from x64dbgpy.pluginsdk import *def patchZwOpenProcess(): # This function

1. from x64dbgpy.pluginsdk import *
2.  
3. def patchZwOpenProcess():
4. # This function patches the function ZwOpenProcess in such way that the XXX fails to open and infect more processes
5. # The good thing about that is that there won't be any concurrency issues and you can be sure that the networking
6. # will be done in the current process.
7. # patches mov eax, 0; jmp TO_RETURN (should be +3)
8. PATCH = "\xB8" + "\x00" * 4 + "\xEB\x03" + "\x90" * 3
9. addrZwOpenProcess = RemoteGetProcAddress('ntdll', 'ZwOpenProcess')
10. memory.Write(addrZwOpenProcess, PATCH)
11.  
12. def main():
13. patchZwOpenProcess()
14.  
15. main()