-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfixxerPort.go
More file actions
84 lines (68 loc) · 2.36 KB
/
fixxerPort.go
File metadata and controls
84 lines (68 loc) · 2.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
//go:build windows
package main
import (
"fmt"
"syscall"
"golang.org/x/sys/windows"
)
var gProcessInfo = &windows.ProcessInformation{}
func injectDLL(dllPath string) error {
// convert dll path to UTF16
dllPathPtr, _ := windows.UTF16PtrFromString(dllPath)
// open the suspended process with all access
process, err := windows.OpenProcess(PROCESS_ALL_ACCESS, false, uint32(gProcessInfo.ProcessId))
if err != nil {
return err
}
// get address of LoadLibraryW
LoadLibAddy, _ := GetAddressLoadLibraryW()
// Allocate memory within Daybreak's virtual address space, this is where the DLL path will be written.
remoteMem, err := VirtualAllocEx(process, 0, uintptr(len(dllPath)+1), windows.MEM_RESERVE|windows.MEM_COMMIT, windows.PAGE_READWRITE)
if err != nil {
return err
}
// writing the dll path size to the allocated memory, windows.WriteProcessoMemory() dont make much sense
if err = WriteProcessMemory(process, remoteMem, dllPathPtr, len(dllPath)+1, 0); err != nil {
return err
}
// inject is done here
remoteThread, err := CreateRemoteThread(process, 0, 0, LoadLibAddy, remoteMem, 0, 0)
if err != nil {
return err
}
// Wait for injection to complete then close the thread handle.
windows.WaitForSingleObject(remoteThread, windows.INFINITE)
windows.CloseHandle(remoteThread)
// free the memory we allocated in the target process
if err = VirtualFreeEx(process, remoteMem, 0, windows.MEM_RELEASE); err != nil {
return err
}
// resume process
returned, err := windows.ResumeThread(gProcessInfo.Thread)
if err != nil && err != syscall.Errno(0) {
return err
}
if returned == 0 {
return fmt.Errorf("failed to resume thread")
}
return nil
}
func fixxer() error {
exePath := "DaybreakDX.exe"
procName, _ := windows.UTF16PtrFromString(exePath)
// create a suspended process
if err := windows.CreateProcess(procName, nil, nil, nil, false, windows.CREATE_SUSPENDED, nil, nil, &windows.StartupInfo{}, gProcessInfo); err != nil {
return err
}
SetProcessAffinityMask(gProcessInfo, 1) // affinity on cpu 1
SetPriorityClass(gProcessInfo, windows.HIGH_PRIORITY_CLASS)
fixxerDLL := "DaybreakFixer.dll"
// inject dll
err := injectDLL(fixxerDLL)
if err != nil {
return err
}
windows.CloseHandle(gProcessInfo.Process)
windows.CloseHandle(gProcessInfo.Thread)
return nil
}