Page 1 of 3 123 LastLast
Results 1 to 15 of 38
  1. #1
    Lyoto Machida's Avatar
    Join Date
    Jan 2011
    Gender
    male
    Location
    Far away with girls
    Posts
    3,734
    Reputation
    133
    Thanks
    1,621
    My Mood
    Aggressive

    Memory Writing...

    Well, I Made a simple console, with a int that you can see the value and change it anytime, Then i made a console application to write another value to that int..
    But idk what is wrong, it says Memory Written but does not happen nothing, I found the adress with C.E 5.6 and 6 ( I didn reopen the console, so the adress didn changed...) ..Here is my code:

    Code:
    #include <iostream>
    #include <Windows.h>
    using namespace std;
    
    int newvalue = 666;
    
    int main() {
    
    	while(true) {
    		HWND hWnd = FindWindow(0,L"mhtest");
    		if(!hWnd) {
    			cout << "Window not found!" << endl;
    			system("cls");
    
    		} else {
    			cout << "Windows found! Starting the memory hacking process.." << endl; Sleep(2000); system("cls");
    
    			DWORD pID;
    			GetWindowThreadProcessId(hWnd, &pID);
    
    			HANDLE pA = OpenProcess(PROCESS_ALL_ACCESS,false, pID);
    
    			if(!pA) {
    				cout << "Cant acess the program.." << endl; Sleep(2000);
    				system("cls");
    
    			} else {
    				int ss = WriteProcessMemory(hWnd,(LPVOID)0x00E79138, &newvalue,(DWORD)sizeof(newvalue),NULL);
    				if(!ss) {
    					cout << "Failed to write the memory.." << ss << endl; Sleep(2000);
    					system("cls");
    				} else {
    					cout << "Memory written!.." << ss << endl; Sleep(2000);
    					system("cls");
    				}
    			}
    
    
    		}
    
    	}
    
    
    }
    Possible problems:
    Converting the adress to hex (i just 0xADRESS it)..

    Please help me..

    If my code is wrong, please give me a example..And PS: Idk why but the WriteProcessMemory is returning 0 =( now i see that..
    Last edited by Lyoto Machida; 05-18-2011 at 03:54 PM.

  2. #2
    Lyoto Machida's Avatar
    Join Date
    Jan 2011
    Gender
    male
    Location
    Far away with girls
    Posts
    3,734
    Reputation
    133
    Thanks
    1,621
    My Mood
    Aggressive
    I tryed to clear my code, Waiting for help .. =(

  3. #3
    Auxilium's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    深い碧の果てに
    Posts
    4,518
    Reputation
    445
    Thanks
    609
    My Mood
    Happy
    Help yourself, best way to learn.

  4. #4
    Lyoto Machida's Avatar
    Join Date
    Jan 2011
    Gender
    male
    Location
    Far away with girls
    Posts
    3,734
    Reputation
    133
    Thanks
    1,621
    My Mood
    Aggressive
    Well if im here, its because i cant help myself -.-

    But i think i got the problem..
    Is the adress..

    The adress must be ME Test.exe(my program) + 19138 ..
    But how do i get the ME Test.exe ?
    Please help me..
    @Virtual Void

  5. #5
    open|Fire's Avatar
    Join Date
    Jan 2011
    Gender
    male
    Location
    fs:[0]
    Posts
    62
    Reputation
    18
    Thanks
    36
    Quote Originally Posted by -Away View Post
    [FONT="Georgia"][COLOR="SlateGray"]

    Code:
    #include <iostream>
    #include <Windows.h>
    using namespace std;
    
    int newvalue = 666;
    
    int main() {
    
    	while(true) {
    		HWND hWnd = FindWindow(0,L"mhtest");
    		if(!hWnd) {
    			cout << "Window not found!" << endl;
    			system("cls");
    
    		} else {
    			cout << "Windows found! Starting the memory hacking process.." << endl; Sleep(2000); system("cls");
    
    			DWORD pID;
    			GetWindowThreadProcessId(hWnd, &pID);
    
    			HANDLE pA = OpenProcess(PROCESS_ALL_ACCESS,false, pID);
    
    			if(!pA) {
    				cout << "Cant acess the program.." << endl; Sleep(2000);
    				system("cls");
    
    			} else {
    				int ss = WriteProcessMemory(hWnd,(LPVOID)0x00E79138, &newvalue,(DWORD)sizeof(newvalue),NULL);
    				if(!ss) {
    					cout << "Failed to write the memory.." << ss << endl; Sleep(2000);
    					system("cls");
    				} else {
    					cout << "Memory written!.." << ss << endl; Sleep(2000);
    					system("cls");
    				}
    			}
    
    
    		}
    
    	}
    
    
    }
    your WriteProcessMemory is wrong, you need use the handle open with OpenProcess to write in a remote process.

    right way

    WriteProcessMemory(pA,(LPVOID)0x00E79138, &newvalue,(DWORD)sizeof(newvalue),NULL);

    and I think this addr 00E79138 is not a VA.

  6. The Following User Says Thank You to open|Fire For This Useful Post:

    Lyoto Machida (05-18-2011)

  7. #6
    Fovea's Avatar
    Join Date
    Mar 2011
    Gender
    male
    Posts
    325
    Reputation
    101
    Thanks
    411
    My Mood
    Amused
    Process Security and Access Rights (Windows)
    Windows Server 2003 and Windows XP/2000: The size of the PROCESS_ALL_ACCESS flag increased on Windows Server 2008 and Windows Vista. If an application compiled for Windows Server 2008 and Windows Vista is run on Windows Server 2003 or Windows XP/2000, the PROCESS_ALL_ACCESS flag is too large and the function specifying this flag fails with ERROR_ACCESS_DENIED. To avoid this problem, specify the minimum set of access rights required for the operation. If PROCESS_ALL_ACCESS must be used, set _WIN32_WINNT to the minimum operating system targeted by your application (for example, #define _WIN32_WINNT _WIN32_WINNT_WINXP). For more information, see Using the Windows Headers.
    Don't use PROCESS_ALL_ACCESS when you only need PROCESS_VM_WRITE.

  8. The Following 2 Users Say Thank You to Fovea For This Useful Post:

    Lyoto Machida (05-18-2011),Void (05-20-2011)

  9. #7
    Lyoto Machida's Avatar
    Join Date
    Jan 2011
    Gender
    male
    Location
    Far away with girls
    Posts
    3,734
    Reputation
    133
    Thanks
    1,621
    My Mood
    Aggressive
    @open|Fire that was the problem, now its solved, reped + thnks...
    @Fovea Thanks, just learned something new, reped + thanked.

    Now i just need something, The adress is always changing, its "THE PROGRAM + 19138", ou do i get "THE PROGRAM"?

    Thanks

  10. #8
    Fovea's Avatar
    Join Date
    Mar 2011
    Gender
    male
    Posts
    325
    Reputation
    101
    Thanks
    411
    My Mood
    Amused

  11. The Following User Says Thank You to Fovea For This Useful Post:

    Lyoto Machida (05-18-2011)

  12. #9
    Lyoto Machida's Avatar
    Join Date
    Jan 2011
    Gender
    male
    Location
    Far away with girls
    Posts
    3,734
    Reputation
    133
    Thanks
    1,621
    My Mood
    Aggressive

    Edit:

    Damm i cant figure it out, someone can explain me how do i get it?
    Cause the int address is 19138
    But the program address i always changing.. and need to Be PROGRAM ADDRESS + 19138
    HOw do i do that?
    @whit
    @Void

    @PROS

    plz help me =) =)
    Last edited by Lyoto Machida; 05-18-2011 at 09:02 PM.

  13. #10
    Omar the Sandnigger's Avatar
    Join Date
    Apr 2011
    Gender
    male
    Posts
    991
    Reputation
    2
    Thanks
    20
    My Mood
    Devilish
    Quote Originally Posted by -Away View Post

    Edit:

    Damm i cant figure it out, someone can explain me how do i get it?
    Cause the int address is 19138
    But the program address i always changing.. and need to Be PROGRAM ADDRESS + 19138
    HOw do i do that?
    @whit
    @Void

    @PROS

    plz help me =) =)
    It's a dynamic address, it needs to be a static one.
    Oh and you forgot an ';' somewhere in your code.

  14. #11
    Melodia's Avatar
    Join Date
    Dec 2009
    Gender
    female
    Posts
    2,608
    Reputation
    276
    Thanks
    1,662
    My Mood
    Dead
    Quote Originally Posted by Little Cookie View Post


    It's a dynamic address, it needs to be a static one.
    Oh and you forgot an ';' somewhere in your code.
    Shut up Cookie.

    @-Away
    Pointers are your friend ; But Calculating size from moduleList / PEB / w.e as Fovea posted is pretty much the most efficient way to do it externally as you are trying to do (:
    Love You All~

  15. The Following 2 Users Say Thank You to Melodia For This Useful Post:

    Hassan (05-22-2011),Jason (05-19-2011)

  16. #12
    Omar the Sandnigger's Avatar
    Join Date
    Apr 2011
    Gender
    male
    Posts
    991
    Reputation
    2
    Thanks
    20
    My Mood
    Devilish
    Quote Originally Posted by Melodia View Post


    Shut up Cookie.
    Seriously
    What is your problem with me? I was trying to help.

  17. #13
    'Bruno's Avatar
    Join Date
    Dec 2009
    Gender
    male
    Location
    Portugal
    Posts
    2,883
    Reputation
    290
    Thanks
    1,036
    My Mood
    Busy
    I believe it was said already but...

    Get the module base address.
    I'm pretty sure there is simpler solution or more effective, but I did this when I was playing around with solitaire at the very beggining.

    Code:
    	MODULEENTRY32 mEntry32;
    
    	HANDLE hSnapMods = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pId);
    	if(Module32First(hSnapMods, &mEntry32) == TRUE)
    	{
    		do
    		{
    			if(strcmp(mEntry32.szModule, "solitaire.exe") == 0)
    			{
    				mAddress = (DWORD)mEntry32.modBaseAddr + appOffSet;
    				break;
    			}
    		}
    		while(Module32Next(hSnapMods, &mEntry32) == TRUE);
    	}
    <pId> is the process id.
    <mEntry32.modBaseAddr> will be the module base address.

    Now instead of copying it and see that works (or not), try to understand first what is in there.
    Last edited by 'Bruno; 05-19-2011 at 03:53 AM.
    Light travels faster than sound. That's why most people seem bright until you hear them speak.

  18. The Following 2 Users Say Thank You to 'Bruno For This Useful Post:

    [MPGH]master131 (05-19-2011),Void (05-20-2011)

  19. #14
    Lyoto Machida's Avatar
    Join Date
    Jan 2011
    Gender
    male
    Location
    Far away with girls
    Posts
    3,734
    Reputation
    133
    Thanks
    1,621
    My Mood
    Aggressive
    Why the if(strcmp(mEntry32.szModule
    Keep giving error? mEntry blabla not compatible with char * blablaa

  20. #15
    Omar the Sandnigger's Avatar
    Join Date
    Apr 2011
    Gender
    male
    Posts
    991
    Reputation
    2
    Thanks
    20
    My Mood
    Devilish
    Quote Originally Posted by -Away View Post
    Why the if(strcmp(mEntry32.szModule
    Keep giving error? mEntry blabla not compatible with char * blablaa
    strcmp() is in the cstring (string.h) header file.
    Hail Allah, he's our king.
    Bomb yourself down, so he's happy.

Page 1 of 3 123 LastLast