Sign in to follow this  
geekalert

Spy! - [SOLVED]

Recommended Posts

geekalert    193
How would you access another program's memory (stack & heap)? That is, from within another program. I'm not talking about things like SoftICE, I mean, what would I do if I wanted to make my own program similar to SoftICE? C++/Assembly preferably, since I work with those every day. [Edited by - geekalert on March 28, 2006 9:44:07 AM]

Share this post


Link to post
Share on other sites
MetalRob    138
What platform are you developing on?

Regardless, you want to look into IPC (Inter-Process Communication) for the given system you're working with. If you're working on Windows, and I have a feeling you are, this page should help you get started:

http://www.codeproject.com/threads/

But its pretty tricky stuff, I spent 3 months last summer at my company developing a test suite under W2K that works through IPC, and it was a pretty big challenge. If you're working under Windows, by the way, I recommend you look into COM development, I've found that a component-based approach can be an elegant solution to an IPC problem.

-Rob

Share this post


Link to post
Share on other sites
pragma Fury    343
Well, having never tried it, I'm not sure, but I believe it would involve writing a kernel-level app, as user-level apps won't have access to another process's memory space.

And then it's just a matter of figuring out where in that process's memory space the application code begins and go from there.

Share this post


Link to post
Share on other sites
PiCkLeD    188
A more simple method is to use something like DLL injection (where you can spawn your own application).

Then you can access the memory directly from a newly created thread in your DLL.


//Basic example

//Some structure you have mapped out
//in the target application may look something like
//related to x game...

/* 00400370: 0a 00 00 00 ff 00 00 00 b8 0b 00 00 ...... */

#define MEM__CHARINFO 0x400370

typedef struct _CHARINFO
{
int x; //10
int y; //255
int power; //3000
} CHARINFO, *PCHARINFO;

//... Inject DLL into target game, Create a new Thread
//... ThreadProc ->

//Here we can just refer to the memory directly
//You can change access rights to some special locations of memory
//with the Windows API's such as VirtualProtect etc (if required)...

BOOL CALLBACK ThreadProc( ... LPVOID lpParams, ... )
{
....

//You can access the memory that you have mapped out to the struct now
PCHARINFO example;
example = (PCHARINFO)MEM__CHARINFO;

//Modify Power
example->power = 2000;

}







This might get you thinking, you can access memory the same way but you need to reverse engineer the application to know where certain memory begins using API calls.

Also check out the "Microsoft Detours" they are truly powerful.

Share this post


Link to post
Share on other sites
PiCkLeD    188
It's slow and restrictive for a larger project.

You have a lot more power and can organise / optimise a project much easier with other methods.

Share this post


Link to post
Share on other sites
geekalert    193
Quote:
Original post by bakery2k1
Quote:
Original post by geekalert
How would you access another program's memory (stack & heap)?


Assuming Windows, I don't think there's any need for kernel-mode drivers etc. What's wrong with ReadProcessMemory?


Is there something called WriteProcessMemory... hmm?

-edit: Yes, there is (stupid me). I guess I'll try out all of your suggestions. Thanks for all the replies!

Share this post


Link to post
Share on other sites
pragma Fury    343
Quote:
Original post by bakery2k1
Assuming Windows, I don't think there's any need for kernel-mode drivers etc.

Ah, I was thinking he also wanted to look at the process's executable in memory as well.

Share this post


Link to post
Share on other sites
bakery2k1    712
Quote:
Original post by pragma Fury
Quote:
Original post by bakery2k1
Assuming Windows, I don't think there's any need for kernel-mode drivers etc.

Ah, I was thinking he also wanted to look at the process's executable in memory as well.


Can't ReadProcessMemory do that?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this