Untitled

avatar
unknown
c_cpp
a year ago
2.7 kB
4
Indexable
template <typename T>
bool write_vector(std::uint64_t address, const std::vector<T>& write, bool remove_write_protection = true)
{
    const size_t size = write.size() * sizeof(T);
    DWORD old_protect = 0;
    std::uint64_t aligned_address = address & ~0xFFF;  
    std::uint64_t offset = address - aligned_address;
    PVOID base_address = reinterpret_cast<PVOID>(aligned_address);
    SIZE_T region_size = ((size + offset + 0xFFF) & ~0xFFF);

    std::cout << "the plan is to write " << std::dec << size << " bytes to the aligned address 0x" << std::hex << aligned_address
        << " with offset 0x" << std::hex << offset << std::endl;

    if (remove_write_protection)
    {
        std::cout << "changing memory protection to RWX" << std::endl;
        NTSTATUS status = syscall.invoke<NTSTATUS>(AY_OBFUSCATE("NtProtectVirtualMemory"),
            proc_handle, &base_address, &region_size, PAGE_EXECUTE_READWRITE, &old_protect);
        if (status != 0)
        {
            std::cerr << "NtProtectVirtualMemory failed: 0x" << std::hex << status << std::endl;
            return false;
        }
        std::cout << "protection change success. original protection: 0x" << std::hex << old_protect << std::endl;
    }

    std::cout << "about to write bytes: ";
    size_t display_size = (size < 16) ? size : 16;
    for (size_t i = 0; i < display_size; ++i) {
        std::cout << std::hex << std::setw(2) << std::setfill('0')
            << static_cast<int>(reinterpret_cast<const uint8_t*>(write.data())[i]) << " ";
    }
    if (size > 16) std::cout << "...";
    std::cout << std::endl;

    NTSTATUS write_status = syscall.invoke<NTSTATUS>(AY_OBFUSCATE("NtWriteVirtualMemory"),
        proc_handle, reinterpret_cast<char*>(base_address) + offset, write.data(), size, nullptr);
    if (write_status != 0)
    {
        std::cerr << "NtWriteVirtualMemory failed: 0x" << std::hex << write_status << std::endl;
        return false;
    }
    std::cout << "NtWriteVirtualMemory succeeded " << std::endl;

    if (remove_write_protection)
    {
        std::cout << "restoring original protection" << std::endl;
        NTSTATUS restore_status = syscall.invoke<NTSTATUS>(AY_OBFUSCATE("NtProtectVirtualMemory"),
            proc_handle, &base_address, &region_size, old_protect, &old_protect);
        if (restore_status != 0)
        {
            std::cerr << "failed to restore original protection: 0x" << std::hex << restore_status << std::endl;
        }
        else
        {
            std::cout << "original protection restored successfully" << std::endl;
        }
    }

    return true;
}
Editor is loading...
Leave a Comment