WildGenie · January 28, 2016 04:38
diff --git a/loader1.cpp b/loader1.cpp
 #include <windows.h> 
 #include <stdio.h> 

 #ifdef _WIN64 
 #define CAPTION "atomos - memory patcher for chimera #01 (64-bit)" 
 #define EXENAME "target64.exe" 
 #else 
 #define CAPTION "atomos - memory patcher for chimera #01 (32-bit)" 
 #define EXENAME "target32.exe" 
 #endif 

 int iWinMain() { 
    PROCESS_INFORMATION lpProcessInfo = {0}; 
    CONTEXT lpContext = {0}; 
    STARTUPINFO lpStartupInfo = {0}; 

    printf("%s\nFilename: %s\n\n", CAPTION, EXENAME); 

    if(CreateProcessA(EXENAME, 
                      NULL, 
                      NULL, 
                      NULL, 
                      0, 
                      CREATE_SUSPENDED, 
                      NULL, 
                      NULL, 
                      &lpStartupInfo, 
                      &lpProcessInfo))    { 

        lpContext.ContextFlags = CONTEXT_FULL; 
        GetThreadContext(lpProcessInfo.hThread, &lpContext); 

 #ifdef _WIN64 
        ULONG_PTR* peb = (ULONG_PTR*)lpContext.Rdx; 
 #else 
        ULONG_PTR* peb = (ULONG_PTR*)lpContext.Ebx; 
 #endif 
        ULONG_PTR ImageBaseAddress = NULL; 

        ReadProcessMemory(lpProcessInfo.hProcess, 
                          &peb[2], 
                          (LPVOID)&ImageBaseAddress, 
                          sizeof(ULONG_PTR), 
                          NULL); 
                   
        printf("[-] ImageBase Address     = 0x%p\n", ImageBaseAddress); 

 #ifdef _WIN64 
        printf("[-] EntryPoint Address    = 0x%p\n", lpContext.Rcx); 
        printf("[-] Process (PEB Address) = 0x%p\n", lpContext.Rdx); 

 #else 
        printf("[-] EntryPoint Address    = 0x%p\n", lpContext.Eax); 
        printf("[-] Process (PEB Address) = 0x%p\n", lpContext.Ebx); 
 #endif 



 #ifdef _WIN64 
        ULONG_PTR uTargetAddress = lpContext.Rcx + 0x7E; 
        const char newByte = 0x75; 
 #else 
        ULONG_PTR uTargetAddress = lpContext.Eax + 0x64; 
        const char newByte = 0x74; 
 #endif 
        WriteProcessMemory(lpProcessInfo.hProcess, 
                           (LPVOID)uTargetAddress, 
                           &newByte, 
                           1, 
                           NULL); 

        ResumeThread(lpProcessInfo.hThread); 
        WaitForSingleObject(lpProcessInfo.hThread, INFINITE); 
    } 

    return 0; 
 }
	#include <windows.h>
	#include <stdio.h>

	#ifdef _WIN64
	#define CAPTION "atomos - memory patcher for chimera #01 (64-bit)"
	#define EXENAME "target64.exe"
	#else
	#define CAPTION "atomos - memory patcher for chimera #01 (32-bit)"
	#define EXENAME "target32.exe"
	#endif

	int iWinMain() {
	PROCESS_INFORMATION lpProcessInfo = {0};
	CONTEXT lpContext = {0};
	STARTUPINFO lpStartupInfo = {0};

	printf("%s\nFilename: %s\n\n", CAPTION, EXENAME);

	if(CreateProcessA(EXENAME,
	NULL,
	NULL,
	NULL,
	0,
	CREATE_SUSPENDED,
	NULL,
	NULL,
	&lpStartupInfo,
	&lpProcessInfo)) {

	lpContext.ContextFlags = CONTEXT_FULL;
	GetThreadContext(lpProcessInfo.hThread, &lpContext);

	#ifdef _WIN64
	ULONG_PTR* peb = (ULONG_PTR*)lpContext.Rdx;
	#else
	ULONG_PTR* peb = (ULONG_PTR*)lpContext.Ebx;
	#endif
	ULONG_PTR ImageBaseAddress = NULL;

	ReadProcessMemory(lpProcessInfo.hProcess,
	&peb[2],
	(LPVOID)&ImageBaseAddress,
	sizeof(ULONG_PTR),
	NULL);

	printf("[-] ImageBase Address = 0x%p\n", ImageBaseAddress);

	#ifdef _WIN64
	printf("[-] EntryPoint Address = 0x%p\n", lpContext.Rcx);
	printf("[-] Process (PEB Address) = 0x%p\n", lpContext.Rdx);

	#else
	printf("[-] EntryPoint Address = 0x%p\n", lpContext.Eax);
	printf("[-] Process (PEB Address) = 0x%p\n", lpContext.Ebx);
	#endif



	#ifdef _WIN64
	ULONG_PTR uTargetAddress = lpContext.Rcx + 0x7E;
	const char newByte = 0x75;
	#else
	ULONG_PTR uTargetAddress = lpContext.Eax + 0x64;
	const char newByte = 0x74;
	#endif
	WriteProcessMemory(lpProcessInfo.hProcess,
	(LPVOID)uTargetAddress,
	&newByte,
	1,
	NULL);

	ResumeThread(lpProcessInfo.hThread);
	WaitForSingleObject(lpProcessInfo.hThread, INFINITE);
	}

	return 0;
	}