| View previous topic :: View next topic |
| Author |
Message |
hacksign23
Master Cheater
![]() Reputation: 0
Joined: 26 Nov 2006
Posts: 404
|
 Posted: Wed Aug 13, 2008 1:23 pm Post subject: WriteProcessMemory Help |
 |
|
Well I'm not much of a C fan, so I prefer VB.NET until i get to know it well enough. I need some help on WriteProcessMemory. Any tips on how I would complete it and maybe an example? Thanks.
_________________
|
|
| Back to top |
|
 |
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Wed Aug 13, 2008 4:52 pm Post subject: |
|
|
This is vb6.0:
| Code: | Public Function WriteByte(ProcHandle As Long, Addr As Long, dxValue As Byte) As Boolean
WriteByte = True
If WriteProcessMemory(ProcHandle, Addr, dxValue, 1, 0&) = 0 Then
WriteByte = False
End If
End Function |
ProcHandle is the return of OpenProcess or FindWindowA I think.
Addr is address in. use &Haddr
dxvalue is the byte is &H too
|
|
| Back to top |
|
|
hacksign23
Master Cheater
![]() Reputation: 0
Joined: 26 Nov 2006
Posts: 404
|
| Posted: Wed Aug 13, 2008 7:05 pm Post subject: |
|
|
Okay for the dxValue, if i was going to nop it would it be
&H0x90 or
&H90
? thanks.
_________________
|
|
| Back to top |
|
|
rapion124
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Mar 2007
Posts: 1095
|
| Posted: Wed Aug 13, 2008 7:16 pm Post subject: |
|
|
Example in C++
| Code: |
hProcess = OpenProcess(...) //Fill this in with process ID and stuff
lpBaseAddress = 0x401000 //Fill this with address to write to
const DWORD dwSize = 0x4; //Number of bytes to write
DWORD dwNumberOfBytesWritten;
BYTE bBuffer[dwSize] = {0x13, 0x37, 0xC0, 0xDE};
if (WriteProcessMemory(hProcess, lpBaseAddress, LPCVOID(&bBuffer), dwSize, &dwNumberOfBytesWritten) == 0)
{
//Write failure code here
} |
|
|
| Back to top |
|
|
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
| Posted: Wed Aug 13, 2008 11:44 pm Post subject: |
|
|
| rapion124 wrote: | Example in C++
| Code: |
hProcess = OpenProcess(...) //Fill this in with process ID and stuff
lpBaseAddress = 0x401000 //Fill this with address to write to
const DWORD dwSize = 0x4; //Number of bytes to write
DWORD dwNumberOfBytesWritten;
BYTE bBuffer[dwSize] = {0x13, 0x37, 0xC0, 0xDE};
if (WriteProcessMemory(hProcess, lpBaseAddress, LPCVOID(&bBuffer), dwSize, &dwNumberOfBytesWritten) == 0)
{
//Write failure code here
} |
|
the dwSize should be sizeof(bBuffer) //could be cbBuffer, aBuffer (count byte, array)
and, does it have to be compared to NULL? you can use the ! operator.
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Thu Aug 14, 2008 4:03 am Post subject: |
|
|
| Rot1 wrote: | | rapion124 wrote: | Example in C++
| Code: |
hProcess = OpenProcess(...) //Fill this in with process ID and stuff
lpBaseAddress = 0x401000 //Fill this with address to write to
const DWORD dwSize = 0x4; //Number of bytes to write
DWORD dwNumberOfBytesWritten;
BYTE bBuffer[dwSize] = {0x13, 0x37, 0xC0, 0xDE};
if (WriteProcessMemory(hProcess, lpBaseAddress, LPCVOID(&bBuffer), dwSize, &dwNumberOfBytesWritten) == 0)
{
//Write failure code here
} |
|
the dwSize should be sizeof(bBuffer) //could be cbBuffer, aBuffer (count byte, array)
and, does it have to be compared to NULL? you can use the ! operator. |
His size param is fine, look at his code, he initialized aBuffer to 4, the size of the buffer being written. No need to use sizeof() if it is correct.
And yes, WriteProcessMemory is a boolean function, when it fails, it returns false so it should be:
| Code: | | if( !WriteProcessMemory( ... ) ) |
_________________
- Retired. |
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Thu Aug 14, 2008 9:36 am Post subject: |
|
|
| hacksign23 wrote: | Okay for the dxValue, if i was going to nop it would it be
&H0x90 or
&H90
? thanks. |
For nop it is &H90
|
|
| Back to top |
|
|
hacksign23
Master Cheater
![]() Reputation: 0
Joined: 26 Nov 2006
Posts: 404
|
| Posted: Thu Aug 14, 2008 12:41 pm Post subject: |
|
|
Thanks! Now one last thing. How would I use an array in vb.net because in vb.net, it doesn't allow the dword array.
my "goal" is to nop(0x90) something 6 times. How would I do that? Doing a WriteProcessMemory without an array (?) would only make it one. Thanks.
Edit: This is what I got:
| Code: |
Check = WriteProcessMemory(processHandle, Address, Bytes, 6, 6)
|
check = boolean
processHandle = open process
Address = &H(address)
Bytes = &H90
6 = size thingy.
other six = output. I'm not sure if it's supposed to be there.
_________________
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Thu Aug 14, 2008 1:30 pm Post subject: |
|
|
Arrays crash in vb6.0 but heres an example from vb6:
Dim arraybytes(0 to 2) as byte
arraybytes(0)=&H90
arraybytes(1)=&H90
arraybytes(2)=&H90
WriteProcessMemory(hProcess,&H00401000,arraybytes,3,&H0)
this will write 3 nops starting from 00401000:
00401000 nop
00401001 nop
00401002 nop
|
|
| Back to top |
|
|
hacksign23
Master Cheater
![]() Reputation: 0
Joined: 26 Nov 2006
Posts: 404
|
| Posted: Thu Aug 14, 2008 1:42 pm Post subject: |
|
|
I tried doing that but I got this error
| Quote: |
Error 1 Value of type '1-dimensional array of Byte' cannot be converted to 'Integer'. C:\Documents and Settings\Owner\Desktop\Prog\VB\MineSweaperTest\MineSweaperTest\Form1.vb 222 60 MineSweaperTest
|
It's because like it's an array so it can't be converted to an int. I tried making that part a byte, but it's because of the array part. HELP!
_________________
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Thu Aug 14, 2008 2:10 pm Post subject: |
|
|
| DOn't use arrays then just send the bytes one after the next.
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Thu Aug 14, 2008 9:47 pm Post subject: |
|
|
| dnsi0 wrote: | | DOn't use arrays then just send the bytes one after the next. |
Writing bytes one by one can lead to errors if the code you are overwriting gets executed before your rewrite is finished.
In VB6 you could write an array to memory doing:
| Code: | Dim byteArray(0 to 20) as Byte
byteArray(0) = &H90
byteArray(1) = &H90
byteArray(2) = &H90
byteArray(3) = &H90 |
And so on.. to create the array. And to write it to memory you would do:
| Code: | | WriteProcessMemory hProcess, &HlpAddress, VarPtr(byteArray), LenB(byteArray), NULL |
Which would let you write the full array at once.
_________________
- Retired. |
|
| Back to top |
|
|
hacksign23
Master Cheater
![]() Reputation: 0
Joined: 26 Nov 2006
Posts: 404
|
| Posted: Thu Aug 14, 2008 11:10 pm Post subject: |
|
|
Actually, dnis0's method works.
what i did was just assign the address to a variable, make a loop, and make
WriteProcessMemory(bla bla bla)
address += &H1
yea. thanks though!
_________________
|
|
| Back to top |
|
|
Cx
Master Cheater
 Reputation: 0
Joined: 27 Jul 2007
Posts: 367
|
| Posted: Thu Aug 14, 2008 11:21 pm Post subject: |
|
|
| hacksign23 wrote: | Actually, dnis0's method works.
what i did was just assign the address to a variable, make a loop, and make
WriteProcessMemory(bla bla bla)
address += &H1
yea. thanks though! |
Sure it works, but it'll be way slower since you are calling the API six (or whatever) times instead of once.
_________________
armed with this small butterfly net
i will face the world alone
& never be lonely. |
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Fri Aug 15, 2008 6:39 am Post subject: |
|
|
Also, like I mentioned, writing single bytes can lead to violations, errors, and so on because your code could be executed during the rewrite and it won't be the correct code yet. I highly suggest not using loops to write to memory, and instead, writing a full block at once.
_________________
- Retired. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
