i already do it, i just think have another way.iconic wrote:I've already explained how to do this in my previous post. As Madshi mentioned earlier as well, you can use WriteProcessMemory on the target process (you don't need a previous call to VirtualProtectEx because WriteProcessMemory already does this internally by protecting with PAGE_EXECUTE_READWRITE and will also even flush the icache after modifying the memory). Map the target module as executable in your process, adjust the RVA to the new mapped base in your process and then read in the original bytes. After this is done simply write these original bytes back to the target(s) in the other process(es). That's it
--Iconic
thanks.
you know how query a handle to get their name? when i query a handle who ObjectType = 7 (Process).
i need know what PID their are openning.
something like that:
pReturnSize2 := @ReturnSize2;
NtQueryObject(hObject, ObjectNameInformation, nil, 0, pReturnSize2);
ONI2 := VirtualAlloc(nil, ReturnSize2, MEM_COMMIT, PAGE_READWRITE);
if (Assigned(ONI2)) then
begin
Status2 := NtQueryObject(hObject, ObjectNameInformation, ONI2, ReturnSize2, pReturnSize2);
if (NT_SUCCESS(Status2)) then
begin
SetLength(Result2, ONI2^.name.Length);
Result2 := ONI2^.name.Buffer
end;
VirtualFree(ONI2, 0, MEM_RELEASE);
end;
but to retrieve the PID who this (Process) handle are openning.