forked from redxu/sihook
-
Notifications
You must be signed in to change notification settings - Fork 0
/
patch.c
56 lines (49 loc) · 1.43 KB
/
patch.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#include <windows.h>
#include "utils.h"
#include "patch.h"
static void PatchCode(PBYTE addr,BYTE* patch,int size)
{
DWORD OldProtect = 0;
VirtualProtect(addr,size,PAGE_EXECUTE_READWRITE,&OldProtect);
RtlCopyMemory(addr,patch,size);
VirtualProtect(addr,size,OldProtect,&OldProtect);
FlushInstructionCache((HANDLE)-1,addr,size);
}
//ÐÞ¸´SI Ctrl+FµÄbug
//reference:http://bbs.pediy.com/showthread.php?t=185736
int PatchSI(void)
{
//004055E1 806405 F4 00 and byte ptr [ebp+eax-0xC], 0x0
BYTE TARGET[5] = {0x80,0x64,0x05,0xF4,0x00};
BYTE PATCH[5] = {0x90,0x90,0x90,0x90,0x90};
PBYTE exemod = GetModuleHandle(NULL);
PBYTE address = exemod;
PBYTE start;
MEMORY_BASIC_INFORMATION mbi;
while(TRUE)
{
if(VirtualQueryEx(GetCurrentProcess(),address,&mbi,sizeof(mbi)) != sizeof(mbi))
{
break;
}
if(mbi.AllocationBase != exemod)
{
break;
}
if((mbi.Protect&PAGE_EXECUTE_READ) && (mbi.State == MEM_COMMIT))
{
for(start = (PBYTE)mbi.BaseAddress;start < (PBYTE)mbi.BaseAddress+mbi.RegionSize-5;start++)
{
if(memcmp(start,TARGET,sizeof(TARGET)) == 0)
{
OutputDebugStringEx("BaseAddress[%08x] RegionSize[%08x]",mbi.BaseAddress,mbi.RegionSize);
OutputDebugStringEx("Find Patch Address %08x",start);
PatchCode(start,PATCH,sizeof(PATCH));
return 0;
}
}
}
address = ((PBYTE)mbi.BaseAddress+mbi.RegionSize);
}
return -1;
}