.Net 的 Marshal.Copy 方法在 Golang 中的等价物是什么?
What is the Golang equivalent of .Net's Marshal.Copy method?
我正在尝试修补 Golang 中的一大块内存。我关闭了 VirtualProtect 功能并且内存块正在更改为 RW,但我找不到用于复制到内存中的 Golang 功能。
我想从 Powershell 脚本中模拟:
[System.Runtime.InteropServices.Marshal]::Copy($patch, 0, $targetedAddress, 3)
我目前的Golang代码如下:
var patch = []byte {
0x31, 0xC0, // xor rax, rax
0xC3, // ret
}
var oldfperms uint32
virtualProt(unsafe.Pointer(&patchAddr), unsafe.Sizeof(uintptr(2)), uint32(0x40),
unsafe.Pointer(&oldfperms)) // Modify region for ReadWrite
var r uintptr
for _, b := range patch {
r = (r << 8) | uintptr(b)
}
patch := unsafe.Pointer(uintptr(r)) // Attempting to copy into memory here and I'm stumped
fmt.Println(patch)
var a uint32
virtualProt(unsafe.Pointer(&patchAddr), unsafe.Sizeof(uintptr(2)), oldfperms, unsafe.Pointer(&a)) // Change region back to normal
没关系。找到对 Win32 WriteProcessMemory 函数的引用并使用它。
https://pkg.go.dev/github.com/0xrawsec/golang-win32/win32/kernel32#WriteProcessMemory
func WriteProcMem(currProccess uintptr, patchAddr uintptr, patch uintptr) bool {
kern32WriteMem := syscall.NewLazyDLL("kernel32.dll").NewProc("WriteProcessMemory")
_, _, _ = kern32WriteMem.Call(
currProccess,
patchAddr,
patch)
fmt.Println("[+] Patched Memory!")
return true
}
我正在尝试修补 Golang 中的一大块内存。我关闭了 VirtualProtect 功能并且内存块正在更改为 RW,但我找不到用于复制到内存中的 Golang 功能。
我想从 Powershell 脚本中模拟:
[System.Runtime.InteropServices.Marshal]::Copy($patch, 0, $targetedAddress, 3)
我目前的Golang代码如下:
var patch = []byte {
0x31, 0xC0, // xor rax, rax
0xC3, // ret
}
var oldfperms uint32
virtualProt(unsafe.Pointer(&patchAddr), unsafe.Sizeof(uintptr(2)), uint32(0x40),
unsafe.Pointer(&oldfperms)) // Modify region for ReadWrite
var r uintptr
for _, b := range patch {
r = (r << 8) | uintptr(b)
}
patch := unsafe.Pointer(uintptr(r)) // Attempting to copy into memory here and I'm stumped
fmt.Println(patch)
var a uint32
virtualProt(unsafe.Pointer(&patchAddr), unsafe.Sizeof(uintptr(2)), oldfperms, unsafe.Pointer(&a)) // Change region back to normal
没关系。找到对 Win32 WriteProcessMemory 函数的引用并使用它。
https://pkg.go.dev/github.com/0xrawsec/golang-win32/win32/kernel32#WriteProcessMemory
func WriteProcMem(currProccess uintptr, patchAddr uintptr, patch uintptr) bool {
kern32WriteMem := syscall.NewLazyDLL("kernel32.dll").NewProc("WriteProcessMemory")
_, _, _ = kern32WriteMem.Call(
currProccess,
patchAddr,
patch)
fmt.Println("[+] Patched Memory!")
return true
}