这几天我的问题是,我的相对跳转地址好像都弄不对(比如,分配的内存地址是7FF4CED2000,但是我的跳转地址是7FF7CED2000,也就是说,勉强关闭
我的 Alloc 和 Dealloc 函数:
public int Write(IntPtr addr, byte[] code)
{
//hndProc = MemoryAPI.OpenProcess(0x0008, 1, proc.Id);
return MemoryAPI.WriteProcessMemory(_mHProcess, addr, code, code.Length, 0);
//bytesWritten = (int)ptrBytesWritten;
}
public IntPtr Alloc(int Size)
{
//var proc = Process.GetProcessesByName(process)[0];
//var baseAddr = proc.MainModule.BaseAddress + 0x18F230;
var addr = MemoryAPI.VirtualAllocEx(_mHProcess, IntPtr.Zero, Size, MemoryAPI.AllocType.Commit | MemoryAPI.AllocType.MEM_TOP_DOWN, MemoryAPI.Protect.ExecuteReadWrite);
return addr;
}
public void Dealloc(IntPtr addr)
{
//var proc = Process.GetProcessesByName(process)[0]; // get Proc
//var hndProc = MemoryAPI.OpenProcess(0x0008, 1, proc.Id);
MemoryAPI.VirtualFreeEx(_mHProcess, addr, 0, MemoryAPI.FreeType.Release);
MemoryAPI.CloseHandle(_mHProcess);
}
我的启用和禁用脚本功能:
private void EnableScript()
{
Process process = Process.GetProcessesByName(ProcName)[0]; // Find Process
oMemory.ReadProcess = process; // Sets the Process to Read/Write From/To
oMemory.Open(); //Open Process
var jmpAddr = process.MainModule.BaseAddress + 0x18F230; // Address where you want to place the jump
newmem = oMemory.Alloc(0x1000); // New memory allocation
Console.WriteLine(jmpAddr.ToString("X"));
Console.WriteLine("Allocated Memory Location: " + newmem.ToString("X"));
var ad1 = (long)jmpAddr;
var ad2 = (long)newmem; // Address of Allocated Memory
List<byte> replacementBytes = new List<byte>();
var relativeJumpIntoAddress = ad2 - ad1 - 5;
replacementBytes.Add(0xE9); // JMP instruction
replacementBytes.AddRange(BitConverter.GetBytes(relativeJumpIntoAddress));
byte[] bv1 = { replacementBytes[0], replacementBytes[1], replacementBytes[2], replacementBytes[3], replacementBytes[4] }; // jump to the allocated codecave, with the replacementBytes forming the jump and location address.
byte[] bv2 = { 0x0F, 0x1F, 0x40, 0x00 };
byte[] bv3 = { 0xB0, 0x01, 0x88, 0x44, 0x24, 0x2C };
oMemory.Write((IntPtr)ad1, bv1); // Write the jmp
oMemory.Write((IntPtr)ad1 + 5, bv2);
oMemory.Write((IntPtr)ad2, bv3); // Write to allocated memory
oMemory.CloseHandle(); // Close Memory Handle
}
private void DisableScript()
{
Process process = Process.GetProcessesByName(ProcName)[0]; // Find Process
oMemory.ReadProcess = process; // Sets the Process to Read/Write From/To
oMemory.Open(); // Open Process
var jmpAddr = process.MainModule.BaseAddress + 0x18F230; //address where you want to place the jump
Console.WriteLine(newmem.ToString("X"));
byte[] originalBytes = { 0x88, 0x44, 0x24, 0x2C, 0xE8, 0xF7, 0x63, 0xF0, 0xFF };
oMemory.Write(jmpAddr, originalBytes);
oMemory.Dealloc(newmem); // Release Allocated Memory
oMemory.CloseHandle(); // Close Memory Handle
}
我对这个特定主题进行了很多研究,并尝试了很多不同的方法,但仍然没有解决这个问题。
感谢您提供的任何帮助。谢谢你! :)