|
Thanks to this code, I've written my own sniffer unit. I struggled a little bit to retrieve the BaseAddress of the process, but I finally succeeded. Cool to have this knowledge in the arsenal.
One thing I still don't get completely is how to use and manipulate the ' ContextFlags'… In the code from anorganix, we can see:
// resume the program
ResumeThread(PI.hThread);
Context.ContextFlags:= $00010000+15+$10;
Also, to get the BaseAddress of the process, l use (I translated a C++ code from somewhere into Delphi, but there was no explanation on the website):
Context.ContextFlags := CONTEXT_INTEGER;
GetThreadContext(PI.hThread,Context);
ReadProcessMemory(PI.hProcess, pointer(Context.Ebx + 8), @BaseAddress, SizeOf(BaseAddress), BytesRead);
Still reading to figure it out, but if someone have the explanation for the values used here, you are welcome to help!
Thanks
|