
+	var sizeof_RTL_PROCESS_MODULE_INFORMATION = 0;
+
+	
+	if ( 'x64' == process.arch )
+	{
+		offset_RTL_PROCESS_MODULE_INFORMATION_Section = 0x00;
+		
+		offset_RTL_PROCESS_MODULE_INFORMATION_MappedBase = 0x08;
+		
+		offset_RTL_PROCESS_MODULE_INFORMATION_ImageBase = 0x10;
+		
+		offset_RTL_PROCESS_MODULE_INFORMATION_ImageSize = 0x18;
+		
+		offset_RTL_PROCESS_MODULE_INFORMATION_Flags = 0x1C;
+		
+		offset_RTL_PROCESS_MODULE_INFORMATION_LoadOrderIndex = 0x20;
+		
+		offset_RTL_PROCESS_MODULE_INFORMATION_InitOrderIndex = 0x22;
+		
+		offset_RTL_PROCESS_MODULE_INFORMATION_LoadCount= 0x24;
+		
+		offset_RTL_PROCESS_MODULE_INFORMATION_OffsetToFileName = 0x26;
+		
+		offset_RTL_PROCESS_MODULE_INFORMATION_FullPathName = 0x28;
+		
+		sizeof_RTL_PROCESS_MODULE_INFORMATION = 0x128;
+	}
+	else
+	{
+		offset_RTL_PROCESS_MODULE_INFORMATION_Section = 0x00;
+		
+		offset_RTL_PROCESS_MODULE_INFORMATION_MappedBase = 0x04;
+		
+		offset_RTL_PROCESS_MODULE_INFORMATION_ImageBase = 0x08;
+		
+		offset_RTL_PROCESS_MODULE_INFORMATION_ImageSize = 0x0C;
+		
+		offset_RTL_PROCESS_MODULE_INFORMATION_Flags = 0x10;
+		
+		offset_RTL_PROCESS_MODULE_INFORMATION_LoadOrderIndex = 0x14;
+		
+		offset_RTL_PROCESS_MODULE_INFORMATION_InitOrderIndex = 0x16;
+		
+		offset_RTL_PROCESS_MODULE_INFORMATION_LoadCount= 0x18;
+		
+		offset_RTL_PROCESS_MODULE_INFORMATION_OffsetToFileName = 0x1A;
+		
+		offset_RTL_PROCESS_MODULE_INFORMATION_FullPathName = 0x1C;
+		
+		sizeof_RTL_PROCESS_MODULE_INFORMATION = 0x11C;
+	}
+	
+
+	NumberOfModules = lpBuffer.readUInt32LE( 0 );
+		
+	for ( entryIndex = 0; entryIndex < NumberOfModules; entryIndex++ )
+	{
 		if ( 'x64' == process.arch )
 		{
-			stHandleNode.ObjectAddress =  lpBuffer.readUInt64LE( entryBaseOffset + offset_SYSTEM_HANDLE_TABLE_ENTRY_INFO_Object );
+			entryBaseOffset = 8 + entryIndex * sizeof_RTL_PROCESS_MODULE_INFORMATION;
 		}
 		else
 		{
-			stHandleNode.ObjectAddress =  Number64( lpBuffer.readUInt32LE( entryBaseOffset + offset_SYSTEM_HANDLE_TABLE_ENTRY_INFO_Object ) );
+			entryBaseOffset = 4 + entryIndex * sizeof_RTL_PROCESS_MODULE_INFORMATION;
 		}
+		
+		stModuleNode = {};
+		
+		//stModuleNode.Section =  lpBuffer.readULONG_PTR( entryBaseOffset + offset_RTL_PROCESS_MODULE_INFORMATION_Section );
+	
+		//stModuleNode.MappedBase =  lpBuffer.readULONG_PTR( entryBaseOffset + offset_RTL_PROCESS_MODULE_INFORMATION_MappedBase );
 
-		stHandleNode.GrantedAccess =  lpBuffer.readUInt32LE( entryBaseOffset + offset_SYSTEM_HANDLE_TABLE_ENTRY_INFO_GrantedAccess );
+		stModuleNode.ImageBase =  lpBuffer.readULONG_PTR( entryBaseOffset + offset_RTL_PROCESS_MODULE_INFORMATION_ImageBase );
 
-
-		// push node 
-		handleArray.push( stHandleNode ); 
+		stModuleNode.ImageSize =  lpBuffer.readUInt32LE( entryBaseOffset + offset_RTL_PROCESS_MODULE_INFORMATION_ImageSize );
+			
+		stModuleNode.Flags =  lpBuffer.readUInt32LE( entryBaseOffset + offset_RTL_PROCESS_MODULE_INFORMATION_Flags );
 
-		if ( entryIndex > 10 )
-		{
-			break;
-		}
+		stModuleNode.LoadOrderIndex =  lpBuffer.readUInt16LE( entryBaseOffset + offset_RTL_PROCESS_MODULE_INFORMATION_LoadOrderIndex );
+		
+		//stModuleNode.InitOrderIndex =  lpBuffer.readUInt16LE( entryBaseOffset + offset_RTL_PROCESS_MODULE_INFORMATION_InitOrderIndex );
+		
+		stModuleNode.LoadCount =  lpBuffer.readUInt16LE( entryBaseOffset + offset_RTL_PROCESS_MODULE_INFORMATION_LoadCount );
+		
+		//stModuleNode.OffsetToFileName =  lpBuffer.readUInt16LE( entryBaseOffset + offset_RTL_PROCESS_MODULE_INFORMATION_OffsetToFileName );
+		
+		stModuleNode.FullPathName =  lpBuffer.toString( 'ascii' , entryBaseOffset + offset_RTL_PROCESS_MODULE_INFORMATION_FullPathName , entryBaseOffset + offset_RTL_PROCESS_MODULE_INFORMATION_FullPathName + 256 );
+		
+		stModuleNode.FullPathName = fix_module_path( stModuleNode.FullPathName );
+		
+		// push node 
+		moduleArray.push( stModuleNode ); 
 	}
 
 	if ( lpBuffer )
@@ -625,15 +791,16 @@ function system_handleInfomation()
 		lpBuffer = null;
 	}
 
-	return handleArray;
+	return moduleArray;
 }
-exports.handleInfomation = system_handleInfomation;
+exports.system_moduleInformation = system_moduleInformation;
+
+
 
 function main(  )
 {
 
-	printf( system_handleInfomation() );
-	
+
 	return 0;
 }
 

bin/js64.exe

@@ -0,0 +1,50 @@
+
+for /r . %%c in (.) do @if exist "%%c\objchk_wxp_x86" rd /S /Q "%%c\objchk_wxp_x86"
+for /r . %%c in (.) do @if exist "%%c\objfre_wxp_x86" rd /S /Q "%%c\objfre_wxp_x86"
+
+for /r . %%c in (.) do @if exist "%%c\objchk_win7_amd64" rd /S /Q "%%c\objchk_win7_amd64"
+for /r . %%c in (.) do @if exist "%%c\objfre_win7_amd64" rd /S /Q "%%c\objfre_win7_amd64"
+
+for /r . %%c in (.) do @if exist "%%c\objchk_win7_x86" rd /S /Q "%%c\objchk_win7_x86"
+for /r . %%c in (.) do @if exist "%%c\objfre_win7_x86" rd /S /Q "%%c\objfre_win7_x86"
+
+
+for /r . %%c in (.) do @if exist "%%c\Release" rd /S /Q "%%c\Release"
+for /r . %%c in (.) do @if exist "%%c\Debug" rd /S /Q "%%c\Debug"
+
+::Remove files
+for /r . %%c in (*.wrn *.err *.aps *.bsc *.clw *.dsw *.ilk *.mac *.ncb *.obj *.opt *.plg *.positions *.suo *.user *.WW) do del /f /q "%%c"
+
+
+del /s /q /A *.suo
+
+
+
+del /s /q /A buildchk_win7_x86.log
+del /s /q /A buildfre_win7_x86.log
+del /s /q /A buildfre_wxp_x86.log
+del /s /q /A buildchk_wxp_x86.log
+del /s /q /A buildfre_win7_amd64.log
+del /s /q /A buildchk_win7_amd64.log
+
+
+del /s /q /A PREfast_defects_chk_win7_AMD64Sum.txt
+del /s /q /A PREfast_defects_fre_win7_AMD64Sum.txt
+
+
+del /s /q /A PREfast_defects_chk_win7_x86Sum.txt
+del /s /q /A PREfast_defects_fre_win7_x86Sum.txt
+
+
+del /s /q /A PREfast_defects_chk_win7_AMD64.xml
+del /s /q /A PREfast_defects_fre_win7_AMD64.xml
+
+del /s /q /A PREfast_defects_chk_win7_x86.xml
+del /s /q /A PREfast_defects_fre_win7_x86.xml
+
+del /s /q /A prefastchk_win7_AMD64.log
+del /s /q /A prefastfre_win7_AMD64.log
+
+del /s /q /A prefastchk_win7_x86.log
+del /s /q /A prefastfre_win7_x86.log
+

bin/jsida.p64

@@ -777,7 +777,7 @@ Buffer.prototype.readInt64BE = function (offset)
     }
     assert(_.isUndefined(offset) || _.isNumber(offset));
 
-    return LONG64(process.reserved.bindings.buffer_readInt64BE(this.address, offset || 0));
+    return Number64(process.reserved.bindings.buffer_readInt64BE(this.address, offset || 0));
 }
 
 Buffer.prototype.readInt64LE = function (offset) 
@@ -787,7 +787,7 @@ Buffer.prototype.readInt64LE = function (offset)
     }
 
     assert(_.isUndefined(offset) || _.isNumber(offset));
-    return LONG64(process.reserved.bindings.buffer_readInt64LE(this.address, offset || 0));
+    return Number64(process.reserved.bindings.buffer_readInt64LE(this.address, offset || 0));
 }
 
 Buffer.prototype.readUInt64BE = function (offset) 
@@ -1175,7 +1175,7 @@ Buffer.prototype.writeInt64BE = function (value, offset)
 
     assert((_.isUndefined(offset) || _.isNumber(offset)), "invalid offset");
 
-    process.reserved.bindings.buffer_writeInt64BE(this.address, offset || 0, LONG64(value));
+    process.reserved.bindings.buffer_writeInt64BE(this.address, offset || 0, Number64(value));
 
     return this;
 }
@@ -1189,7 +1189,7 @@ Buffer.prototype.writeInt64LE = function (value, offset)
 
     assert((_.isUndefined(offset) || _.isNumber(offset)), "invalid offset");
 
-    process.reserved.bindings.buffer_writeInt64LE(this.address, offset || 0, LONG64(value));
+    process.reserved.bindings.buffer_writeInt64LE(this.address, offset || 0, Number64(value));
 
     return this;
 }
@@ -1313,6 +1313,24 @@ process.reserved.dumpBufferLeaks = function dumpBufferLeaks()
 }
 
 
+Buffer.prototype.readULONG_PTR = function (offset) 
+{
+    if (!this.isValid()) 
+	{
+        throw new Error("try to operate with invalid buffer");
+    }
+
+    assert(_.isUndefined(offset) || _.isNumber(offset));
+	
+	if ( 'x64' == process.arch )
+	{
+		return process.reserved.bindings.buffer_readUInt64LE(this.address, offset || 0);
+	}
+	else
+	{
+		return Number64( process.reserved.bindings.buffer_readUInt32LE(this.address, offset || 0) );
+	}
+}
 
 
 //------------------------------------

bin/jsida.plw

@@ -496,13 +496,13 @@ function writeInt64LE( arg_address , arg_offset  , arg_value )
 	{
 		address = Number64( arguments[0] );
 		offset = 0;
-		value = LONG64( arguments[1] );
+		value = Number64( arguments[1] );
 	}
 	else if ( 3 == arguments.length )
 	{
 		address = Number64( arguments[0] );
 		offset = Number64( arguments[1] );
-		value = LONG64( arguments[2] );
+		value = Number64( arguments[2] );
 	}
 
 	return process.reserved.bindings.host_writeInt64LE( address , offset , value );
@@ -521,13 +521,13 @@ function writeInt64BE( arg_address , arg_offset  , arg_value )
 	{
 		address = Number64( arguments[0] );
 		offset = 0;
-		value = LONG64( arguments[1] );
+		value = Number64( arguments[1] );
 	}
 	else if ( 3 == arguments.length )
 	{
 		address = Number64( arguments[0] );
 		offset = Number64( arguments[1] );
-		value = LONG64( arguments[2] );
+		value = Number64( arguments[2] );
 	}
 
 	return process.reserved.bindings.host_writeInt64BE( address , offset , value );