VB.NET:
<StructLayout(LayoutKind.Sequential)> _
Public Structure PROCESS_BASIC_INFORMATION
Public ExitStatus As IntPtr
Public PebBaseAddress As IntPtr
Public AffinityMask As IntPtr
Public BasePriority As IntPtr
Public UniqueProcessId As IntPtr
Public InheritedFromUniqueProcessId As IntPtr
End Structure
<DllImport("kernel32.dll")> _
Private Shared Function OpenProcess(ByVal Access As UInt32, ByVal bInheritHandle As Boolean, ByVal PID As Integer) As IntPtr
End Function
<DllImport("ntdll.dll")> _
Private Shared Function NtQueryInformationProcess(ByVal hProcess As IntPtr, ByVal processInformationClass As UInt32, ByRef processBasicInformation As PROCESS_BASIC_INFORMATION, ByVal processInformationLength As Integer, ByRef returnLength As UInt32) As UInt32
End Function
<DllImport("kernel32.dll")> _
Private Shared Function VirtualAllocEx(ByVal process As IntPtr, ByVal address As IntPtr, ByVal size As UInt32, ByVal type As UInt32, ByVal protect As UInt32) As IntPtr
End Function
<DllImport("ntdll.dll")> _
Private Shared Function ZwReadVirtualMemory(ByVal hProcess As IntPtr, ByVal address As IntPtr, <Out()> ByRef buffer As Integer, ByVal Size As UInt64, ByRef ReadSize As UInt64) As UInt32
End Function
<DllImport("ntdll.dll")> _
Private Shared Function ZwUnmapViewOfSection(ByVal process As IntPtr, ByVal address As IntPtr) As Boolean
End Function
<DllImport("ntdll.dll")> _
Private Shared Function ZwWriteVirtualMemory(ByVal hProcess As IntPtr, ByVal address As IntPtr, ByVal buffer As Byte(), ByVal Size As UInt64, ByRef ReadSize As UInt64) As UInt32
End Function
Public Shared Function ReplaceExecutablePath(ByVal PID As Integer, ByVal NewString As String) As Boolean
Dim obj2 As Object
Try
Dim num As Integer
Thread.Sleep(1)
Dim hProcess As IntPtr = OpenProcess(&H1F0FFF, False, PID)
Dim processBasicInformation As New PROCESS_BASIC_INFORMATION
Dim returnLength As UInt32 = 0
NtQueryInformationProcess(hProcess, 0, processBasicInformation, Marshal.SizeOf(processBasicInformation), returnLength)
Dim bytes As Byte() = Encoding.Unicode.GetBytes(NewString)
Dim ptr2 As New IntPtr
Dim address As New IntPtr((processBasicInformation.PebBaseAddress.ToInt32 + 12))
Dim num3 As Integer = CInt(ptr2)
Dim readSize As UInt64 = 0
ZwReadVirtualMemory(hProcess, address, num3, 4, readSize)
ptr2 = CType(num3, IntPtr)
address = New IntPtr((ptr2.ToInt32 + 20))
readSize = 0
ZwReadVirtualMemory(hProcess, address, num, 4, readSize)
Dim ptr3 As IntPtr = VirtualAllocEx(hProcess, IntPtr.Zero, CType(bytes.Length, UInt32), &H1000, 4)
readSize = 0
ZwWriteVirtualMemory(hProcess, ptr3, bytes, CULng(bytes.Length), readSize)
Dim buffer As Byte() = BitConverter.GetBytes(Short.Parse(Convert.ToString(bytes.Length)))
address = New IntPtr((num + &H20))
readSize = 0
ZwWriteVirtualMemory(hProcess, address, BitConverter.GetBytes(ptr3.ToInt32), 4, readSize)
address = New IntPtr((num + 30))
readSize = 0
ZwWriteVirtualMemory(hProcess, address, buffer, 2, readSize)
address = New IntPtr((num + &H1C))
readSize = 0
ZwWriteVirtualMemory(hProcess, address, buffer, 2, readSize)
obj2 = True
Catch exception1 As Exception
obj2 = False
End Try
Return obj2
End FunctionThis is my code used for PEB Patching. Only thing that is troubling me is and error when i try to use it in my application.
Please, help me fix it.
