edwin5254
How do I cheat?
![]() Reputation: 0
Joined: 31 Aug 2008
Posts: 3
|
 Posted: Mon Jul 06, 2009 4:14 am Post subject: [C++]WriteProcessMemory Problem. need help. |
 |
|
hi, im new to c++ and assembly and i am eager to learn this language. this is my test program and im having a problem using WriteProcessMemory... please refer to my code below...
this is my problem:
1. i want to write the address of my allocated memory(VirtualAllocEx) to process(external) but WriteProcessMemory writes it in reverse order(it think it is called "endianess").
[code]
// project3.cpp : Defines the entry point for the DLL application.
//
#include <windows.h>
byte * get_hook_stub()
{
byte static byt[36];
byt[0]=0x55; // push ebp
byt[1]=0x89;byt[2]=0xE5; // mov ebp,esp
byt[3]=0x8B;byt[4]=0x45;byt[5]=0x10; // mov eax,[ebp+10]
byt[6]=0x83;byt[7]=0xF8;byt[8]=0x24; // cmp eax,24h
byt[9]=0x74;byt[10]=0x08; // je 8h
//
byt[11]=0x89;byt[12]=0xEC; // mov esp,ebp
byt[13]=0x5D; // pop ebp
// jmp redirect
byt[14]=0xEB;byt[15]=0x0B;
//byt[16]=0x17;byt[17]=0x08;byt[18]=0x73;
byt[16]=0x8D;byt[17]=0x65;byt[18]=0x0C; // lea esp,[ebp+Ch]
byt[19]=0x58; // pop eax
// push offset ascii(title)
byt[20]=0x68;byt[21]=0xEF;byt[22]=0xBE;byt[23]=0xAD;byt[24]=0xDE;
// jmp ed
byt[25]=0xEB;byt[26]=0xF0;
byt[27]=0x90;byt[28]=0x90;byt[29]=0x90;byt[30]=0x90;byt[31]=0x90; // five byte offset
byt[32]=0x90;byt[33]=0x90;byt[34]=0x90;byt[35]=0x90;byt[36]=0x90; // five byte redirect
//byt[37]=0x90;byt[39]=0x90
return byt;
}
long long_to_4byte_hex(long value){
char b[9],a[9]="";
wsprintf(b,"%8x",value);
wsprintf(a,"0x%c%c%c%c%c%c%c%c",b[6],b[7],b[4],b[5],b[2],b[3],b[0],b[1]);
return strtol(a,NULL,16);
}
BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved )
{
void * msg;
char s[200];
if( ul_reason_for_call == DLL_PROCESS_ATTACH )
{
HMODULE vb = GetModuleHandle("msvbvm60");
if (vb!=0)
msg = (void *)((unsigned long) vb + 407907); //0x63963;
if (msg!=0)
{
DWORD procId = GetCurrentProcessId();
HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS,NULL,procId);
if(hProc==0)
return 0;
byte * byt=get_hook_stub();
wsprintf(s,"Hooked MessageBox");
long addr1,addr2;
void * title = VirtualAllocEx(hProc,0,18,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
void * stub1 = VirtualAllocEx(hProc,0,40,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
void * p = (void *)1025;//&stub1;
unsigned long prot,ret;
byte jmp1[6];
byte jmp2[]={0xe9,0x0,0x0,0x0,0x0,0x90};
ReadProcessMemory(hProc,msg,&jmp1,6,&ret);
WriteProcessMemory(hProc,title,(void *)s,18,NULL);
WriteProcessMemory(hProc,stub1,(void *)byt,40,NULL);
WriteProcessMemory(hProc,(void *)((unsigned long)stub1+21),&title,4,NULL);
WriteProcessMemory(hProc,(void *)((unsigned long)stub1+27),(void *)jmp1,6,NULL);
WriteProcessMemory(hProc,(void *)((unsigned long)stub1+33),(void *)jmp2,5,NULL);
addr1 = long_to_4byte_hex((long)&msg + 6);
WriteProcessMemory(hProc,(void *)((unsigned long)stub1+34),(void *)((unsigned long)msg + 6),4,NULL);
VirtualProtect(msg,6,PAGE_EXECUTE_READWRITE,&prot);
WriteProcessMemory(hProc,msg,jmp2,6,NULL);
addr2 = long_to_4byte_hex((long)&stub1);
WriteProcessMemory(hProc,(void *)((unsigned long)msg+1),(void *)addr2,4,NULL);
wsprintf(s,"Hook Stub Address: %li\n Hex: %li",stub1,addr1);
MessageBox(0,s,"test",0);
wsprintf(s,"MS VB Proc Address: %li\n Hex: %li",msg,addr2);
MessageBox(0,s,"test",0);
}
}
return TRUE;
}
[/code]
2. i tried converting (see "long_to_4byte_hex()") the address but i think something wrong...
please help..
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
