|
|
|
|
#1
02-01-2017, 12:12
|
||||
|
||||
|
Here is a very simple example in Delphi. It creates a suspended process, gets the image base through the PEB header, and then uses WriteProcessMemory to patch the memory of the application, and then resumes the process. This will only work if you build it as an x64 application. I compiled this with xe7.
Code:
http://pastebin.com/fkCyzu5W
__________________
"As the island of our knowledge grows, so does the shore of our ignorance." John Wheeler 
|
|
#2
02-01-2017, 14:49
|
|||
|
|||
|
I guess the answer would be "You do it the same way as you would for a 32bit application" (e.g. the way chessgod101 suggested), you just need to compile the loader as a 64bit executable as well.
While it is possible to achieve the same even from a 32bit loader - using undocumented functions like NtWow64WriteVirtualMemory64, it would be an unnecessary hassle.
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| QLoader - Quickly create a non-exe loader for application | vic4key | Community Tools | 6 | 07-07-2022 23:11 |
| Application invisibility | UncleV | General Discussion | 4 | 03-08-2004 17:51 |
Hybrid Mode
