Sign in to follow this  

External Memory Modification

This topic is 4484 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Lets say that I have program A. In A at offset n I have a byte. From another program (B) I find the start of A and set byte* b= &n(&n on host). Of course if I try to *b = ### I will get an access violation exception. Is there any way around this exception so that I may directly manipulate the memory of my program A with program B? Thanks, private: ctor();

Share this post


Link to post
Share on other sites
Can't help much more than this:

You need to ensure both progs are in the same address space, which will mean attaching A to B.

Is A running prior to B?

Where is n in the process space of A? Code? Data? Stack?

There is a way to do this (it's how debuggers and trainers work).

Share this post


Link to post
Share on other sites
That all depends. Are you trying to have two programs which you have written communicate with each other, or are you trying to mess with the internals of some other program whose implementation is not under your control?

Share this post


Link to post
Share on other sites
both =)

I wrote two programs host and parasite, just looking at learning some of the internals. Was able to make ramcode to load the host within the parasite. Been trying to get it so that parasite can attach itsself to host and poke/peek

Share this post


Link to post
Share on other sites
Well, I'd start with looking at how to execute a chunk of memory.

Parasite would then load host and execute it in its own process space.

If host is already running prior to running parasite, as Izron said, most OS's will stop you doing that with an access violation error.

Share this post


Link to post
Share on other sites
Thanks much all, after loading up host into byte* pMC, I was able to store the current stack state, mov edx, pMC push edx call edx and it worked. =)

#Edit: Also had to find an offset to move into edx instead of pMC's starting address, but once I found the offset of where the program actually begins ( I'm guessing the other data in the begining was some windows file header stuff ) it worked fine.

Share this post


Link to post
Share on other sites

This topic is 4484 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this