-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathHollowing32Bit.hpp
26 lines (22 loc) · 1.13 KB
/
Hollowing32Bit.hpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#include "HollowingInterface.hpp"
#ifndef HOLLOWING_32_BIT_H
#define HOLLOWING_32_BIT_H
class Hollowing32Bit : public HollowingInterface
{
public:
Hollowing32Bit(const std::string& targetPath, const std::string& payloadPath);
void hollow() override;
private:
void WriteTargetProcessHeaders(PVOID targetBaseAddress, PBYTE sourceFileContents) override;
void UpdateTargetProcessEntryPoint(PVOID newEntryPointAddress) override;
PIMAGE_DATA_DIRECTORY GetPayloadDirectoryEntry(DWORD directoryID) override;
PIMAGE_SECTION_HEADER FindTargetProcessSection(const std::string& sectionName) override;
void RelocateTargetProcess(ULONGLONG baseAddressesDelta, PVOID processBaseAddress) override;
void ProcessTargetRelocationBlock(PBASE_RELOCATION_BLOCK baseRelocationBlock, PBASE_RELOCATION_ENTRY blockEntries,
PVOID processBaseAddress, ULONGLONG baseAddressesDelta) override;
void UpdateBaseAddressInTargetPEB(PVOID processNewBaseAddress) override;
ULONG GetProcessSubsystem(HANDLE process) override;
WORD GetPEFileSubsystem(const PBYTE fileBuffer) override;
void ValidateCompatibility() override;
};
#endif