コード例 #1
0
ファイル: PEFile.cs プロジェクト: nanrajred/cbloader 
 public byte[] GetMetaDataToken(MethodDef md)
 {
     return BitConverter.GetBytes(MethodDef.TOKEN_BIT << 24 | md.Index);
 }
コード例 #2
0
ファイル: ProcessManager.cs プロジェクト: nanrajred/cbloader 
 private static void performMemoryPatch(PEFile file, MethodDef def, int patternIndex, ProcessMemoryReader pmr,DllBaseNativeEvent ev)
 {
     IntPtr address =
         Utils.VirtualAllocEx(ev.Process.UnsafeHandle, IntPtr.Zero,
         (uint)Encoding.Unicode.GetBytes(FileManager.MergedPath).Length,
          AllocationType.Reserve | AllocationType.Commit | AllocationType.TopDown, MemoryProtection.ReadWrite);
     int fileAddress = address.ToInt32();
     // set the location for our new filename string
     int offset = ev.Module.BaseAddress.ToInt32() + def.GetByteOffset(file, patternIndex);
     newCode[2] = getByte(fileAddress, 0);
     newCode[3] = getByte(fileAddress, 1);
     newCode[4] = getByte(fileAddress, 2);
     newCode[5] = getByte(fileAddress, 3);
     int writtenBytes;
     pmr.WriteProcessMemory(new IntPtr(offset), newCode, out writtenBytes);
     // write the new filename string
     pmr.WriteProcessMemory(new IntPtr(fileAddress),  Encoding.Unicode.GetBytes(FileManager.MergedPath), out writtenBytes);
 }
コード例 #3
0
ファイル: ProcessManager.cs プロジェクト: nanrajred/cbloader 
 private static int findPatternIndex(MethodDef def, byte[] pattern)
 {
     for (int i = 0; i < def.Method.Code.Length; i++)
     {
         bool found = true;
         for (int j = 0; j < pattern.Length; j++)
         {
             if (def.Method.Code[i + j] != pattern[j] && pattern[j] != 255)
             {
                 found = false;
                 break;
             }
         }
         if (found)
         {
             return i;
         }
     }
     return -1;
 }
コード例 #4
0
ファイル: ProcessManager.cs プロジェクト: nanrajred/cbloader 
        private static void performDiskPatch(PEFile file, MethodDef def, int patternIndex, int fileAddress)
        {
            CopyIfNecessary();

            // read the int, shift off the table number
            int fieldNum =
                  BitConverter.ToInt32(def.Method.Code, patternIndex + 6)
                  << 8 >> 8;
            using (FileStream sw = new FileStream(LOADED_FILE, FileMode.Open, FileAccess.Write, FileShare.Read))
            {
                // change the push 1 to a push 0
                int RVA = def.GetByteOffset(file, patternIndex) + 10;
                byte[] data = new byte[] { 0x16 };
                sw.Position = file.FindSectionForRVA(RVA).CalculateFileOffset(RVA);
                sw.Write(data, 0, data.Length);


                // write the new location to the metadata folder
                data = new byte[] { getByte(fileAddress, 0), getByte(fileAddress, 1), getByte(fileAddress, 2), getByte(fileAddress, 3) };
                FieldDef fd = file.GetField(fieldNum);
                RVA =
                    file.FindSectionForFileOffset((int)fd.MetaDataFileLocation)
                        .CalculateRVA((int)fd.MetaDataFileLocation);
                sw.Position = file.FindSectionForRVA(RVA).CalculateFileOffset(RVA);
                sw.Write(data, 0, data.Length);

                // write the string to an empty file location
                RVA = fileAddress;
                data = Encoding.Unicode.GetBytes(FileManager.MergedPath);
                sw.Position = file.FindSectionForRVA(RVA).CalculateFileOffset(RVA);
                sw.Write(data, 0, data.Length);
            }
        }