Last active
May 31, 2022 03:10
-
-
Save NaniteFactory/ed75f6b04f7a3f509a1b05ed131f0722 to your computer and use it in GitHub Desktop.
golang runtime bytes patch in windows
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "unsafe" | |
| "github.com/nanitefactory/memory" | |
| "github.com/nanitefactory/outputdbg" | |
| ) | |
| // #include <windows.h> | |
| import "C" | |
| func test() { | |
| // target | |
| lpBaseAddress := uintptr(0x004014D0) // where to patch | |
| nSize := uintptr(6) // nSize AOB | |
| // unprotect and protect back | |
| protectBack, err := memory.Unprotect(lpBaseAddress, nSize) | |
| outputdbg.LogPrintln("Unprotect called") | |
| if err != nil { | |
| outputdbg.LogPrintln(err) | |
| } | |
| defer func() { | |
| err := protectBack() | |
| outputdbg.LogPrintln("Protect back called") | |
| if err != nil { | |
| outputdbg.LogPrintln(err) | |
| } | |
| }() | |
| // patch 1 | |
| arr := (*[6]byte)(unsafe.Pointer(lpBaseAddress)) // where to patch | |
| outputdbg.LogPrintln(arr) | |
| *arr = [6]byte{0x90, 0x90, 0x90, 0x90, 0x90, 0x90} | |
| outputdbg.LogPrintln(arr) | |
| // patch 2 | |
| toWrite := [6]byte{0x80, 0x80, 0x80, 0x80, 0x80, 0x80} | |
| memory.WriteProcessMemory(lpBaseAddress, toWrite[:]) | |
| outputdbg.LogPrintln(arr) | |
| } | |
| // This test works nice as intended. | |
| func main() { | |
| test() | |
| for { | |
| // So you can see what's patched with your runtime debugger. | |
| } | |
| } | |
| /* | |
| 2018/12/20 21:39:06 Unprotect called | |
| 2018/12/20 21:39:06 &[40 195 15 31 64 0] | |
| 2018/12/20 21:39:06 &[144 144 144 144 144 144] | |
| 2018/12/20 21:39:06 &[128 128 128 128 128 128] | |
| 2018/12/20 21:39:06 Protect back called | |
| */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment