Пример #1
0
        private static void patchMemory(DllBaseNativeEvent ev, uint processID)
        {
            ProcessMemoryReader pmr = new ProcessMemoryReader();
            pmr.ReadProcessID = processID;
            pmr.OpenProcess();
            try
            {
                patch((file, def,def2,patternIndex) => performMemoryPatch(file,def,patternIndex,pmr,ev));
            }
            finally
            {
                pmr.CloseHandle();
            }

        }
Пример #2
0
 private static void performMemoryPatch(PEFile file, MethodDef def, int patternIndex, ProcessMemoryReader pmr,DllBaseNativeEvent ev)
 {
     IntPtr address =
         Utils.VirtualAllocEx(ev.Process.UnsafeHandle, IntPtr.Zero,
         (uint)Encoding.Unicode.GetBytes(FileManager.MergedPath).Length,
          AllocationType.Reserve | AllocationType.Commit | AllocationType.TopDown, MemoryProtection.ReadWrite);
     int fileAddress = address.ToInt32();
     // set the location for our new filename string
     int offset = ev.Module.BaseAddress.ToInt32() + def.GetByteOffset(file, patternIndex);
     newCode[2] = getByte(fileAddress, 0);
     newCode[3] = getByte(fileAddress, 1);
     newCode[4] = getByte(fileAddress, 2);
     newCode[5] = getByte(fileAddress, 3);
     int writtenBytes;
     pmr.WriteProcessMemory(new IntPtr(offset), newCode, out writtenBytes);
     // write the new filename string
     pmr.WriteProcessMemory(new IntPtr(fileAddress),  Encoding.Unicode.GetBytes(FileManager.MergedPath), out writtenBytes);
 }