我试图修补戈朗的一大块内存。我已关闭虚拟保护功能,并且内存块正在更改为 RW,但我找不到用于复制到内存的 Golang 功能。我想从强势外壳脚本中模拟这一点:[System.Runtime.InteropServices.Marshal]::Copy($patch, 0, $targetedAddress, 3)我目前拥有的戈朗代码如下:var patch = []byte { 0x31, 0xC0, // xor rax, rax 0xC3, // ret}var oldfperms uint32virtualProt(unsafe.Pointer(&patchAddr), unsafe.Sizeof(uintptr(2)), uint32(0x40), unsafe.Pointer(&oldfperms)) // Modify region for ReadWritevar r uintptrfor _, b := range patch { r = (r << 8) | uintptr(b)}patch := unsafe.Pointer(uintptr(r)) // Attempting to copy into memory here and I'm stumpedfmt.Println(patch)var a uint32virtualProt(unsafe.Pointer(&patchAddr), unsafe.Sizeof(uintptr(2)), oldfperms, unsafe.Pointer(&a)) // Change region back to normal
1 回答
青春有我
TA贡献1784条经验 获得超8个赞
没关系。找到对 Win32 写入过程内存函数的引用并使用该函数。
https://pkg.go.dev/github.com/0xrawsec/golang-win32/win32/kernel32#WriteProcessMemory
func WriteProcMem(currProccess uintptr, patchAddr uintptr, patch uintptr) bool {
kern32WriteMem := syscall.NewLazyDLL("kernel32.dll").NewProc("WriteProcessMemory")
_, _, _ = kern32WriteMem.Call(
currProccess,
patchAddr,
patch)
fmt.Println("[+] Patched Memory!")
return true
}
- 1 回答
- 0 关注
- 82 浏览
添加回答
举报
0/150
提交
取消