EMO Style ForumPro - Hos Geldiniz
Giriş yap

Şifremi unuttum

Istatistikler
Toplam 202 kayıtlı kullanıcımız var
Son kaydolan kullanıcımız: AnthonyFurey3

Kullanıcılarımız toplam 1186 mesaj attılar bunda 862 konu
Tarıyıcı
 Kapı
 Indeks
 Üye Listesi
 Profil
 SSS
 Arama
Arama
 
 

Sonuç :
 


Rechercher çıkıntı araştırma

RSS akısı


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Kimler hatta?
Toplam 4 kullanıcı online :: 0 Kayıtlı, 0 Gizli ve 4 Misafir

Yok

[ Bütün listeye bak ]


Sitede bugüne kadar en çok 92 kişi Paz Ağus. 28, 2016 6:58 am tarihinde online oldu.
En son konular
» İnternetten Para Kazandıran Oyun ! Ödeme Alt Limiti Yok ! DEV KONU
Cuma Ağus. 29, 2014 8:33 am tarafından Hello EMO

» goldenchase.net maden yaparak para kazanma
Cuma Ağus. 29, 2014 8:18 am tarafından Hello EMO

» etichal hacker görsel egitim seti
Çarş. Ağus. 06, 2014 4:57 am tarafından Hello EMO

» KO TBL Source C#
Ptsi Ara. 09, 2013 6:36 am tarafından Hello EMO

» x86 Registers
C.tesi Ağus. 24, 2013 5:02 am tarafından Hello EMO

» [Tutorial] Pegando Address, Pointers de WYD
Çarş. Tem. 10, 2013 7:25 am tarafından Hello EMO

» [Tutorial] Pegando Address, Pointers de CS Metodo²
Çarş. Tem. 10, 2013 7:23 am tarafından Hello EMO

» [Tutorial] Aprendendo basico deASM OLLYDBG
Çarş. Tem. 10, 2013 7:22 am tarafından Hello EMO

» Basic C# DLL injector
Ptsi Tem. 08, 2013 7:48 am tarafından Hello EMO

Reklam

Scanning memory functions in C

Önceki başlık Sonraki başlık Aşağa gitmek

Scanning memory functions in C

Mesaj tarafından EMO Bir Perş. Haz. 02, 2011 8:48 am

Thanks, yes
Read/WriteProcessMemory works but is way too complicated as you can't
just read/write to any process as you would think, instead you have to
do a lot of work before you get the ability to change anything or find
any value. In my opinion it would be better if someone constructed a
simple function to do this for you instead of having to override the
manic security settings all the time. After all, isn't that what
functions are for so you don't have to reinvent the wheel all the time?



I came this far, and was able to read but not write, and since I
couldn't write I couldn't be certain what I read was correct either:



Code:

BOOL EnablePriv(LPCSTR lpszPriv, HANDLE tprocid) // by Napalm

{

HANDLE hToken;

LUID luid;

TOKEN_PRIVILEGES tkprivs;

ZeroMemory(&tkprivs, sizeof(tkprivs));



if(!OpenProcessToken(tprocid, (TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY), &hToken))

return FALSE;

if(!LookupPrivilegeValue(NULL, lpszPriv, &luid)){

CloseHandle(hToken); return FALSE;

}



tkprivs.PrivilegeCount = 1;

tkprivs.Privileges[0].Luid = luid;

tkprivs.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;



BOOL bRet = AdjustTokenPrivileges(hToken, FALSE, &tkprivs, sizeof(tkprivs), NULL, NULL);

CloseHandle(hToken);

return bRet;

}

// Called as: EnablePriv(SE_DEBUG_NAME);





int getbyte(int procid, int address)

{

int c;

HANDLE mprocess;

mprocess=(HANDLE)procid;

EnablePriv(SE_DEBUG_NAME, mprocess);

HANDLE hProcess;

unsigned char ucMem;

DWORD dwMemAddr = (DWORD)address;

SIZE_T stBytes = 0;

hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE, (DWORD)mprocess);

ReadProcessMemory(hProcess,(LPCVOID)dwMemAddr, &ucMem, 1,&stBytes);

CloseHandle(hProcess);

c = (int)ucMem;

return (c);

}



int writebyte(int procid, int address, int value)

{

int c;

HANDLE mprocess;

mprocess=(HANDLE)procid;

EnablePriv(SE_DEBUG_NAME, mprocess);

HANDLE hProcess;

unsigned char ucMem;

ucMem=(unsigned char)value;

DWORD dwMemAddr = (DWORD)address;

SIZE_T stBytes = 0;

hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE, (DWORD)mprocess);

c=(int)WriteProcessMemory(hProcess, (LPVOID)dwMemAddr, (LPCVOID)&ucMem, 1,NULL);

CloseHandle(hProcess);

return (c);

}


C'mon there must be a easier way than this?



I have looked at the source code, but I don't fully understand the
structure of Delphi and I'm only a beginner at C, so trying to decipher
Delphi to C is too big a task for me, what would be superb is a function
to prepare the Process so it can be read from and written to, and a
function to actually read and write to it. That's all I need, yet so
hard to do.



I hope you understand my concern, this is not something that should be
difficult to do, it should be easy. If I could only get it to read and
write one single byte successfully then that would be a BIG step in the
right direction.



(QB64 doesn't have a certain types of variables so I convert to and fro int instead if you wonder about that)








I'm saying not to use PROCESS_ALL_ACCESS because
the flags changed across OS versions. The flag changed between XP and
Vista/Win7:

Code:
#if (NTDDI_VERSION >= NTDDI_VISTA)

#define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE |

0xFFFF)

#else

#define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE |

0xFFF)

#endif



This doesn't make the documentation wrong, what they say in the docs is correct.

What I'm telling you to do is not use this flag at all and use specifically the ones you need. For example:



Code:
HANDLE hHandle = OpenProcess( PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, FALSE, dwProcId );



Which does not require the token to be adjusted since you aren't asking for all privileges.



The next step you need to do is start checking error returns and
obtaining the error code from the system after the API fails. For
example:



Code:
// Obtain process handle..

HANDLE hHandle = OpenProcess( PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, FALSE, dwProcId );

if( hHandle == NULL )

{

// OpenProcess failed.. read the error from the system..

DWORD dwLastError = GetLastError();



// Handle error here..

}



// Attempt to read a DWORD from memory..

DWORD dwValue = 0;

if( !ReadProcessMemory( hHandle, 0x12345678, &dwValue, sizeof( dwValue ), NULL ) )

{

// ReadProcessMemory failed.. read the error from the system..

DWORD dwLastError = GetLastError();



// Handle error here..



// Be sure to cleanup the handle and other objects..

CloseHandle( hHandle );

return ;

}



One other thing to keep in mind, the API is 'dumb'. It has no knowledge
of what sits between the call you make and the result it will give you.
Meaning if the target process has any security features implemented, the
systems API has no idea. So your targets could also be blocking calls
to things like OpenProcess, ReadProcessMemory / WriteProcessMemory and
so on.



Try starting on something basic like Minesweeper. Get the idea and
understanding down on altering memory on something that is completely
unprotected and then move onto other things.
avatar
EMO
EMO Team
EMO Team

Cinsiyet : Erkek
Burçlar : Yay
Yılan
Mesaj Sayısı : 184
Puan : 107593
Rep Puanı : 5
Doğum tarihi : 28/11/89
Kayıt tarihi : 18/05/11
Yaş : 27
Nerden : EMO world
İş/Hobiler : RCE Student / Game Hacking / Learn Beginner C#,C++,Delphi
Lakap : EMO

Kullanıcı profilini gör

Sayfa başına dön Aşağa gitmek

Önceki başlık Sonraki başlık Sayfa başına dön


 
Bu forumun müsaadesi var:
Bu forumdaki mesajlara cevap veremezsiniz