Jump to content
  • Advertisement
Sign in to follow this  
private_ctor

External Memory Modification

This topic is 4822 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Lets say that I have program A. In A at offset n I have a byte. From another program (B) I find the start of A and set byte* b= &n(&n on host). Of course if I try to *b = ### I will get an access violation exception. Is there any way around this exception so that I may directly manipulate the memory of my program A with program B? Thanks, private: ctor();

Share this post


Link to post
Share on other sites
Advertisement
Can't help much more than this:

You need to ensure both progs are in the same address space, which will mean attaching A to B.

Is A running prior to B?

Where is n in the process space of A? Code? Data? Stack?

There is a way to do this (it's how debuggers and trainers work).

Share this post


Link to post
Share on other sites
You usually can't do this directly on a modern operating system.

If you're using Win32, see the ReadProcessMemory/WriteProcessMemory API.

Share this post


Link to post
Share on other sites
That all depends. Are you trying to have two programs which you have written communicate with each other, or are you trying to mess with the internals of some other program whose implementation is not under your control?

Share this post


Link to post
Share on other sites
both =)

I wrote two programs host and parasite, just looking at learning some of the internals. Was able to make ramcode to load the host within the parasite. Been trying to get it so that parasite can attach itsself to host and poke/peek

Share this post


Link to post
Share on other sites
Well, I'd start with looking at how to execute a chunk of memory.

Parasite would then load host and execute it in its own process space.

If host is already running prior to running parasite, as Izron said, most OS's will stop you doing that with an access violation error.

Share this post


Link to post
Share on other sites
Thanks much all, after loading up host into byte* pMC, I was able to store the current stack state, mov edx, pMC push edx call edx and it worked. =)

#Edit: Also had to find an offset to move into edx instead of pMC's starting address, but once I found the offset of where the program actually begins ( I'm guessing the other data in the begining was some windows file header stuff ) it worked fine.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!