1. Skin36
  2. DwarfTherapistPY

Commits

Skin36  committed b798192

compil ui files

  • Participants
  • Parent commits 2731c85
  • Branches default

Comments (0)

Files changed (30)

File dfinstancewinddows.py

View file
  • Ignore whitespace
 
 from ctypes import *
 from ctypes.wintypes import *
-from win_structs import *
+from inc.win_structs import *
 # from PyQt4 import QtGui, QtCore
-from truncatingfilelogger import logger
-from utils import *
+from inc.truncatingfilelogger import logger
+from inc.utils import *
+from inc.dfinstance import read_byte
+
 
 PROCESS_QUERY_INFORMATION=0x0400
 PROCESS_VM_READ = 0x0010
         CloseHandle(m_proc)
     return
 
-def calculate_checksum():
-    # logger.debug('Target EXE was compiled at %s',compile_timestamp.toString(Qt.ISODate))
-    pass 
+def calculate_checksum(m_base_addr):
+    expect_M = read_byte(m_base_addr)
+    expect_Z = read_byte(m_base_addr + 1)
+    print(expect_M)
+    print(expect_Z)
+    if expect_M != 'M' or expect_Z != 'Z':
+        logger.warning('invalid executable')
+
+    pe_header = m_base_addr + read_int(m_base_addr + 30 * 2)
+    expect_P = read_byte(pe_header)
+    expect_E = read_byte(pe_header + 1)
+    print(expect_P)
+    print(expect_E)
+    if expect_P != 'P' or expect_E != 'E':
+        logger.warning('PE header invalid')
+    
+
+#    timestamp = read_addr(pe_header + 4 + 2 * 2);
+#    QDateTime compile_timestamp = QDateTime::fromTime_t(timestamp);
+#     LOGD << "Target EXE was compiled at " <<
+#             compile_timestamp.toString(Qt::ISODate);
+#     logger.debug('Target EXE was compiled at %s',compile_timestamp.toString(Qt.ISODate))
+#     return timestamp
+    
+    
+
 
 def enumerate_vector(addr):
     logger.trace ("beginning vector enumeration at %s" ,hex(addr))
 #   QVector<VIRTADDR> addresses;
-#   VIRTADDR start = read_addr(addr + 4);
+    start = read_addr(addr + 4)
     logger.trace ("start of vector %s" ,hex(start))
-#   VIRTADDR end = read_addr(addr + 8);
+    end = read_addr(addr + 8)
     logger.trace ("end of vector %s" ,hex(end))
 
-#   int entries = (end - start) / sizeof(VIRTADDR);
+    entries = (end - start) / sizeof(VIRTADDR)
     logger.trace ("there appears to be %s entries in this vector", entries)
 
     logger.warning("vector at %s has over 5000 entries! (%s)", hex(addr),entries)
 
+
     logger.trace ("FOUND %s addresses in vector at %s", addresses.size(),hex(addr))
     pass 
 
 def write_int(addr,val):
     pass
    
-def read_raw(addr,bytes, buffer):
-    pass
+def read_raw(addr, bytes,buffer):
+    bytes_read = c_ulong(0)
+    pid = 6104
+    processHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
+    ReadProcessMemory(processHandle, addr,byref(buffer),
+    sizeof(BYTE) * bytes, byref(bytes_read))
+    return buffer.value
   
 def write_raw(addr,bytes, buffer):
     pass
 
 
-def find_running_copy():
+def find_running_copy(connect_anyway=1):
     m_is_ok = False
     logger.debug('attempting to find running copy of DF by window handle')
-    #получаем дискриптор окна    
     hwnd = FindWindow(None, b"Dwarf Fortress")
     if hwnd==0:
         hwnd = FindWindow(b"SDL_app", b"Dwarf Fortress")
     if pid==0:
         return m_is_ok
     logger.debug("PID of process is: %s", pid)
-    m_pid = pid
-#    m_hwnd = hwnd
 
-    m_proc = OpenProcess(PROCESS_QUERY_INFORMATION| PROCESS_VM_READ| PROCESS_VM_OPERATION| PROCESS_VM_WRITE, False, m_pid)   
-    logger.debug("PROC HANDLE: %s", hex(m_proc)) 
+    m_proc = OpenProcess(PROCESS_QUERY_INFORMATION| PROCESS_VM_READ| PROCESS_VM_OPERATION| PROCESS_VM_WRITE, False, pid)
+    logger.debug("PROC HANDLE: %s", hex(m_proc))
     if m_proc==0:
        logger.error("Error opening process! %s", GetLastError())
     
         QtGui.QMessageBox(QtGui.QMessageBox.Critical,
         connection_error, "PEB address came back as 0",
         buttons = QtGui.QMessageBox.Ok)
+        logger.critical("PEB address came back as 0")
 
     else:
         peb=PEB()
         bytes=c_ulong(0)
         if ReadProcessMemory(m_proc, peb_addr,byref(peb), sizeof(peb), byref(bytes)):
             logger.debug("read %s bytes BASE ADDR is at: %s",bytes.value,hex(peb.ImageBaseAddress))
-            m_base_addr = peb.ImageBaseAddress
+            m_base_addr = c_int(peb.ImageBaseAddress).value
             m_is_ok = True
-            CloseHandle(m_proc)
         else:
 #            QtGui.QMessageBox(QtGui.QMessageBox.Critical,
 #            connection_error, "unable to read remote PEB!", GetLastError(),
 #            buttons = QtGui.QMessageBox.Ok)
 #            logger.critical("unable to read remote PEB!",GetLastError())
-            m_is_ok = False
+             m_is_ok = False
+    if m_is_ok:
+        # m_layout = get_memory_layout(hexify(calculate_checksum()).toLower(), !connect_anyway)
+        pass
+    if m_is_ok==False:
+        if connect_anyway:
+            m_is_ok = True
+        else:
+             # time to bail
+            return m_is_ok
 
+
+
+    m_memory_correction = m_base_addr - 4194304
     logger.debug("base address: %s", hex(m_base_addr))
-#    logger.debug("memory correction: %s", hex(m_memory_correction))
+    logger.debug("memory correction: %s", hex(m_memory_correction))
+
+    # map_virtual_memory()
 
 #    logger.debug("GetModuleFileNameEx returned: %s", exe_path)
 #    logger.info("Dwarf fortress path: %s", m_df_dir.absolutePath())
 
     m_is_ok = True
-    return m_is_ok
+    return [m_is_ok, pid, m_proc, m_base_addr]
 
 
 
 
 
 
-find_running_copy()
+[m_is_ok, m_pid, m_proc, m_base_addr]=find_running_copy()
+calculate_checksum(m_base_addr)
 
 
 def map_virtual_memory():
     return true
 
 
-#hwnd = FindWindow("SDL_app", "Dwarf Fortress")
-#    if not hwnd:
-#        hwnd = FindWindow(NULL, "Dwarf Fortress")
-#    if not hwnd:
-#        QMessageBox::warning(0, tr("Warning"),
-#            tr("Unable to locate a running copy of Dwarf "
-#            "Fortress, are you sure it's running?"))
-#        print("can't find running copy")
-#    return threadID
 
-#print (ReadProcessMemory(h, peb_addr, buf, size, ctypes.byref(gotBytes)))
 
 
 
 
 
 
+#Первые 2 байта PE файла содержат сигнатуру 0x4D 0x5A - "MZ" (как наследник MZ формата).
+#Далее, двойное слово по смещению 0x3C содержит адрес PE заголовка. Последний начинается с сигнатуры 0x50 0x45 - "PE"
 
 
 
 
 
 
-

File dwarftherapist.py

View file
  • Ignore whitespace
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 """
+
+from PyQt4 import QtGui, QtCore
+from ui import Ui_Main_window
+#from PyQt5.QtGui import QApplication
+from PyQt5.QtGui import QMainWindow
+
+
+
+
+#
+# MAIN FUNCTION
+# The program starts here
+#
+if __name__ == "__main__":
+    import sys
+    app = QtGui.QApplication(sys.argv)
+    Main_window = QtGui.QMainWindow()
+    ui = Ui_Main_window()
+    ui.setupUi(Main_window)
+    Main_window.show()
+    sys.exit(app.exec_())