In an attempt to reopen a file with a different share option, I have injected a DLL into the process, and attempt to write to a specific memory address which I thought was the address where a file hook was stored... But it ended up crashing the application.
I had been using TSearch to look for the numerical representation of the handle in 4 bytes, and originally I had found 7 memory addresses that changed with the file handle I could find by intercepting CreateFile. I attempted to create a new file handle using ReOpenFile, and overwrote those 7 memory addresses with the new file handle, but that caused the application to crash However after the application crashed, I can no longer find a memory address that consistently shows the file handle.
This is the method I used to overwrite the old handle.... But even if it is correct I can't find where to overwrite....
IntPtr[] memAddr = { new IntPtr(0x18971C), new IntPtr(0x617B9AAC), new IntPtr(0x645106DC), new IntPtr(0x660CC0EC), new IntPtr(0x6F861728), new IntPtr(0x74E300BC), new IntPtr(0x7500011C) };
foreach (IntPtr iter in memAddr)
{
IntPtr iinn = Marshal.ReadIntPtr(iter, Marshal.SizeOf(typeof(IntPtr)));
IntPtr outt = ReOpenFile(iinn, 0x00000001, 0x00000001, 0x00000000);
Marshal.WriteIntPtr(iter, Marshal.SizeOf(typeof(IntPtr)), outt);
}
Queue.Push(memAddr.Length + " memory addresses patched!");