Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from x64dbgpy.pluginsdk import *
- def patchZwOpenProcess():
- # This function patches the function ZwOpenProcess in such way that the XXX fails to open and infect more processes
- # The good thing about that is that there won't be any concurrency issues and you can be sure that the networking
- # will be done in the current process.
- # patches mov eax, 0; jmp TO_RETURN (should be +3)
- PATCH = "\xB8" + "\x00" * 4 + "\xEB\x03" + "\x90" * 3
- addrZwOpenProcess = RemoteGetProcAddress('ntdll', 'ZwOpenProcess')
- memory.Write(addrZwOpenProcess, PATCH)
- def main():
- patchZwOpenProcess()
- main()
Add Comment
Please, Sign In to add comment