什么是戈朗等价物。网络的元帅复制方法?
我试图修补戈朗的一大块内存。我已关闭虚拟保护功能,并且内存块正在更改为 RW,但我找不到用于复制到内存的 Golang 功能。
我想从强势外壳脚本中模拟这一点:
[System.Runtime.InteropServices.Marshal]::Copy($patch, 0, $targetedAddress, 3)
我目前拥有的戈朗代码如下:
var patch = []byte {
0x31, 0xC0, // xor rax, rax
0xC3, // ret
}
var oldfperms uint32
virtualProt(unsafe.Pointer(&patchAddr), unsafe.Sizeof(uintptr(2)), uint32(0x40),
unsafe.Pointer(&oldfperms)) // Modify region for ReadWrite
var r uintptr
for _, b := range patch {
r = (r << 8) | uintptr(b)
}
patch := unsafe.Pointer(uintptr(r)) // Attempting to copy into memory here and I'm stumped
fmt.Println(patch)
var a uint32
virtualProt(unsafe.Pointer(&patchAddr), unsafe.Sizeof(uintptr(2)), oldfperms, unsafe.Pointer(&a)) // Change region back to normal
莫回无浏览 83回答 1
1回答
-
青春有我
没关系。找到对 Win32 写入过程内存函数的引用并使用该函数。https://pkg.go.dev/github.com/0xrawsec/golang-win32/win32/kernel32#WriteProcessMemoryfunc WriteProcMem(currProccess uintptr, patchAddr uintptr, patch uintptr) bool { kern32WriteMem := syscall.NewLazyDLL("kernel32.dll").NewProc("WriteProcessMemory") _, _, _ = kern32WriteMem.Call( currProccess, patchAddr, patch) fmt.Println("[+] Patched Memory!") return true}
随时随地看视频慕课网APP
相关分类
Go