External Memory Modification
Author
Lets say that I have program A. In A at offset n I have a byte. From another program (B) I find the start of A and set byte* b= &n(&n on host).
Of course if I try to *b = ### I will get an access violation exception. Is there any way around this exception so that I may directly manipulate the memory of my program A with program B?
Thanks,
private: ctor();
Can't help much more than this:
You need to ensure both progs are in the same address space, which will mean attaching A to B.
Is A running prior to B?
Where is n in the process space of A? Code? Data? Stack?
There is a way to do this (it's how debuggers and trainers work).
You need to ensure both progs are in the same address space, which will mean attaching A to B.
Is A running prior to B?
Where is n in the process space of A? Code? Data? Stack?
There is a way to do this (it's how debuggers and trainers work).
You usually can't do this directly on a modern operating system.
If you're using Win32, see the ReadProcessMemory/WriteProcessMemory API.
If you're using Win32, see the ReadProcessMemory/WriteProcessMemory API.
That all depends. Are you trying to have two programs which you have written communicate with each other, or are you trying to mess with the internals of some other program whose implementation is not under your control?
Author
both =)
I wrote two programs host and parasite, just looking at learning some of the internals. Was able to make ramcode to load the host within the parasite. Been trying to get it so that parasite can attach itsself to host and poke/peek
I wrote two programs host and parasite, just looking at learning some of the internals. Was able to make ramcode to load the host within the parasite. Been trying to get it so that parasite can attach itsself to host and poke/peek
Well, I'd start with looking at how to execute a chunk of memory.
Parasite would then load host and execute it in its own process space.
If host is already running prior to running parasite, as Izron said, most OS's will stop you doing that with an access violation error.
Parasite would then load host and execute it in its own process space.
If host is already running prior to running parasite, as Izron said, most OS's will stop you doing that with an access violation error.
Author
Thanks much all, after loading up host into byte* pMC, I was able to store the current stack state, mov edx, pMC push edx call edx and it worked. =)
#Edit: Also had to find an offset to move into edx instead of pMC's starting address, but once I found the offset of where the program actually begins ( I'm guessing the other data in the begining was some windows file header stuff ) it worked fine.
#Edit: Also had to find an offset to move into edx instead of pMC's starting address, but once I found the offset of where the program actually begins ( I'm guessing the other data in the begining was some windows file header stuff ) it worked fine.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
