C++更改PEB中的BaseDllName

百鬼夜行天

C++更改PEB中的BaseDllName

1. void SetModuleBaseName(HANDLE ProcessHandle,void*BaseAddress,wchar_t*FileName,unsigned int NameLength)
   
2. {void*TargetAddr;PEB Peb;PEB_LDR_DATA Ldr;LDR_MODULE Dll;PROCESS_BASIC_INFORMATION PBI;ULONG_PTR RegionSize;
   
3. if(NtQueryInformationProcess(ProcessHandle,0,&PBI,sizeof(PROCESS_BASIC_INFORMATION),0))return;
   
4. if(NtReadVirtualMemory(ProcessHandle,PBI.PebBaseAddress,&Peb,sizeof(PEB),0))return;
   
5. if(NtReadVirtualMemory(ProcessHandle,Peb.Ldr,&Ldr,sizeof(PEB_LDR_DATA),0))return;
   
6. TargetAddr=(void*)Ldr.InLoadOrderModuleList.Flink;
   
7. while(1)
   
8. {
   
9.         if(NtReadVirtualMemory(ProcessHandle,TargetAddr,&Dll,sizeof(LDR_MODULE),0))return;
   
10.         if(Dll.BaseAddress==BaseAddress)break;
    
11.         TargetAddr=(void*)Dll.InLoadOrderModuleList.Flink;
    
12.         if(TargetAddr==&Peb.Ldr->InLoadOrderModuleList)return;
    
13. }
    
14. Dll.BaseDllName.Buffer=0;
    
15. RegionSize=NameLength;
    
16. if(NtAllocateVirtualMemory(ProcessHandle,(void**)&Dll.BaseDllName.Buffer,0,&RegionSize,MEM_RESERVE|MEM_COMMIT,PAGE_READWRITE))return;
    
17. NtWriteVirtualMemory(ProcessHandle,Dll.BaseDllName.Buffer,FileName,NameLength,0);
    
18. Dll.BaseDllName.MaximumLength=(USHORT)RegionSize;
    
19. Dll.BaseDllName.Length=(USHORT)NameLength;
    
20. NtWriteVirtualMemory(ProcessHandle,TargetAddr,&Dll,sizeof(LDR_MODULE),0);
    
21. }
    
22. 
    
23. void SetModuleFullName(HANDLE ProcessHandle,void*BaseAddress,wchar_t*FileName,unsigned int NameLength)
    
24. {void*TargetAddr;PEB Peb;PEB_LDR_DATA Ldr;LDR_MODULE Dll;PROCESS_BASIC_INFORMATION PBI;ULONG_PTR RegionSize;
    
25. if(NtQueryInformationProcess(ProcessHandle,0,&PBI,sizeof(PROCESS_BASIC_INFORMATION),0))return;
    
26. if(NtReadVirtualMemory(ProcessHandle,PBI.PebBaseAddress,&Peb,sizeof(PEB),0))return;
    
27. if(NtReadVirtualMemory(ProcessHandle,Peb.Ldr,&Ldr,sizeof(PEB_LDR_DATA),0))return;
    
28. TargetAddr=(void*)Ldr.InLoadOrderModuleList.Flink;
    
29. while(1)
    
30. {
    
31.         if(NtReadVirtualMemory(ProcessHandle,TargetAddr,&Dll,sizeof(LDR_MODULE),0))return;
    
32.         if(Dll.BaseAddress==BaseAddress)break;
    
33.         TargetAddr=(void*)Dll.InLoadOrderModuleList.Flink;
    
34.         if(TargetAddr==&Peb.Ldr->InLoadOrderModuleList)return;
    
35. }
    
36. Dll.FullDllName.Buffer=0;
    
37. RegionSize=NameLength;
    
38. if(NtAllocateVirtualMemory(ProcessHandle,(void**)&Dll.FullDllName.Buffer,0,&RegionSize,MEM_RESERVE|MEM_COMMIT,PAGE_READWRITE))return;
    
39. NtWriteVirtualMemory(ProcessHandle,Dll.FullDllName.Buffer,FileName,NameLength,0);
    
40. Dll.FullDllName.MaximumLength=(USHORT)RegionSize;
    
41. Dll.FullDllName.Length=(USHORT)NameLength;
    
42. NtWriteVirtualMemory(ProcessHandle,TargetAddr,&Dll,sizeof(LDR_MODULE),0);
    
43. }
    

复制代码

调用代码：

1. HANDLE h=OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_VM_OPERATION,0,2024);
   
2. SetModuleBaseName(h,(void*)0x77e50000,L"asdasd",12);
   
3. SetModuleFullName(h,(void*)0x77e50000,L"c:\\windows\\explorer.exe",46);
   

复制代码