|
|
@@ -748,6 +748,35 @@ func modifyIoFdTargetAddr(pid int, insertAddr, distAddr, getTTLFunctionAddr uint
|
|
|
if err != nil {
|
|
|
return err
|
|
|
}
|
|
|
+
|
|
|
+ //以上是先跳转到2GB内存的无用函数中
|
|
|
+ //以下来写真正的跳转函数
|
|
|
+
|
|
|
+ TTLOriginalData, err := readDataBytes(pid, getTTLFunctionAddr, 14)
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+
|
|
|
+ TTLOriginalData[offset] = 0x48
|
|
|
+ TTLOriginalData[offset+1] = 0xb8
|
|
|
+ TTLOriginalData[offset+2] = byte(distAddr)
|
|
|
+ TTLOriginalData[offset+3] = byte(distAddr >> 8)
|
|
|
+ TTLOriginalData[offset+4] = byte(distAddr >> 16)
|
|
|
+ TTLOriginalData[offset+5] = byte(distAddr >> 24)
|
|
|
+ TTLOriginalData[offset+6] = byte(distAddr >> 32)
|
|
|
+ TTLOriginalData[offset+7] = byte(distAddr >> 40)
|
|
|
+ TTLOriginalData[offset+8] = byte(distAddr >> 48)
|
|
|
+ TTLOriginalData[offset+9] = byte(distAddr >> 56)
|
|
|
+ TTLOriginalData[offset+10] = 0x48
|
|
|
+ TTLOriginalData[offset+11] = 0x8b
|
|
|
+ TTLOriginalData[offset+12] = 0x10
|
|
|
+ TTLOriginalData[offset+13] = 0xc3
|
|
|
+
|
|
|
+ err = writeDataBytes(pid, getTTLFunctionAddr, TTLOriginalData)
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+
|
|
|
return nil
|
|
|
}
|
|
|
|
|
|
@@ -775,7 +804,7 @@ func modifyNetSetTargetAddr(pid int, sendDebugAddr, sendReleaseAddr, convert0Fun
|
|
|
|
|
|
// 读取原始数据
|
|
|
// alignedAddr := insertAddr & ^(uintptr(unsafe.Sizeof(uintptr(0))) - 1)
|
|
|
- originalData, err := readDataBytes(pid, sendDebugAddr, 7)
|
|
|
+ originalData, err := readDataBytes(pid, sendDebugAddr, 5)
|
|
|
if err != nil {
|
|
|
return err
|
|
|
}
|
|
|
@@ -795,6 +824,32 @@ func modifyNetSetTargetAddr(pid int, sendDebugAddr, sendReleaseAddr, convert0Fun
|
|
|
if err != nil {
|
|
|
return err
|
|
|
}
|
|
|
+
|
|
|
+
|
|
|
+ convert0OriginalData, err := readDataBytes(pid, convert0FunctionAddr, 13)
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+
|
|
|
+ convert0OriginalData[offset] = 0x48
|
|
|
+ convert0OriginalData[offset+1] = 0xb8
|
|
|
+ convert0OriginalData[offset+2] = byte(sendReleaseAddr)
|
|
|
+ convert0OriginalData[offset+3] = byte(sendReleaseAddr >> 8)
|
|
|
+ convert0OriginalData[offset+4] = byte(sendReleaseAddr >> 16)
|
|
|
+ convert0OriginalData[offset+5] = byte(sendReleaseAddr >> 24)
|
|
|
+ convert0OriginalData[offset+6] = byte(sendReleaseAddr >> 32)
|
|
|
+ convert0OriginalData[offset+7] = byte(sendReleaseAddr >> 40)
|
|
|
+ convert0OriginalData[offset+8] = byte(sendReleaseAddr >> 48)
|
|
|
+ convert0OriginalData[offset+9] = byte(sendReleaseAddr >> 56)
|
|
|
+ convert0OriginalData[offset+10] = 0xff
|
|
|
+ convert0OriginalData[offset+11] = 0xd0
|
|
|
+ convert0OriginalData[offset+12] = 0xc3
|
|
|
+
|
|
|
+ err = writeDataBytes(pid, convert0FunctionAddr, convert0OriginalData)
|
|
|
+ if err != nil {
|
|
|
+ return err
|
|
|
+ }
|
|
|
+
|
|
|
return nil
|
|
|
}
|
|
|
|
rock.wu