public byte[] GetMetaDataToken(MethodDef md)
{
return BitConverter.GetBytes(MethodDef.TOKEN_BIT << 24 | md.Index);
}
private static void performMemoryPatch(PEFile file, MethodDef def, int patternIndex, ProcessMemoryReader pmr,DllBaseNativeEvent ev)
{
IntPtr address =
Utils.VirtualAllocEx(ev.Process.UnsafeHandle, IntPtr.Zero,
(uint)Encoding.Unicode.GetBytes(FileManager.MergedPath).Length,
AllocationType.Reserve | AllocationType.Commit | AllocationType.TopDown, MemoryProtection.ReadWrite);
int fileAddress = address.ToInt32();
// set the location for our new filename string
int offset = ev.Module.BaseAddress.ToInt32() + def.GetByteOffset(file, patternIndex);
newCode[2] = getByte(fileAddress, 0);
newCode[3] = getByte(fileAddress, 1);
newCode[4] = getByte(fileAddress, 2);
newCode[5] = getByte(fileAddress, 3);
int writtenBytes;
pmr.WriteProcessMemory(new IntPtr(offset), newCode, out writtenBytes);
// write the new filename string
pmr.WriteProcessMemory(new IntPtr(fileAddress), Encoding.Unicode.GetBytes(FileManager.MergedPath), out writtenBytes);
}
private static int findPatternIndex(MethodDef def, byte[] pattern)
{
for (int i = 0; i < def.Method.Code.Length; i++)
{
bool found = true;
for (int j = 0; j < pattern.Length; j++)
{
if (def.Method.Code[i + j] != pattern[j] && pattern[j] != 255)
{
found = false;
break;
}
}
if (found)
{
return i;
}
}
return -1;
}
private static void performDiskPatch(PEFile file, MethodDef def, int patternIndex, int fileAddress)
{
CopyIfNecessary();
// read the int, shift off the table number
int fieldNum =
BitConverter.ToInt32(def.Method.Code, patternIndex + 6)
<< 8 >> 8;
using (FileStream sw = new FileStream(LOADED_FILE, FileMode.Open, FileAccess.Write, FileShare.Read))
{
// change the push 1 to a push 0
int RVA = def.GetByteOffset(file, patternIndex) + 10;
byte[] data = new byte[] { 0x16 };
sw.Position = file.FindSectionForRVA(RVA).CalculateFileOffset(RVA);
sw.Write(data, 0, data.Length);
// write the new location to the metadata folder
data = new byte[] { getByte(fileAddress, 0), getByte(fileAddress, 1), getByte(fileAddress, 2), getByte(fileAddress, 3) };
FieldDef fd = file.GetField(fieldNum);
RVA =
file.FindSectionForFileOffset((int)fd.MetaDataFileLocation)
.CalculateRVA((int)fd.MetaDataFileLocation);
sw.Position = file.FindSectionForRVA(RVA).CalculateFileOffset(RVA);
sw.Write(data, 0, data.Length);
// write the string to an empty file location
RVA = fileAddress;
data = Encoding.Unicode.GetBytes(FileManager.MergedPath);
sw.Position = file.FindSectionForRVA(RVA).CalculateFileOffset(RVA);
sw.Write(data, 0, data.Length);
}
}
