Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Welcome to our site

Take a moment to join our board


Popular Content

Showing content with the highest reputation since 02/10/2020 in all areas

  1. 1 point
    I usually use C++ for things like this. Lower level Windows APIs are all in C/C++, so you'll have much finer control of memory and processes on Windows from C++. For example, if you wanted to create a new process in a suspended state and then modify its memory, you could use CreateProcess with a creation flag (CREATE_SUSPENDED). You don't have that option from C# ProcessStartInfo class. You can always use C# and use PInvokes, but I don't think it's an appropriate use for the language. Plus, if you want to inject a library as well, it means you'd be using two separate languages at that point (or trying to inject the .NET runtime which is extremely painful). Those are my two cents on the topic.
  2. 1 point
    That can be achieved by editing the instruction bytes at run-time. There are two types of JE/JZ which are Near and Short jumps and the main difference is short jumps only jump a distance of a byte while near can jump a distance up to 4 bytes. You will need to identify which it is because the new bytes representing the JMP instruction will vary based on the jump distance, if the distance is a short then the new byte should be 0xEB while the near jump will be 0xE9 , keep in mind that a near JE instruction code is 2 bytes long while the near JMP code is 1 byte long so you will need to keep that in mind.

Important Information

By using this site, you agree to our Terms of Use.