 |
RAMvader
1.3
A C# library which provides access to other processes' memory space.
|
|
RAMvader
1.3
A C# library which provides access to other processes' memory space.
|
Public Member Functions | |
| CodeCaveBuilder (Injector< TMemoryAlterationSetID, TCodeCave, TVariable > injector) | |
| Constructor. More... | |
| CodeCaveDefinition< TMemoryAlterationSetID, TCodeCave, TVariable > | Build () |
| Called as the last step for building a CodeCaveDefinition<TMemoryAlterationSetID, TCodeCave, TVariable>, returning the produced definition. More... | |
| CodeCaveBuilder< TMemoryAlterationSetID, TCodeCave, TVariable > | VarAddr (TVariable varId) |
| Adds the bytes that represent the address of an injected code cave to the code cave being built. This effectivelly adds a CodeCaveArtifactVariableAddress<TMemoryAlterationSetID, TCodeCave, TVariable> artifact to the list of generated artifacts. More... | |
| CodeCaveBuilder< TMemoryAlterationSetID, TCodeCave, TVariable > | CaveAddr (TCodeCave caveId) |
| Adds the bytes that represent the address of an injected variable to the code cave being built. This effectivelly adds a CodeCaveArtifactCodeCaveAddress<TMemoryAlterationSetID, TCodeCave, TVariable> artifact to the list of generated artifacts. More... | |
| CodeCaveBuilder< TMemoryAlterationSetID, TCodeCave, TVariable > | SBytes (params sbyte[] bytes) |
| Adds the given sequence of signed bytes (SByte) to the code cave being built. This effectivelly adds a CodeCaveArtifactSignedBytesSequence<TMemoryAlterationSetID, TCodeCave, TVariable> artifact to the list of generated artifacts. More... | |
| CodeCaveBuilder< TMemoryAlterationSetID, TCodeCave, TVariable > | Bytes (params byte[] bytes) |
| Adds the given sequence of unsigned bytes (Byte) to the code cave being built. This effectivelly adds a CodeCaveArtifactUnsignedBytesSequence<TMemoryAlterationSetID, TCodeCave, TVariable> artifact to the list of generated artifacts. More... | |
| CodeCaveBuilder< TMemoryAlterationSetID, TCodeCave, TVariable > | X86Call (MemoryAddress targetAddress) |
| Adds the bytes corresponding to a CALL instruction to the code cave being built. This effectivelly adds a CodeCaveArtifactX86Call<TMemoryAlterationSetID, TCodeCave, TVariable> artifact to the list of generated artifacts. More... | |
| CodeCaveBuilder< TMemoryAlterationSetID, TCodeCave, TVariable > | X86NearJump (EJumpInstructionType jumpInstructionType, MemoryAddress targetAddress) |
| Adds the bytes corresponding to a NEAR JUMP instruction to the code cave being built. This effectivelly adds a CodeCaveArtifactX86NearJump<TMemoryAlterationSetID, TCodeCave, TVariable> artifact to the list of generated artifacts. More... | |
| CodeCaveBuilder< TMemoryAlterationSetID, TCodeCave, TVariable > | X86FarJump (EJumpInstructionType jumpInstructionType, MemoryAddress targetAddress) |
| Adds the bytes corresponding to a FAR JUMP instruction to the code cave being built. This effectivelly adds a CodeCaveArtifactX86FarJump<TMemoryAlterationSetID, TCodeCave, TVariable> artifact to the list of generated artifacts. More... | |
A class specialized in building CodeCaveDefinition<TMemoryAlterationSetID, TCodeCave, TVariable> objects. This class follows a fluid design pattern, allowing calls to its code cave construction-related methods to be cascaded, making code easier to read and maintain.
Under the hoods, this class generates CodeCaveArtifact<TMemoryAlterationSetID, TCodeCave, TVariable> objects, which are kept in a list that can be used to generate the code cave definition.
| RAMvader.CodeInjection.CodeCaveBuilder< TMemoryAlterationSetID, TCodeCave, TVariable >.CodeCaveBuilder | ( | Injector< TMemoryAlterationSetID, TCodeCave, TVariable > | injector | ) |
Constructor.
| injector | A reference to the Injector<TMemoryAlterationSetID, TCodeCave, TVariable> object to which the CodeCaveDefinition<TMemoryAlterationSetID, TCodeCave, TVariable> objects will be created. |
| CodeCaveDefinition<TMemoryAlterationSetID, TCodeCave, TVariable> RAMvader.CodeInjection.CodeCaveBuilder< TMemoryAlterationSetID, TCodeCave, TVariable >.Build | ( | ) |
Called as the last step for building a CodeCaveDefinition<TMemoryAlterationSetID, TCodeCave, TVariable>, returning the produced definition.
| CodeCaveBuilder<TMemoryAlterationSetID, TCodeCave, TVariable> RAMvader.CodeInjection.CodeCaveBuilder< TMemoryAlterationSetID, TCodeCave, TVariable >.Bytes | ( | params byte [] | bytes | ) |
Adds the given sequence of unsigned bytes (Byte) to the code cave being built. This effectivelly adds a CodeCaveArtifactUnsignedBytesSequence<TMemoryAlterationSetID, TCodeCave, TVariable> artifact to the list of generated artifacts.
| bytes | The sequence of (unsigned) bytes which will be added. |
| CodeCaveBuilder<TMemoryAlterationSetID, TCodeCave, TVariable> RAMvader.CodeInjection.CodeCaveBuilder< TMemoryAlterationSetID, TCodeCave, TVariable >.CaveAddr | ( | TCodeCave | caveId | ) |
Adds the bytes that represent the address of an injected variable to the code cave being built. This effectivelly adds a CodeCaveArtifactCodeCaveAddress<TMemoryAlterationSetID, TCodeCave, TVariable> artifact to the list of generated artifacts.
| caveId | The identifier of the code cave whose address will be added. |
| CodeCaveBuilder<TMemoryAlterationSetID, TCodeCave, TVariable> RAMvader.CodeInjection.CodeCaveBuilder< TMemoryAlterationSetID, TCodeCave, TVariable >.SBytes | ( | params sbyte [] | bytes | ) |
Adds the given sequence of signed bytes (SByte) to the code cave being built. This effectivelly adds a CodeCaveArtifactSignedBytesSequence<TMemoryAlterationSetID, TCodeCave, TVariable> artifact to the list of generated artifacts.
| bytes | The sequence of (signed) bytes which will be added. |
| CodeCaveBuilder<TMemoryAlterationSetID, TCodeCave, TVariable> RAMvader.CodeInjection.CodeCaveBuilder< TMemoryAlterationSetID, TCodeCave, TVariable >.VarAddr | ( | TVariable | varId | ) |
Adds the bytes that represent the address of an injected code cave to the code cave being built. This effectivelly adds a CodeCaveArtifactVariableAddress<TMemoryAlterationSetID, TCodeCave, TVariable> artifact to the list of generated artifacts.
| varId | The identifier of the variable whose address will be added. |
| CodeCaveBuilder<TMemoryAlterationSetID, TCodeCave, TVariable> RAMvader.CodeInjection.CodeCaveBuilder< TMemoryAlterationSetID, TCodeCave, TVariable >.X86Call | ( | MemoryAddress | targetAddress | ) |
Adds the bytes corresponding to a CALL instruction to the code cave being built. This effectivelly adds a CodeCaveArtifactX86Call<TMemoryAlterationSetID, TCodeCave, TVariable> artifact to the list of generated artifacts.
| targetAddress | The address to be CALLed. |
| CodeCaveBuilder<TMemoryAlterationSetID, TCodeCave, TVariable> RAMvader.CodeInjection.CodeCaveBuilder< TMemoryAlterationSetID, TCodeCave, TVariable >.X86FarJump | ( | EJumpInstructionType | jumpInstructionType, |
| MemoryAddress | targetAddress | ||
| ) |
Adds the bytes corresponding to a FAR JUMP instruction to the code cave being built. This effectivelly adds a CodeCaveArtifactX86FarJump<TMemoryAlterationSetID, TCodeCave, TVariable> artifact to the list of generated artifacts.
| jumpInstructionType | The specific type of jump instruction to be generated. |
| targetAddress | The address to which the instruction will jump. |
| CodeCaveBuilder<TMemoryAlterationSetID, TCodeCave, TVariable> RAMvader.CodeInjection.CodeCaveBuilder< TMemoryAlterationSetID, TCodeCave, TVariable >.X86NearJump | ( | EJumpInstructionType | jumpInstructionType, |
| MemoryAddress | targetAddress | ||
| ) |
Adds the bytes corresponding to a NEAR JUMP instruction to the code cave being built. This effectivelly adds a CodeCaveArtifactX86NearJump<TMemoryAlterationSetID, TCodeCave, TVariable> artifact to the list of generated artifacts.
| jumpInstructionType | The specific type of jump instruction to be generated. |
| targetAddress | The address to which the instruction will jump. |
1.8.13