Process Hacker
memprot.c
Go to the documentation of this file.
1 /*
2  * Process Hacker -
3  * memory protection window
4  *
5  * Copyright (C) 2010 wj32
6  *
7  * This file is part of Process Hacker.
8  *
9  * Process Hacker is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation, either version 3 of the License, or
12  * (at your option) any later version.
13  *
14  * Process Hacker is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with Process Hacker. If not, see <http://www.gnu.org/licenses/>.
21  */
22 
23 #include <phapp.h>
24 #include <windowsx.h>
25 
26 typedef struct _MEMORY_PROTECT_CONTEXT
27 {
28  PPH_PROCESS_ITEM ProcessItem;
29  PPH_MEMORY_ITEM MemoryItem;
30 } MEMORY_PROTECT_CONTEXT, *PMEMORY_PROTECT_CONTEXT;
31 
32 INT_PTR CALLBACK PhpMemoryProtectDlgProc(
33  _In_ HWND hwndDlg,
34  _In_ UINT uMsg,
35  _In_ WPARAM wParam,
36  _In_ LPARAM lParam
37  );
38 
39 VOID PhShowMemoryProtectDialog(
40  _In_ HWND ParentWindowHandle,
41  _In_ PPH_PROCESS_ITEM ProcessItem,
42  _In_ PPH_MEMORY_ITEM MemoryItem
43  )
44 {
45  MEMORY_PROTECT_CONTEXT context;
46 
47  context.ProcessItem = ProcessItem;
48  context.MemoryItem = MemoryItem;
49 
50  DialogBoxParam(
51  PhInstanceHandle,
52  MAKEINTRESOURCE(IDD_MEMPROTECT),
53  ParentWindowHandle,
54  PhpMemoryProtectDlgProc,
55  (LPARAM)&context
56  );
57 }
58 
59 static INT_PTR CALLBACK PhpMemoryProtectDlgProc(
60  _In_ HWND hwndDlg,
61  _In_ UINT uMsg,
62  _In_ WPARAM wParam,
63  _In_ LPARAM lParam
64  )
65 {
66  switch (uMsg)
67  {
68  case WM_INITDIALOG:
69  {
70  SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)lParam);
71 
72  SetDlgItemText(hwndDlg, IDC_INTRO,
73  L"Possible values:\r\n"
74  L"\r\n"
75  L"0x01 - PAGE_NOACCESS\r\n"
76  L"0x02 - PAGE_READONLY\r\n"
77  L"0x04 - PAGE_READWRITE\r\n"
78  L"0x08 - PAGE_WRITECOPY\r\n"
79  L"0x10 - PAGE_EXECUTE\r\n"
80  L"0x20 - PAGE_EXECUTE_READ\r\n"
81  L"0x40 - PAGE_EXECUTE_READWRITE\r\n"
82  L"0x80 - PAGE_EXECUTE_WRITECOPY\r\n"
83  L"Modifiers:\r\n"
84  L"0x100 - PAGE_GUARD\r\n"
85  L"0x200 - PAGE_NOCACHE\r\n"
86  L"0x400 - PAGE_WRITECOMBINE\r\n"
87  );
88 
89  SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)GetDlgItem(hwndDlg, IDC_VALUE), TRUE);
90  }
91  break;
92  case WM_DESTROY:
93  {
94  RemoveProp(hwndDlg, PhMakeContextAtom());
95  }
96  break;
97  case WM_COMMAND:
98  {
99  switch (LOWORD(wParam))
100  {
101  case IDCANCEL:
102  EndDialog(hwndDlg, IDCANCEL);
103  break;
104  case IDOK:
105  {
106  NTSTATUS status;
107  PMEMORY_PROTECT_CONTEXT context = (PMEMORY_PROTECT_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
108  HANDLE processHandle;
109  ULONG64 protect;
110 
111  PhStringToInteger64(&PhaGetDlgItemText(hwndDlg, IDC_VALUE)->sr, 0, &protect);
112 
113  if (NT_SUCCESS(status = PhOpenProcess(
114  &processHandle,
115  PROCESS_VM_OPERATION,
116  context->ProcessItem->ProcessId
117  )))
118  {
119  PVOID baseAddress;
120  SIZE_T regionSize;
121  ULONG oldProtect;
122 
123  baseAddress = context->MemoryItem->BaseAddress;
124  regionSize = context->MemoryItem->RegionSize;
125 
126  status = NtProtectVirtualMemory(
127  processHandle,
128  &baseAddress,
129  &regionSize,
130  (ULONG)protect,
131  &oldProtect
132  );
133 
134  if (NT_SUCCESS(status))
135  context->MemoryItem->Protect = (ULONG)protect;
136  }
137 
138  if (NT_SUCCESS(status))
139  {
140  EndDialog(hwndDlg, IDOK);
141  }
142  else
143  {
144  PhShowStatus(hwndDlg, L"Unable to change memory protection", status, 0);
145  SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)GetDlgItem(hwndDlg, IDC_VALUE), TRUE);
146  Edit_SetSel(GetDlgItem(hwndDlg, IDC_VALUE), 0, -1);
147  }
148  }
149  break;
150  }
151  }
152  break;
153  }
154 
155  return FALSE;
156 }