Last active
January 13, 2021 12:39
-
-
Save oXis/7ab496c3f7cdadc4ba9679f804813777 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"fmt" | |
"syscall" | |
"unsafe" | |
) | |
var procVirtualProtect = syscall.NewLazyDLL("kernel32.dll").NewProc("VirtualProtect") | |
func VirtualProtect(lpAddress unsafe.Pointer, dwSize uintptr, flNewProtect uint32, lpflOldProtect unsafe.Pointer) bool { | |
ret, _, _ := procVirtualProtect.Call( | |
uintptr(lpAddress), | |
uintptr(dwSize), | |
uintptr(flNewProtect), | |
uintptr(lpflOldProtect)) | |
return ret > 0 | |
} | |
func main() { | |
// Library | |
kernel32 := syscall.MustLoadDLL("kernel32.dll") | |
getHandle := kernel32.MustFindProc("GetModuleHandleW") | |
ret, _, _ := getHandle.Call(0) | |
var oldfperms uint32 | |
if !VirtualProtect(unsafe.Pointer(*(**uintptr)(unsafe.Pointer(&ret))), unsafe.Sizeof(uint8(0))*2, uint32(0x40), unsafe.Pointer(&oldfperms)) { | |
panic("Call to VirtualProtect failed!") | |
} | |
fmt.Printf("%x\n", ret) | |
z := (*byte)(unsafe.Pointer(ret)) | |
m := (*byte)(unsafe.Pointer(uintptr(ret) + unsafe.Sizeof(uint8(0))*1)) | |
fmt.Printf("%x\n", *z) | |
fmt.Printf("%x\n", *m) | |
fmt.Printf("%s\n", string(*z)) | |
fmt.Printf("%s\n", string(*m)) | |
*m = 0x00 | |
*z = 0x00 | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment