设为首页收藏本站
切换到宽版

天马阁

 找回密码
 立即注册
天马阁»天马阁论坛 天马阁转载区4 64位驱动编程 C++更改PEB中的BaseDllName
                                        →→→→→→→→→→→→ 1点击查看所有VIP教程目录长列表(总教程数269个) 2办理VIP详情进入 ←←←←←←←←←←←←
1 x64CE与x64dbg入门基础教程 7课 已完结 2 x64汇编语言基础教程 16课 已完结 3 x64辅助入门基础教程 9课 已完结 4 C++x64内存辅助实战技术教程 149课 已完结
5 C++x64内存检测与过检测技术教程 10课 已完结 6 C+x64二叉树分析遍历与LUA自动登陆教程 19课已完结 7 C++BT功能原理与x64实战教程 29课 已完结 8 C+FPS框透视与自瞄x64实现原理及防护思路 30课完结
64驱?封? 9 64反驱? 10 64位V? 11 绝? 12 ???课?
13 64透 ? 14 64U ? 15 64Q ? 16 64功 ?
17 64U ? 18 64模 ? 19 64多 ? 20 64网 ?
21 64注 ? 22 64火 ? 23 64棋 ? 24 64自二链L?
25 64破 ? VIP会员办理QQ: 89986068   
【请先加好友,然后到好友列表双击联系客服办理,不然可能无法接受到信息。】 		27 加入2000人交流群637034024 3 28 免责声明?
返回列表 发新帖
查看: 13917|回复: 0

C++更改PEB中的BaseDllName

[复制链接]
David902

14

主题

0

回帖

17

积分

编程入门

Rank: 1

天马币
28
发表于 2024-3-2 09:58:07 | 显示全部楼层 |阅读模式
void SetModuleBaseName(HANDLE ProcessHandle,void*BaseAddress,wchar_t*FileName,unsigned int NameLength)
{void*TargetAddr;PEB Peb;PEB_LDR_DATA Ldr;LDR_MODULE Dll;PROCESS_BASIC_INFORMATION PBI;ULONG_PTR RegionSize;
if(NtQueryInformationProcess(ProcessHandle,0,&PBI,sizeof(PROCESS_BASIC_INFORMATION),0))return;
if(NtReadVirtualMemory(ProcessHandle,PBI.PebBaseAddress,&Peb,sizeof(PEB),0))return;
if(NtReadVirtualMemory(ProcessHandle,Peb.Ldr,&Ldr,sizeof(PEB_LDR_DATA),0))return;
TargetAddr=(void*)Ldr.InLoadOrderModuleList.Flink;
while(1)
{
        if(NtReadVirtualMemory(ProcessHandle,TargetAddr,&Dll,sizeof(LDR_MODULE),0))return;
        if(Dll.BaseAddress==BaseAddress)break;
        TargetAddr=(void*)Dll.InLoadOrderModuleList.Flink;
        if(TargetAddr==&Peb.Ldr->InLoadOrderModuleList)return;
}
Dll.BaseDllName.Buffer=0;
RegionSize=NameLength;
if(NtAllocateVirtualMemory(ProcessHandle,(void**)&Dll.BaseDllName.Buffer,0,&RegionSize,MEM_RESERVE|MEM_COMMIT,PAGE_READWRITE))return;
NtWriteVirtualMemory(ProcessHandle,Dll.BaseDllName.Buffer,FileName,NameLength,0);
Dll.BaseDllName.MaximumLength=(USHORT)RegionSize;
Dll.BaseDllName.Length=(USHORT)NameLength;
NtWriteVirtualMemory(ProcessHandle,TargetAddr,&Dll,sizeof(LDR_MODULE),0);
}

void SetModuleFullName(HANDLE ProcessHandle,void*BaseAddress,wchar_t*FileName,unsigned int NameLength)
{void*TargetAddr;PEB Peb;PEB_LDR_DATA Ldr;LDR_MODULE Dll;PROCESS_BASIC_INFORMATION PBI;ULONG_PTR RegionSize;
if(NtQueryInformationProcess(ProcessHandle,0,&PBI,sizeof(PROCESS_BASIC_INFORMATION),0))return;
if(NtReadVirtualMemory(ProcessHandle,PBI.PebBaseAddress,&Peb,sizeof(PEB),0))return;
if(NtReadVirtualMemory(ProcessHandle,Peb.Ldr,&Ldr,sizeof(PEB_LDR_DATA),0))return;
TargetAddr=(void*)Ldr.InLoadOrderModuleList.Flink;
while(1)
{
        if(NtReadVirtualMemory(ProcessHandle,TargetAddr,&Dll,sizeof(LDR_MODULE),0))return;
        if(Dll.BaseAddress==BaseAddress)break;
        TargetAddr=(void*)Dll.InLoadOrderModuleList.Flink;
        if(TargetAddr==&Peb.Ldr->InLoadOrderModuleList)return;
}
Dll.FullDllName.Buffer=0;
RegionSize=NameLength;
if(NtAllocateVirtualMemory(ProcessHandle,(void**)&Dll.FullDllName.Buffer,0,&RegionSize,MEM_RESERVE|MEM_COMMIT,PAGE_READWRITE))return;
NtWriteVirtualMemory(ProcessHandle,Dll.FullDllName.Buffer,FileName,NameLength,0);
Dll.FullDllName.MaximumLength=(USHORT)RegionSize;
Dll.FullDllName.Length=(USHORT)NameLength;
NtWriteVirtualMemory(ProcessHandle,TargetAddr,&Dll,sizeof(LDR_MODULE),0);
}


HANDLE h=OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_VM_OPERATION,0,2024);
SetModuleBaseName(h,(void*)0x77e50000,L"asdasd",12);
SetModuleFullName(h,(void*)0x77e50000,L"c:\\windows\\explorer.exe",46);
回复

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

天马阁|C/C++辅助教程|安卓逆向安全| 论坛导航|免责申明|Archiver||网站地图
拒绝任何人以任何形式在本论坛发表与中华人民共和国法律相抵触的言论,本站内容均为会员发表,并不代表天马阁立场!
任何人不得以任何方式翻录、盗版或出售本站视频,一经发现我们将追究其相关责任!
我们一直在努力成为最好的编程论坛!
Copyright© 2010-2021 All Right Reserved.
收缩
快速回复 返回顶部 返回列表