Skip to content

Instantly share code, notes, and snippets.

@oXis
Last active January 13, 2021 12:39
Show Gist options
  • Save oXis/7ab496c3f7cdadc4ba9679f804813777 to your computer and use it in GitHub Desktop.
Save oXis/7ab496c3f7cdadc4ba9679f804813777 to your computer and use it in GitHub Desktop.
package main
import (
"fmt"
"syscall"
"unsafe"
)
var procVirtualProtect = syscall.NewLazyDLL("kernel32.dll").NewProc("VirtualProtect")
func VirtualProtect(lpAddress unsafe.Pointer, dwSize uintptr, flNewProtect uint32, lpflOldProtect unsafe.Pointer) bool {
ret, _, _ := procVirtualProtect.Call(
uintptr(lpAddress),
uintptr(dwSize),
uintptr(flNewProtect),
uintptr(lpflOldProtect))
return ret > 0
}
func main() {
// Library
kernel32 := syscall.MustLoadDLL("kernel32.dll")
getHandle := kernel32.MustFindProc("GetModuleHandleW")
ret, _, _ := getHandle.Call(0)
var oldfperms uint32
if !VirtualProtect(unsafe.Pointer(*(**uintptr)(unsafe.Pointer(&ret))), unsafe.Sizeof(uint8(0))*2, uint32(0x40), unsafe.Pointer(&oldfperms)) {
panic("Call to VirtualProtect failed!")
}
fmt.Printf("%x\n", ret)
z := (*byte)(unsafe.Pointer(ret))
m := (*byte)(unsafe.Pointer(uintptr(ret) + unsafe.Sizeof(uint8(0))*1))
fmt.Printf("%x\n", *z)
fmt.Printf("%x\n", *m)
fmt.Printf("%s\n", string(*z))
fmt.Printf("%s\n", string(*m))
*m = 0x00
*z = 0x00
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment