I write a small program, Delphi to modify the local open XXX. Exe program of the jump instruction je at the specified address JMP have similar code examples, a great god, please give advice or comments!!

CodePudding user response:

This need the binary editor to repair zheng exe
File, but also understand the machine code,

CodePudding user response:

Hook try

CodePudding user response:

Mainly is to consider how to modify the memory,

CodePudding user response:

Way,
1, writeprocessmemory will write je instruction memory address values to JMP,
2, injected DLL, the DLL in overwriting memory directly modify permissions, and then rewrite memory using Delphi pointer, inline assembly of what can be directly after injection

CodePudding user response:

Relatively stable way: DLL injection, method and the code is a lot of, need can direct messages me,
Injection after modify memory read and write access,

 VirtualProtect (pointer (FHookAddr), FByteLen * sizeof (Byte), PAGE_EXECUTE_READWRITE, @ oldprotect); 
PByte (FHookAddr) ^ :=$E8; 
PInteger (FHookAddr + $1) ^ :=temp - FHookAddr - 5; 
For I:=$5 to do FByteLen - 1 
The begin 
PByte (FHookAddr + I) ^ :=$90; 
end; 
VirtualProtect (pointer (FHookAddr), FByteLen * sizeof (Byte), oldprotect, @ oldprotect); 

Similar to the above code is modified FhookADDR memory location of the instruction, to jump, jump to temp memory location, you can refer to the wrote