source: golgotha/src/i4/main/win32_self_modify.cc @ 608

Last change on this file since 608 was 80, checked in by Sam Hocevar, 15 years ago
  • Adding the Golgotha source code. Not sure what's going to be interesting in there, but since it's all public domain, there's certainly stuff to pick up.
File size: 2.0 KB
Line 
1/********************************************************************** <BR>
2  This file is part of Crack dot Com's free source code release of
3  Golgotha. <a href="http://www.crack.com/golgotha_release"> <BR> for
4  information about compiling & licensing issues visit this URL</a>
5  <PRE> If that doesn't help, contact Jonathan Clark at
6  golgotha_source@usa.net (Subject should have "GOLG" in it)
7***********************************************************************/
8
9
10#include <windows.h>
11#include <process.h>
12#include "error/error.hh"
13#include "init/init.hh"
14
15class r1_self_modify_class : public i4_init_class
16{
17public:
18
19  void init()
20  {
21    HMODULE                       OurModule = GetModuleHandle(0);
22    BYTE                         *pBaseOfImage = 0;
23
24    if ( (GetVersion() & 0xC0000000) == 0x80000000)
25    {
26      // We're on Win32s, so get the real pointer
27      HMODULE                       Win32sKernel = GetModuleHandle("W32SKRNL.DLL");
28
29      typedef DWORD __stdcall       translator(DWORD);
30      translator                   *pImteFromHModule =
31        (translator *) GetProcAddress(Win32sKernel, "_ImteFromHModule@4");
32      translator                   *pBaseAddrFromImte =
33        (translator *) GetProcAddress(Win32sKernel, "_BaseAddrFromImte@4");
34
35      if (pImteFromHModule && pBaseAddrFromImte)
36      {
37        DWORD                         Imte = (*pImteFromHModule) ( (DWORD) OurModule);
38
39        pBaseOfImage = (BYTE *) (*pBaseAddrFromImte) (Imte);
40      }
41    }
42    else
43      pBaseOfImage = (BYTE *) OurModule;
44
45
46    if (pBaseOfImage)
47    {
48      IMAGE_OPTIONAL_HEADER        *pHeader = (IMAGE_OPTIONAL_HEADER *)
49        (pBaseOfImage + ( (IMAGE_DOS_HEADER *) pBaseOfImage)->e_lfanew +
50         sizeof (IMAGE_NT_SIGNATURE) + sizeof (IMAGE_FILE_HEADER));
51
52      DWORD                         OldRights;
53
54      VirtualProtect(pBaseOfImage + pHeader->BaseOfCode, pHeader->SizeOfCode,
55                     PAGE_READWRITE, &OldRights);
56    }
57  }
58
59} r1_self_modify_instance;
Note: See TracBrowser for help on using the repository browser.