Themabewertung:
  • 0 Bewertung(en) - 0 im Durchschnitt
  • 1
  • 2
  • 3
  • 4
  • 5
  [Delphi] Change Entrypoint (Process Creation)
#1
Code:
Function GetSetEntryPoint(hThread : tHandle; pNew : Pointer):Pointer;stdcall;
var
 {$IFDEF CPU32}
 pContext : pContext86;
 {$ELSE CPU32}
 pContext : pContext64;
 {$ENDIF CPU32}
begin
 //Get aligned memory
 pContext := GetAlignedContext();

 //Check if we have the context struct
 if (pContext <> nil) then
   begin
     //Set the context flags
     {$IFDEF CPU32}
     pContext^.ContextFlags := ($00010000 or $00000001) or ($00010000 or $00000002) or ($00010000 or $00000004);
     {$ELSE CPU32}
     pContext^.ContextFlags := ($00100000 or $00000001) or ($00100000 or $00000002) or ($00100000 or $00000004);
     {$ENDIF CPU32}

     //Get the thread context
     if (GetThreadContext(hThread, pContext) = TRUE) then
       begin
         //Return the old Entry Point
         {$IFDEF CPU32}
         Result := Pointer(pContext^.Eax);
         {$ELSE CPU32}
         Result := Pointer(pContext^.Rcx);
         {$ENDIF CPU32}

         //If there is a new Entry Point, set it
         if (pNew <> nil) then
           begin
             //Eax (Rcx) should be new Entry Point
             {$IFDEF CPU32}
             pContext^.Eax := tHandle(pNew);
             {$ELSE CPU32}
             pContext^.Rcx := tHandle(pNew);
             {$ENDIF CPU32}

             //Set the context
             SetThreadContext(hThread, pContext);
           end;
       end;
   end;
end;

Function GetSetEntryPointWOW64(hThread : tHandle; pNew : Pointer):DWORD;
var
 pContext : pContext86;
begin
 //Get aligned memory
 pContext := GetAlignedContext86();

 //Check if we have the context struct
 if (pContext <> nil) then
   begin
     //Set the context flags
     pContext^.ContextFlags := ($00010000 or $00000001) or ($00010000 or $00000002) or ($00010000 or $00000004);

     //Get the thread context
     if (Wow64GetThreadContext(hThread, pContext) = TRUE) then
       begin
         //Return the old Entry Point
         Result := pContext^.Eax;

         //If there is a new Entry Point, set it
         if (pNew <> nil) then
           begin
             //Eax should be new Entry Point
             pContext^.Eax := tHandle(pNew);

             //Set the context
             Wow64SetThreadContext(hThread, pContext);
           end;
       end;
   end;
end;
Zitieren


Gehe zu:


Benutzer, die gerade dieses Thema anschauen: 1 Gast/Gäste
www.D3n1s.Net