admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-02 17:27:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature: remove addingrelocation by making function hijack a relative jmp

Browse Source
This commit is contained in:
Dobin
2024-05-05 12:53:31 +01:00
parent 3cc232886f
commit 8ae738b841
3 changed files with 19 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
phases/injector.py
+2 -2
View File
@@ -139,10 +139,10 @@ def injected_fix_iat(superpe: SuperPe, carrier: Carrier, exe_host: ExeHost):
offset_from_code = code.index(iatRequest.placeholder)
instruction_virtual_address = offset_from_code + exe_host.image_base + exe_host.code_section.VirtualAddress
logger.info(" Replace {} at VA 0x{:X} with call to IAT at VA 0x{:X}".format(
logger.info(" Replace {} at VA 0x{:X} with: call to IAT at VA 0x{:X}".format(
iatRequest.placeholder.hex(), instruction_virtual_address, destination_virtual_address
))
jmp = assemble_and_disassemble_jump(
jmp = assemble_relative_call(
instruction_virtual_address, destination_virtual_address
)
code = code.replace(iatRequest.placeholder, jmp)