- 注册时间
- 2010-7-27
- 最后登录
- 2017-6-3
- 在线时间
- 4 小时
编程入门
- 魔鬼币
- 617
|
void SetModuleBaseName(HANDLE ProcessHandle,void*BaseAddress,wchar_t*FileName,unsigned int NameLength)
{void*TargetAddr;PEB Peb;PEB_LDR_DATA Ldr;LDR_MODULE Dll;PROCESS_BASIC_INFORMATION PBI;ULONG_PTR RegionSize;
if(NtQueryInformationProcess(ProcessHandle,0,&PBI,sizeof(PROCESS_BASIC_INFORMATION),0))return;
if(NtReadVirtualMemory(ProcessHandle,PBI.PebBaseAddress,&Peb,sizeof(PEB),0))return;
if(NtReadVirtualMemory(ProcessHandle,Peb.Ldr,&Ldr,sizeof(PEB_LDR_DATA),0))return;
TargetAddr=(void*)Ldr.InLoadOrderModuleList.Flink;
while(1)
{
if(NtReadVirtualMemory(ProcessHandle,TargetAddr,&Dll,sizeof(LDR_MODULE),0))return;
if(Dll.BaseAddress==BaseAddress)break;
TargetAddr=(void*)Dll.InLoadOrderModuleList.Flink;
if(TargetAddr==&Peb.Ldr->InLoadOrderModuleList)return;
}
Dll.BaseDllName.Buffer=0;
RegionSize=NameLength;
if(NtAllocateVirtualMemory(ProcessHandle,(void**)&Dll.BaseDllName.Buffer,0,&RegionSize,MEM_RESERVE|MEM_COMMIT,PAGE_READWRITE))return;
NtWriteVirtualMemory(ProcessHandle,Dll.BaseDllName.Buffer,FileName,NameLength,0);
Dll.BaseDllName.MaximumLength=(USHORT)RegionSize;
Dll.BaseDllName.Length=(USHORT)NameLength;
NtWriteVirtualMemory(ProcessHandle,TargetAddr,&Dll,sizeof(LDR_MODULE),0);
}
void SetModuleFullName(HANDLE ProcessHandle,void*BaseAddress,wchar_t*FileName,unsigned int NameLength)
{void*TargetAddr;PEB Peb;PEB_LDR_DATA Ldr;LDR_MODULE Dll;PROCESS_BASIC_INFORMATION PBI;ULONG_PTR RegionSize;
if(NtQueryInformationProcess(ProcessHandle,0,&PBI,sizeof(PROCESS_BASIC_INFORMATION),0))return;
if(NtReadVirtualMemory(ProcessHandle,PBI.PebBaseAddress,&Peb,sizeof(PEB),0))return;
if(NtReadVirtualMemory(ProcessHandle,Peb.Ldr,&Ldr,sizeof(PEB_LDR_DATA),0))return;
TargetAddr=(void*)Ldr.InLoadOrderModuleList.Flink;
while(1)
{
if(NtReadVirtualMemory(ProcessHandle,TargetAddr,&Dll,sizeof(LDR_MODULE),0))return;
if(Dll.BaseAddress==BaseAddress)break;
TargetAddr=(void*)Dll.InLoadOrderModuleList.Flink;
if(TargetAddr==&Peb.Ldr->InLoadOrderModuleList)return;
}
Dll.FullDllName.Buffer=0;
RegionSize=NameLength;
if(NtAllocateVirtualMemory(ProcessHandle,(void**)&Dll.FullDllName.Buffer,0,&RegionSize,MEM_RESERVE|MEM_COMMIT,PAGE_READWRITE))return;
NtWriteVirtualMemory(ProcessHandle,Dll.FullDllName.Buffer,FileName,NameLength,0);
Dll.FullDllName.MaximumLength=(USHORT)RegionSize;
Dll.FullDllName.Length=(USHORT)NameLength;
NtWriteVirtualMemory(ProcessHandle,TargetAddr,&Dll,sizeof(LDR_MODULE),0);
}
|
|
发表于 2017-6-3 17:01:42