private static void patchMemory(DllBaseNativeEvent ev, uint processID) { ProcessMemoryReader pmr = new ProcessMemoryReader(); pmr.ReadProcessID = processID; pmr.OpenProcess(); try { patch((file, def,def2,patternIndex) => performMemoryPatch(file,def,patternIndex,pmr,ev)); } finally { pmr.CloseHandle(); } }
private static void performMemoryPatch(PEFile file, MethodDef def, int patternIndex, ProcessMemoryReader pmr, DllBaseNativeEvent ev) { IntPtr address = Utils.VirtualAllocEx(ev.Process.UnsafeHandle, IntPtr.Zero, (uint)Encoding.Unicode.GetBytes(FileManager.MergedPath).Length, AllocationType.Reserve | AllocationType.Commit | AllocationType.TopDown, MemoryProtection.ReadWrite); int fileAddress = address.ToInt32(); // set the location for our new filename string int offset = ev.Module.BaseAddress.ToInt32() + def.GetByteOffset(file, patternIndex); newCode[2] = getByte(fileAddress, 0); newCode[3] = getByte(fileAddress, 1); newCode[4] = getByte(fileAddress, 2); newCode[5] = getByte(fileAddress, 3); int writtenBytes; pmr.WriteProcessMemory(new IntPtr(offset), newCode, out writtenBytes); // write the new filename string pmr.WriteProcessMemory(new IntPtr(fileAddress), Encoding.Unicode.GetBytes(FileManager.MergedPath), out writtenBytes); }
private static void performMemoryPatch(PEFile file, MethodDef def, int patternIndex, ProcessMemoryReader pmr,DllBaseNativeEvent ev) { IntPtr address = Utils.VirtualAllocEx(ev.Process.UnsafeHandle, IntPtr.Zero, (uint)Encoding.Unicode.GetBytes(FileManager.MergedPath).Length, AllocationType.Reserve | AllocationType.Commit | AllocationType.TopDown, MemoryProtection.ReadWrite); int fileAddress = address.ToInt32(); // set the location for our new filename string int offset = ev.Module.BaseAddress.ToInt32() + def.GetByteOffset(file, patternIndex); newCode[2] = getByte(fileAddress, 0); newCode[3] = getByte(fileAddress, 1); newCode[4] = getByte(fileAddress, 2); newCode[5] = getByte(fileAddress, 3); int writtenBytes; pmr.WriteProcessMemory(new IntPtr(offset), newCode, out writtenBytes); // write the new filename string pmr.WriteProcessMemory(new IntPtr(fileAddress), Encoding.Unicode.GetBytes(FileManager.MergedPath), out writtenBytes); }