 |
RAMvader
1.4
A .NET library which provides access to other processes' memory space.
|
|
RAMvader
1.4
A .NET library which provides access to other processes' memory space.
|
Represents a memory alteration that overwrites instructions of the target process' memory space with an x86 branch instruction. More...
Inherits RAMvader.CodeInjection.MemoryAlterationBase.
Public Member Functions | |
| MemoryAlterationX86BranchInstruction (Target targetIORef, MemoryAddress branchPoint, MemoryAddress branchTarget, EX86BranchInstructionType instructionType, int instructionSize) | |
| Constructor. More... | |
| override bool | SetEnabled< TMemoryAlterationID, TCodeCave, TVariable > (Injector< TMemoryAlterationID, TCodeCave, TVariable > injectorRef, bool bEnable) |
| Called to activate or deactivate a memory alteration into the target process' memory space. More... | |
Additional Inherited Members | |
 Protected Member Functions inherited from RAMvader.CodeInjection.MemoryAlterationBase | |
| MemoryAlterationBase (Target targetIORef, MemoryAddress targetAddress, int targetSize) | |
| Constructor. The constructor will read the bytes of the target process' memory space and keep a "snapshot" of it at the moment the constructor is called. When a memory alteration gets disabled, this "snapshot" will be used to restore the original bytes of the instruction or value that was in the target process' memory space before it was activated. More... | |
| Protected Member Functions inherited from RAMvader.NotifyPropertyChangedAdapter | |
| void | SendPropertyChangedNotification ([CallerMemberName] string propertyName="") |
| This method should be called inside PROPERTY SETTER METHODS to notify listeners of the "property changed" event that the property has been updated. More... | |
| Properties inherited from RAMvader.CodeInjection.MemoryAlterationBase | |
| byte [] | TargetOriginalBytes [get, protected set] |
| Keeps the bytes that represent the original instruction or value that was in memory before the memory alteration got activated. More... | |
| MemoryAddress | TargetAddress [get, protected set] |
| The address (in the target process' memory space) where the memory alteration will occur. More... | |
| Events inherited from RAMvader.NotifyPropertyChangedAdapter | |
| PropertyChangedEventHandler | PropertyChanged |
| Used for implementing the INotifyPropertyChanged interface. More... | |
Represents a memory alteration that overwrites instructions of the target process' memory space with an x86 branch instruction.
| RAMvader.CodeInjection.MemoryAlterationX86BranchInstruction.MemoryAlterationX86BranchInstruction | ( | Target | targetIORef, |
| MemoryAddress | branchPoint, | ||
| MemoryAddress | branchTarget, | ||
| EX86BranchInstructionType | instructionType, | ||
| int | instructionSize | ||
| ) |
Constructor.
| targetIORef | A reference to the Target object that will be used to read the target process' memory space. This Target MUST be attached to a process, as it will be used in this constructor method to read the process' memory and keep a snapshot of the original bytes at the given 'branchPoint' for restoring their values, whenever MemoryAlterationX86BranchInstruction.SetEnabled<TMemoryAlterationID, TCodeCave, TVariable>(Injector<TMemoryAlterationID, TCodeCave, TVariable>, bool) is called to deactivate a memory alteration. |
| branchPoint | The address of the instruction(s) that will be replaced by the branching instruction. |
| branchTarget | The address where the branching instruction will make the target application's code flow to. |
| instructionType | The type of branching instruction to be generated. |
| instructionSize | The size of the instruction(s) that will be replaced with the generated instruction (and some NOP instructions, whenever paddings are necessary). |
|
virtual |
Called to activate or deactivate a memory alteration into the target process' memory space.
| TMemoryAlterationID | The enumeration of Memory Alteration Sets used for the Injector<TMemoryAlterationSetID, TCodeCave, TVariable>. |
| TCodeCave | The enumeration of Code Caves used for the Injector<TMemoryAlterationSetID, TCodeCave, TVariable>. |
| TVariable | The enumeration of Injection Variables used for the Injector<TMemoryAlterationSetID, TCodeCave, TVariable>. |
| injectorRef | A reference to an Injector<TMemoryAlterationSetID, TCodeCave, TVariable> object, with which you can perform I/O operations on the target process' memory space and access related data, like values and addresses of variables and code caves. |
| bEnable | A flag specifying if the memory alteration should be enabled or disabled. |
Implements RAMvader.CodeInjection.MemoryAlterationBase.
1.8.14