noham/archived-Reclass
1
0
Fork 0
mirror of https://github.com/NohamR/Reclass.git synced 2026-05-10 19:59:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: kernel memory plugin + unified source menu + driver improvements

Browse Source 
- KernelMemory plugin: kernel-mode process/physical memory R/W via IOCTL driver
- rcxdrv.sys: MmCopyMemory for reads, MDL mapping with correct cache types
  (MmCached for RAM, MmNonCached for MMIO only — fixes cache corruption BSOD)
- Driver reconnect: ensureDriverLoaded tries device handle first, no auto
  stop+delete cycle. Manual unload closes handle only, service stays running.
- Unified source menu: ProviderRegistry::populateSourceMenu() shared by both
  main window Data Source menu and RcxEditor inline picker (icons + dll names)
- IProviderPlugin::populatePluginMenu() for conditional plugin actions
  (e.g. "Unload Kernel Driver" only when loaded)
- Physical memory mode removed from selectTarget (access via context menu only)
- requestOpenProviderTab sets base address from provider after template load
- Address parser: vtop(), cr3(), physRead() callbacks for kernel paging expressions
This commit is contained in:
IChooseYou
2026-03-13 14:46:22 -06:00
committed by IChooseYou
parent 7f7bbdcc45
commit b08736245b
22 changed files with 2671 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
CMakeLists.txt
View File

@@ -544,6 +544,17 @@ if(BUILD_TESTING)
target_link_libraries(test_windbg_provider PRIVATE
${QT}::Widgets ${QT}::Concurrent ${QT}::Test dbgeng ole32)
add_test(NAME test_windbg_provider COMMAND test_windbg_provider)
add_executable(test_kernel_provider tests/test_kernel_provider.cpp
plugins/KernelMemory/KernelMemoryPlugin.cpp
src/processpicker.cpp src/processpicker.ui
src/scanner.cpp)
target_include_directories(test_kernel_provider PRIVATE
src plugins/KernelMemory)
target_link_libraries(test_kernel_provider PRIVATE
${QT}::Widgets ${QT}::Concurrent ${QT}::Test
psapi shell32 advapi32 ${_QT_WINEXTRAS})
add_test(NAME test_kernel_provider COMMAND test_kernel_provider)
endif()
add_executable(bench_large_class tests/bench_large_class.cpp
@@ -587,6 +598,7 @@ if(NOT APPLE)
add_subdirectory(plugins/RemoteProcessMemory)
endif()
if(WIN32)
add_subdirectory(plugins/KernelMemory)
add_subdirectory(plugins/WinDbgMemory)
add_subdirectory(plugins/RcNetPluginCompatLayer)
endif()