C# 클래스 GrayStorm.assemblyControlFlow

파일 보기 프로젝트 열기: GrayKernel/GrayStorm

공개 메소드들

메소드 설명
PatternAt ( byte source, byte pattern ) : int
replaceDwordCall ( IntPtr methodPointer ) : void

At the time of a call the dword register is called as such 0xFF call dword [00189AC4h] which is 6 bytes of 0xFF,0x15,0xC4,0x9A,0x18,0x0 I can then select the immediate value and use that as a selector to find the index into memory to set up a new relative call. Once the index in memory is located, I can use manipulation of the long type to calculate a new offset. I then place that offset into the location of the 0xFF by replacing the sequence with a "call immediate/0xE8" instruction.
replaceE8Call ( IntPtr methodPointer ) : void

Replace a 0xE8 call dstAddress - methodFunPtr + callOffset + byteOffset = new destination address

메소드 상세

PatternAt() 공개 정적인 메소드

public static PatternAt ( byte source, byte pattern ) : int
source byte
pattern byte
리턴 int

replaceDwordCall() 공개 정적인 메소드

At the time of a call the dword register is called as such 0xFF call dword [00189AC4h] which is 6 bytes of 0xFF,0x15,0xC4,0x9A,0x18,0x0 I can then select the immediate value and use that as a selector to find the index into memory to set up a new relative call. Once the index in memory is located, I can use manipulation of the long type to calculate a new offset. I then place that offset into the location of the 0xFF by replacing the sequence with a "call immediate/0xE8" instruction.
public static replaceDwordCall ( IntPtr methodPointer ) : void
methodPointer System.IntPtr
리턴 void

replaceE8Call() 공개 정적인 메소드

Replace a 0xE8 call dstAddress - methodFunPtr + callOffset + byteOffset = new destination address
public static replaceE8Call ( IntPtr methodPointer ) : void
methodPointer System.IntPtr
리턴 void