[C] 纯文本查看 复制代码
#include<windows.h>
int selfSimplePatch(DWORD RVA, BYTE *ReadByte, BYTE *WriteByte, DWORD length)
{
HANDLE hProcess = GetCurrentProcess();
BYTE *checkByte =(BYTE *)malloc(length);
DWORD writeAddress = (DWORD)GetModuleHandle(NULL) + RVA;
DWORD dwDldProc = 0;
TCHAR tzTemp[200];
if (!ReadProcessMemory(hProcess, (LPCVOID)writeAddress, checkByte, length, NULL))
{
free(checkByte);
//wsprintf(tzTemp, TEXT("程序 %hs 在偏移%lu 补丁失败 返回值:-4"), ExeName, RVA);
//OutputDebugString(tzTemp);
return -4;//读取失败
}
for (int i = 0; i < length;i++)
{
if (*(ReadByte + i) != *(checkByte + i))
{
free(checkByte);
//wsprintf(tzTemp, TEXT("程序 %hs 在偏移%lu 补丁失败 返回值:-3"), ExeName, RVA);
//OutputDebugString(tzTemp);
return -3;//原始数据和读到的数据不符
}
}
if (VirtualProtectEx(hProcess, (LPVOID)writeAddress, length, PAGE_EXECUTE_READWRITE, &dwDldProc) == FALSE)//修改内存页面属性
{
free(checkByte);
//wsprintf(tzTemp, TEXT("程序 %hs 在偏移%lu 补丁失败 返回值:-2"), ExeName, RVA);
//OutputDebugString(tzTemp);
return -2;
}
if (WriteProcessMemory(hProcess, (LPVOID)writeAddress, WriteByte, length, NULL) == FALSE)
{
free(checkByte);
//wsprintf(tzTemp, TEXT("程序 %hs 在偏移%lu 补丁失败 返回值:-1"), ExeName,RVA);
//OutputDebugString(tzTemp);
return -1;
}
VirtualProtectEx(hProcess, (LPVOID)writeAddress, length, dwDldProc, &dwDldProc);
free(checkByte);
//wsprintf(tzTemp, TEXT("程序 %hs 在偏移%lu 补丁成功 返回值:0"), ExeName, RVA);
//OutputDebugString(tzTemp);
return 0;
}
void EnableDebugPriv()//提升权限
{
HANDLE hToken;
LUID luid;
TOKEN_PRIVILEGES tp;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luid);
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
tp.Privileges[0].Luid = luid;
AdjustTokenPrivileges(hToken, 0, &tp, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
}
发表于 2021-4-13 23:07
