 |
RAMvader
1.3
A C# library which provides access to other processes' memory space.
|
|
RAMvader
1.3
A C# library which provides access to other processes' memory space.
|
Represents a memory alteration that overwrites instructions of the target process' memory space with x86 FAR JUMP instruction. More...
Inherits RAMvader.CodeInjection.MemoryAlterationBase.
Public Member Functions | |
| MemoryAlterationX86FarJump (RAMvaderTarget targetIORef, MemoryAddress targetAddress, Enum targetCodeCaveID, EJumpInstructionType jumpInstructionType, int instructionSize) | |
| Constructor. More... | |
| override bool | SetEnabled< TMemoryAlterationID, TCodeCave, TVariable > (Injector< TMemoryAlterationID, TCodeCave, TVariable > injectorRef, bool bEnable) |
| Called to activate or deactivate a memory alteration into the target process' memory space. More... | |
Additional Inherited Members | |
 Protected Member Functions inherited from RAMvader.CodeInjection.MemoryAlterationBase | |
| MemoryAlterationBase (RAMvaderTarget targetIORef, MemoryAddress targetAddress, int targetSize) | |
| Constructor. The constructor will read the bytes of the target process' memory space and keep a "snapshot" of it at the moment the constructor is called. When a memory alteration gets disabled, this "snapshot" will be used to restore the original bytes of the instruction or value that was in the target process' memory space before it was activated. More... | |
| Protected Member Functions inherited from RAMvader.NotifyPropertyChangedAdapter | |
| void | SendPropertyChangedNotification ([CallerMemberName] string propertyName="") |
| This method should be called inside PROPERTY SETTER METHODS to notify listeners of the "property changed" event that the property has been updated. More... | |
| Properties inherited from RAMvader.CodeInjection.MemoryAlterationBase | |
| byte [] | TargetOriginalBytes [get, protected set] |
| Keeps the bytes that represent the original instruction or value that was in memory before the memory alteration got activated. More... | |
| MemoryAddress | TargetAddress [get, protected set] |
| The address (in the target process' memory space) where the memory alteration will occur. More... | |
| Events inherited from RAMvader.NotifyPropertyChangedAdapter | |
| PropertyChangedEventHandler | PropertyChanged |
| Used for implementing the INotifyPropertyChanged interface. More... | |
Represents a memory alteration that overwrites instructions of the target process' memory space with x86 FAR JUMP instruction.
| RAMvader.CodeInjection.MemoryAlterationX86FarJump.MemoryAlterationX86FarJump | ( | RAMvaderTarget | targetIORef, |
| MemoryAddress | targetAddress, | ||
| Enum | targetCodeCaveID, | ||
| EJumpInstructionType | jumpInstructionType, | ||
| int | instructionSize | ||
| ) |
Constructor.
| targetIORef | A reference to the RAMvaderTarget object that will be used to read the target process' memory space. This RAMvaderTarget MUST be attached to a process, as it will be used in this constructor method to read the process' memory and keep a snapshot of the original bytes at the given 'targetAddress' for restoring their values, whenever MemoryAlterationX86FarJump.SetEnabled<TMemoryAlterationID, TCodeCave, TVariable>(Injector<TMemoryAlterationID, TCodeCave, TVariable>, bool) is called to deactivate a memory alteration. |
| targetAddress | The address of the instruction(s) that will be replaced x86 NEAR JUMP instruction. |
| targetCodeCaveID | The target code cave, to which the code should be diverted. |
| jumpInstructionType | The specific type of jump instruction that should be generated. |
| instructionSize | The size of the instruction(s) that will be replaced with NOP instructions. |
|
virtual |
Called to activate or deactivate a memory alteration into the target process' memory space.
| TMemoryAlterationID | The enumeration of Memory Alteration Sets used for the Injector<TMemoryAlterationSetID, TCodeCave, TVariable>. |
| TCodeCave | The enumeration of Code Caves used for the Injector<TMemoryAlterationSetID, TCodeCave, TVariable>. |
| TVariable | The enumeration of Injection Variables used for the Injector<TMemoryAlterationSetID, TCodeCave, TVariable>. |
| injectorRef | A reference to an Injector<TMemoryAlterationSetID, TCodeCave, TVariable> object, with which you can perform I/O operations on the target process' memory space and access related data, like values and addresses of variables and code caves. |
| bEnable | A flag specifying if the memory alteration should be enabled or disabled. |
Implements RAMvader.CodeInjection.MemoryAlterationBase.
1.8.13