Reading Process Memory Without ReadProcessMemory

Publicado por luchin On domingo, 12 de septiembre de 2010 0 comentarios

 In alot of GunZ dll sources, where the dll is injected directly into Gunz, most of them edit directly to a hex value.

Ex.

Code:
#define HP_LOCK      0x4862c9
...
if(GetAsyncKeyState('H')&0x8000){if (h){ h=0;if(b)MessageBeep(MB_OK);}else{ h=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)HP_LOCK     ^= 8;}
I am not really sure about
bit shift, or bit wise conversions, but that is the least of my worries. My question is HP_LOCK a direct pointer value from Cheat Engine, or does it come from some conversion. Also if anyone knows the answer to this, how would you read these values?

 Ye,
since the DLL is injected to enemy's process u can read & write directly to it without ReadProcessMemory & WriteProcessMemory.


eg.


Code:
BYTE *addr = 0x4862c9;
BYTE value = *addr; // read it
*value = 10; //write it
If you just pick random addresses from "your" process space, you may have porblems depending on the protection of that particular page. You need to use the VirtualQuery() function to see if you have read/write access to that address.
Okay thanks. You were just a little off, cause your code gave me errors.

I just did some testing on it. I manipulated simple and complex variables. MSVC++ 2005

VarAddr.h

Code:
#ifndef VAR_H
#define VAR_H
#include 
#include 
#include 
#include 
using namespace std;
#endif
VarAddr.cpp
Code:
#include "VarAddr.h"
int main()
{
 string f;
 string g = "Hello.";
 int x;
 int y = 111;
 char n;
 cout << "The size of integers on this compiler is " << sizeof(x) << " bytes." << "n";
 cout << "The value of 'y' is " << y << ", its memory address is " << &y << endl;
 int addr = 0x0012FED4; //(int)&y; On My Computer this is the address of y, it really equals &y
 BYTE value = *(BYTE*)addr; // read it
 int old = value;
 *(BYTE*)addr = 123; //write it
 cout << "The value of 'y' was " << old << " and is now " << y << ", its memory address is " << &y << endl;
 cout << "----------------------------------------" << endl;
 cout << "The size of strings on this compiler is " << sizeof(f) << " bytes." << "n";
 cout << "The value of 'g' is '" << g.c_str() << "', its memory address is " << &g << endl;
 int saddr = 0x0012FEEC; //(int)&g; On My Computer this is the address of g, it really equals &g
 //BYTE svalue = *(BYTE*)saddr; // read it
 string sold = *(string*)saddr;
 *(string*)saddr = "Good Bye."; //write it
 cout << "The value of 'g' was '" << sold.c_str() << "' and is now '" << g.c_str() << "', its memory address is " << &g << endl;
 cout << "Press enter to exit.";
 n = getch();
 return 0;
}
 ye right, SRY 4 a tiny mistake

The compiler sees 0x4862c9 as just an int (or BYTE); in trying to assign it to a pointer type it will flag it as a type mismatch.

The solution is to explicitly cast the number to a pointer:


Code:
int *addr = (int *)0x4862c9;
or

Code:
BYTE *addr = (BYTE *)0x4862c9;

Publicado por luchin en 19:31

0 comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)
Twitter Delicious Facebook Digg Stumbleupon Favorites More