From 6a237fd247bd6792d1f06a1afc8c8a716ade16ab Mon Sep 17 00:00:00 2001
From: mkrsym1 <mkrsym1@gmail.com>
Date: Fri, 23 Jun 2023 18:55:22 +0300
Subject: [PATCH] Only write the modified field in the exe header

---
 injector/include/injshared.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/injector/include/injshared.h b/injector/include/injshared.h
index 0e87352..77baad3 100644
--- a/injector/include/injshared.h
+++ b/injector/include/injshared.h
@@ -87,7 +87,8 @@ static inline void inject(HANDLE process, const void *payload, size_t payloadSiz
     write_protected_process_memory(process, importDescriptors, &firstDescriptor, sizeof(firstDescriptor));
 
     // Step 2: break the image data directory entry
-    ntHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size = 0;
+    size_t ddOffset = ((char*)&(ntHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].Size)) - exeHeader;
+    DWORD newSize = 0;
 
-    write_protected_process_memory(process, exe, exeHeader, sizeof(exeHeader));
+    write_protected_process_memory(process, exe + ddOffset, &newSize, sizeof(newSize));
 }