Boring
Boring
Anyway, I found the necessary functions through disassembly and dynamic debugging and hooked them: ``` CreateFileW GetFileInformationByHandle GetFileAttributesExW CreateFileMappingW MapViewOfFileEx UnmapViewOfFile CloseHandle GetFileVersion ``` Then a simple .NET assembly was...
Hi. You need to specify the ```LOAD_FLAGS_HOOK_DOT_NET``` flag when calling ```LdrLoadDllMemoryExW```. When I was debugging this issue, I found that MmpTls made false assertions when processing some threads created by...
This bug has been fixed in the [41c1175](https://github.com/bb107/MemoryModulePP/commit/429d549b89635ce5bbd809e6e29534c8c94f9234) commit.
What is your version of Windows? I tested it on a Windows 7 virtual machine and it also threw an exception, but it worked correctly on another Windows 10 version....
Hello, I just updated the code. I think it can work correctly for you. If it still throws an exception, please tell me your .net framework version and clr.dll file...
Hi. I cannot reproduce this exception. Please upload a sample that can trigger this exception.
是的,你需要手动提取LdrpHandleTlsData和LdrpReleaseTlsEntry的特征码。
Hi there! If you want to extract feature codes (or patterns), you'll need a PE editor or debugger like [x64dbg](https://github.com/x64dbg/x64dbg) first. Next, select some consecutive machine code within the function...
As far as I know, INVERTED_FUNCTION_TABLE is a fixed size struct and is not dynamically allocated, so we cannot increase its size.
Hello. Please check out the code and try again.