def _mapmodule(self,module):
'''
Internal function!
manually map the module in memory. no error checking - fuck it, I don't care!
'''
self.LoadPE(module)
# Get current process handle
p_handle = kernel32.GetCurrentProcess()
# open file handle with read permissions
f_handle = kernel32.CreateFileA(module,win32con.GENERIC_READ,win32con.FILE_SHARE_READ,0,win32con.OPEN_EXISTING,win32con.FILE_ATTRIBUTE_NORMAL,0)
f_size = kernel32.GetFileSize(f_handle,None)
vp_pointer = kernel32.VirtualAllocEx(p_handle,0,f_size,win32con.MEM_RESERVE | win32con.MEM_COMMIT,win32con.PAGE_READWRITE)
byteread = ctypes.c_ulong(0)
# read file
state = kernel32.ReadFile(f_handle,vp_pointer,f_size,ctypes.byref(byteread),None)
kernel32.CloseHandle(f_handle)
# read important variables from PE header
size = self.pe.OPTIONAL_HEADER.SizeOfImage
src = self.pe.OPTIONAL_HEADER.ImageBase
headersize = self.pe.OPTIONAL_HEADER.SizeOfHeaders
p_addr = kernel32.VirtualAllocEx(p_handle,0,size,win32con.MEM_RESERVE | win32con.MEM_COMMIT,win32con.PAGE_READWRITE)
# Write headers
kernel32.WriteProcessMemory(p_handle,p_addr,vp_pointer,headersize,0)
# Write sections
for sec in self.pe.sections:
dstaddr = p_addr + sec.VirtualAddress
srcaddr = vp_pointer + sec.PointerToRawData
secsize = sec.SizeOfRawData
kernel32.WriteProcessMemory(p_handle,dstaddr,srcaddr,secsize,0)
kernel32.CloseHandle(p_handle)
kernel32.VirtualFree(vp_pointer,f_size,win32con.MEM_RELEASE)
return p_addr
评论列表
文章目录
