Add files via upload

Author: LuSlower

MemDrain/MemDrain.cpp

@@ -1,4 +1,4 @@
-#include "HelpMem.h"
+#include "MemDrain.h"
 
 // Definir una estructura para asociar opciones con funciones
 typedef struct {
@@ -8,14 +8,14 @@ typedef struct {
 
 // Funciones para cada accion
 void help_action(int argc, char* argv[]) {
-    printf("uso: md.exe <Argument> <Parameter>\n");
-    printf("\n  -ws <IM> <-r>           | Drain WorkingSet");
-    printf("\n  -sws                    | Drain SystemWorkingSet");
-    printf("\n  -mpl                    | Drain ModifiedPageList");
-    printf("\n  -mcl                    | Drain CombineMemoryList");
-    printf("\n  -sl <0>                 | Drain StanbyList (and low priority)");
-    printf("\n  -rh                     | Drain Registry Hives");
-    printf("\n  -all                    | Drain All");
+    printf("use: md.exe <Argument> <Parameter>\n");
+    printf("\n  -ws <IM> <-r>   |   Drain WorkingSet");
+    printf("\n  -sws            |   Drain SystemWorkingSet");
+    printf("\n  -mpl            |   Drain ModifiedPageList");
+    printf("\n  -mcl            |   Drain CombineMemoryList");
+    printf("\n  -sl <0>         |   Drain StanbyList (and low priority)");
+    printf("\n  -rh             |   Drain Registry Hives");
+    printf("\n  -all            |   Drain All");
 
 }
 void working_set_action(int argc, char* argv[]){
@@ -169,6 +169,9 @@ void all_action(int argc, char* argv[]){
     sl0 = MemoryPurgeLowPriorityStandbyList;
     NtSetSystemInformation(SystemMemoryListInformation, &sl0, sizeof(sl0));
 
+    // Vaciar colmenas (hives) de registro
+    NtSetSystemInformation (SystemRegistryReconciliationInformation, NULL, 0);
+
     printf("Sucess");
     return;
 

MemDrain/MemDrain.h

@@ -0,0 +1,153 @@
+#pragma once
+#include <windows.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <cstdlib>
+#include <psapi.h>
+#include <tlhelp32.h>
+#include <winternl.h>
+
+typedef struct _MEMORY_COMBINE_INFORMATION_EX {
+    HANDLE Handle;
+    ULONG_PTR PagesCombined;
+    ULONG Flags;
+} MEMORY_COMBINE_INFORMATION_EX, *PMEMORY_COMBINE_INFORMATION_EX;
+
+typedef struct _SYSTEM_FILECACHE_INFORMATION {
+    SIZE_T CurrentSize;
+    SIZE_T PeakSize;
+    ULONG PageFaultCount;
+    SIZE_T MinimumWorkingSet;
+    SIZE_T MaximumWorkingSet;
+    SIZE_T CurrentSizeIncludingTransitionInPages;
+    SIZE_T PeakSizeIncludingTransitionInPages;
+    ULONG TransitionRePurposeCount;
+    ULONG Flags;
+} SYSTEM_FILECACHE_INFORMATION, *PSYSTEM_FILECACHE_INFORMATION;
+
+typedef enum _SYSTEM_MEMORY_LIST_COMMAND {
+	MemoryCaptureAccessedBits,
+	MemoryCaptureAndResetAccessedBits,
+	MemoryEmptyWorkingSets,
+	MemoryFlushModifiedList,
+	MemoryPurgeStandbyList,
+	MemoryPurgeLowPriorityStandbyList,
+	MemoryCommandMax
+} SYSTEM_MEMORY_LIST_COMMAND;
+
+
+// definicion de SYSTEM_INFORMATION_CLASS
+typedef enum _SYSTEM_INFORMATION_CLASS_MOD {
+    SystemCombinePhysicalMemoryInformation = 130,
+    SystemFileCacheInformationEx = 81,
+    SystemMemoryListInformation = 80,
+    SystemRegistryReconciliationInformation = 155,
+} SYSTEM_INFORMATION_CLASS_MOD;
+
+extern "C"{
+typedef NTSTATUS LONG;
+// Definir funciones internas
+NTSYSAPI
+NTSTATUS
+NTAPI
+NtSetSystemInformation(
+    IN SYSTEM_INFORMATION_CLASS_MOD SystemInformationClass,
+    IN PVOID SystemInformation,
+    IN ULONG SystemInformationLength
+);
+}
+
+DWORD GetChildProcesses(DWORD ParentPID, DWORD* ChildPIDs) {
+    HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
+    if (hSnapshot == INVALID_HANDLE_VALUE) {
+        printf("Error al crear un snapshot de procesos");
+        return 0;
+    }
+
+    PROCESSENTRY32 pe32;
+    pe32.dwSize = sizeof(PROCESSENTRY32);
+
+    DWORD NumProcesses = 0;
+
+    if (Process32First(hSnapshot, &pe32)) {
+        do {
+            if (pe32.th32ParentProcessID == ParentPID) {
+                if (NumProcesses < 64) {
+                    ChildPIDs[NumProcesses++] = pe32.th32ProcessID;
+                } else {
+                    printf("Se alcanzó el límite máximo de procesos hijos");
+                    break;
+                }
+            }
+        } while (Process32Next(hSnapshot, &pe32));
+    }
+
+    CloseHandle(hSnapshot);
+    return NumProcesses;
+}
+
+DWORD GetPID(const char* processName) {
+    HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
+    if (snapshot == INVALID_HANDLE_VALUE) {
+        printf("Error al crear un snapshot de procesos");
+        return 0;
+    }
+
+    PROCESSENTRY32 entry;
+    entry.dwSize = sizeof(PROCESSENTRY32);
+    if (!Process32First(snapshot, &entry)) {
+        CloseHandle(snapshot);
+        printf("Error al obtener la primera entrada de proceso");
+        return 0;
+    }
+
+    DWORD processId = 0;
+    do {
+        if (strcmp(entry.szExeFile, processName) == 0) {
+            processId = entry.th32ProcessID;
+            break;
+        }
+    } while (Process32Next(snapshot, &entry));
+
+    CloseHandle(snapshot);
+    return processId;
+}
+
+bool EnablePrivilege(DWORD processId, LPCSTR privilegeName, HANDLE hProcess = NULL) {
+
+    TOKEN_PRIVILEGES tp;
+    tp.PrivilegeCount = 1;
+    tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
+    if (!LookupPrivilegeValue(NULL, privilegeName, &tp.Privileges[0].Luid)) {
+        printf("Error al buscar el valor del privilegio ");
+        return false;
+    }
+
+    if (!hProcess) {
+        hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processId);
+        // comprobar por ultima vez
+        if (!hProcess){
+        printf("Error al abrir el token del proceso");
+        return false;
+        }
+    }
+
+    HANDLE hToken;
+    if (!OpenProcessToken(hProcess, TOKEN_ALL_ACCESS, &hToken)) {
+        printf("Error al abrir el token del proceso");
+        CloseHandle(hProcess);
+        return false;
+    }
+
+    if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL)) {
+        printf("Error al ajustar los privilegios del token");
+        CloseHandle(hToken);
+        CloseHandle(hProcess);
+        return false;
+    }
+
+    CloseHandle(hToken);
+    CloseHandle(hProcess);
+    return true;
+}
+

MemDrain/MemDrain.layout

@@ -2,14 +2,14 @@
 <CodeBlocks_layout_file>
 	<FileVersion major="1" minor="0" />
 	<ActiveTarget name="Release" />
-	<File name="HelpMem.h" open="1" top="0" tabpos="2" split="0" active="1" splitpos="0" zoom_1="0" zoom_2="0">
+	<File name="HelpMem.h" open="0" top="0" tabpos="2" split="0" active="1" splitpos="0" zoom_1="0" zoom_2="0">
 		<Cursor>
-			<Cursor1 position="359" topLine="18" />
+			<Cursor1 position="1342" topLine="41" />
 		</Cursor>
 	</File>
 	<File name="MemDrain.cpp" open="1" top="1" tabpos="1" split="0" active="1" splitpos="0" zoom_1="0" zoom_2="0">
 		<Cursor>
-			<Cursor1 position="4522" topLine="104" />
+			<Cursor1 position="742" topLine="0" />
 		</Cursor>
 	</File>
 </CodeBlocks_layout_file>

MemDrain/MemDrain.rc

@@ -9,11 +9,9 @@ BEGIN
             VALUE "CompanyName", "LuSlower Software"
             VALUE "FileDescription", "MemDrain"
             VALUE "FileVersion", "0.0.0.0"
-            VALUE "InternalName", "MemDrain"
             VALUE "LegalCopyright", "Copyright � LuSlower"
-            VALUE "OriginalFilename", "md.exe"
-            VALUE "ProductName", "MemDrain"
             VALUE "ProductVersion", "0.0.0.0"
+            VALUE "ProductName", "MemDrain"
         }
     }
     BLOCK "VarFileInfo"