英文:
What is the Golang equivalent of .Net's Marshal.Copy method?
问题
我正在尝试在Golang中修补一块内存。我已经实现了VirtualProtect功能,并且内存块已被更改为可读写,但我找不到Golang中用于将数据复制到内存的功能。
我想从PowerShell脚本中模拟这个操作:
[System.Runtime.InteropServices.Marshal]::Copy($patch, 0, $targetedAddress, 3)
我目前的Golang代码如下:
var patch = []byte {0x31, 0xC0, // xor rax, rax0xC3, // ret}var oldfperms uint32virtualProt(unsafe.Pointer(&patchAddr), unsafe.Sizeof(uintptr(2)), uint32(0x40),unsafe.Pointer(&oldfperms)) // 修改区域为可读写var r uintptrfor _, b := range patch {r = (r << 8) | uintptr(b)}patch := unsafe.Pointer(uintptr(r)) // 在这里尝试将数据复制到内存,但我被卡住了fmt.Println(patch)var a uint32virtualProt(unsafe.Pointer(&patchAddr), unsafe.Sizeof(uintptr(2)), oldfperms, unsafe.Pointer(&a)) // 将区域恢复为正常
以上是翻译好的内容,请确认。
英文:
I am trying to patch a chunk of memory in Golang. I have the VirtualProtect functionality down and the memory chunk is being changed to RW, but I can't find figure out the Golang functionality for Copying into memory.
I want to emulate this from a Powershell Script:
[System.Runtime.InteropServices.Marshal]::Copy($patch, 0, $targetedAddress, 3)
The Golang code I currently have is below:
var patch = []byte {0x31, 0xC0, // xor rax, rax0xC3, // ret}var oldfperms uint32virtualProt(unsafe.Pointer(&patchAddr), unsafe.Sizeof(uintptr(2)), uint32(0x40),unsafe.Pointer(&oldfperms)) // Modify region for ReadWritevar r uintptrfor _, b := range patch {r = (r << 8) | uintptr(b)}patch := unsafe.Pointer(uintptr(r)) // Attempting to copy into memory here and I'm stumpedfmt.Println(patch)var a uint32virtualProt(unsafe.Pointer(&patchAddr), unsafe.Sizeof(uintptr(2)), oldfperms, unsafe.Pointer(&a)) // Change region back to normal
答案1
得分: 1
没问题。找到了关于Win32 WriteProcessMemory函数的参考,并使用了它。
https://pkg.go.dev/github.com/0xrawsec/golang-win32/win32/kernel32#WriteProcessMemory
func WriteProcMem(currProccess uintptr, patchAddr uintptr, patch uintptr) bool {kern32WriteMem := syscall.NewLazyDLL("kernel32.dll").NewProc("WriteProcessMemory")_, _, _ = kern32WriteMem.Call(currProccess,patchAddr,patch)fmt.Println("[+] Patched Memory!")return true}
英文:
Nevermind. Found the reference to the Win32 WriteProcessMemory function and used that.
https://pkg.go.dev/github.com/0xrawsec/golang-win32/win32/kernel32#WriteProcessMemory
func WriteProcMem(currProccess uintptr, patchAddr uintptr, patch uintptr) bool {kern32WriteMem := syscall.NewLazyDLL("kernel32.dll").NewProc("WriteProcessMemory")_, _, _ = kern32WriteMem.Call(currProccess,patchAddr,patch)fmt.Println("[+] Patched Memory!")return true}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论