| View previous topic :: View next topic |
| Author |
Message |
HalfPrime
Grandmaster Cheater
![]() Reputation: 0
Joined: 12 Mar 2008
Posts: 532
Location: Right there...On your monitor
|
 Posted: Fri Jan 02, 2009 5:00 am Post subject: Writing to memory with read-only access? |
 |
|
I'm injecting a dll into a process and trying to write to the first few bytes of ws_32.dll's send function. Problem is, though, that the memory region is read-only so I can't do anything. I tried virtual protect, but it doesn't seem to work. When I debug it in olly, it throws an access violation when I try to write.
I don't get it because people hook send/recv all the time, so hopefully I'm just missing something obvious.
| Code: | #include <windows.h>
#define Key(a) GetAsyncKeyState(a) &0x8000
void start_it();
void DC();
void RC();
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
DWORD ThreadId;
if (fdwReason == DLL_PROCESS_ATTACH)
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&start_it, 0, 0, &ThreadId);
return TRUE;
}
void DC(){
*(BYTE*)(71ab4c27) = 0xc2;
*(BYTE*)(0x71ab4c28) = 0x10;
*(BYTE*)(0x71ab4c29) = 0x00;
*(BYTE*)(0x71ab676f) = 0xc2;
*(BYTE*)(0x71ab6770) = 0x00;
*(BYTE*)(0x71ab6771) = 0x00;
}
void RC(){
*(BYTE*)(0x71ab4c27) = 0x8b;
*(BYTE*)(0x71ab4c28) = 0xff;
*(BYTE*)(0x71ab4c29) = 0x55;
*(BYTE*)(0x71ab676f) = 0x8b;
*(BYTE*)(0x71ab6770) = 0xff;
*(BYTE*)(0x71ab6771) = 0x55;}
void start_it()
{
DWORD oldprotect;
VirtualProtect(0x71ab0000, 0x30000, PAGE_EXECUTE_READWRITE, &oldprotect);
MessageBeep(MB_OK);
for(;;SleepEx(150, 0)){
if(GetAsyncKeyState(VK_MENU)){
if(Key('Z'))
DC();
if(Key('X'))
RC();
}
}
} |
_________________
|
|
| Back to top |
|
 |
Noz3001
I'm a spammer
 Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Fri Jan 02, 2009 5:35 am Post subject: |
|
|
Hmm?
|
|
| Back to top |
|
|
HalfPrime
Grandmaster Cheater
![]() Reputation: 0
Joined: 12 Mar 2008
Posts: 532
Location: Right there...On your monitor
|
| Posted: Fri Jan 02, 2009 12:23 pm Post subject: |
|
|
Whoops, I did some editing before I posted it. It has a 0x in the code.
_________________
|
|
| Back to top |
|
|
Zerith
Master Cheater
 Reputation: 1
Joined: 07 Oct 2007
Posts: 468
|
| Posted: Fri Jan 02, 2009 12:42 pm Post subject: |
|
|
You're better off just getting the address of send() using GetProcAddress()
And another thing, don't write one byte at a time, just write jmp and use the JmpTo formula to calculate the jmp.
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
|
| Back to top |
|
|
HalfPrime
Grandmaster Cheater
![]() Reputation: 0
Joined: 12 Mar 2008
Posts: 532
Location: Right there...On your monitor
|
| Posted: Fri Jan 02, 2009 1:46 pm Post subject: |
|
|
EDIT: Wow, that's messed up. GetProcAddress actually made it work even though I'm still writing to the same address.
Thanks for the help, guys.
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
