Memory Editing

This is a discussion on Memory Editing within the C++ Programming forums, part of the General Programming Boards category; I'm making a program that needs to access the memory, etc.. of target programs. Virii and spyware often have a ...

  1. #1
    Registered User
    Join Date
    Dec 2001
    Posts
    206

    Exclamation Memory Editing

    I'm making a program that needs to access the memory, etc.. of target programs. Virii and spyware often have a lot of read/write/terminate protection, and that's where I need help. My program gives itself debug rights, but some programs still don't allow PROCESS_VM_WRITE or PROCESS_TERMINATE.

    How do these programs keep me from writing or terminating, even though I've given myself access? And how can I overcome this?

    Here are my active functions:

    In main():
    Code:
    HANDLE hToken;
       if (OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken)) {
          EnablePrivilege(hToken, SE_DEBUG_NAME, TRUE) ;
          CloseHandle(hToken);
          }
    EnablePrivilege():
    Code:
    BOOL EnablePrivilege(HANDLE hToken, LPCTSTR szPrivName, 
       BOOL fEnable) {
    
       TOKEN_PRIVILEGES tp;
       tp.PrivilegeCount = 1;
       LookupPrivilegeValue(NULL, szPrivName, &tp.Privileges[0].Luid);
       tp.Privileges[0].Attributes = fEnable ? SE_PRIVILEGE_ENABLED : 0;
       AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
       return((GetLastError() == ERROR_SUCCESS));
    }
    When set to PROCESS_VM_WRITE or PROCESS_TERMINATE, m_hProcess goes unchanged [NULL]. PROCESS_VM_READ is allowed on all programs, even those that deny access when I don't set permissions. It sets m_hProcess to a handle, like it should.
    Code:
    m_hProcess = ::OpenProcess(PROCESS_VM_READ, false, _PID)
    Last edited by Denethor2000; 11-02-2005 at 01:46 PM.

  2. #2
    Hardware Engineer
    Join Date
    Sep 2001
    Posts
    1,398
    This is Windows, right?

    The operating system prevents you from accessing another program's memory, or the operating system's memory space. As far as I know, you can't do this with a user-mode program. So, I think you have to write a kernel-mode (driver) program.

  3. #3
    Registered User
    Join Date
    Dec 2001
    Posts
    206
    Yes this is Windows XP.

    I've read and written memory to multiple programs. Programs related in no way to mine. A few deny me access.

    Could this be a hook they've initialized on the DLL I'm accessing? Either way, would a DLL hook be a solution?

  4. #4
    Bioport Productions
    Join Date
    Oct 2005
    Posts
    215
    I don't know what exactly you're trying to do but have you tried using ReadProcessMemory/WriteProcessMemory ? As far as I know, you don't need an privileges to use them and they work on all windows programs.
    -"What we wish, we readily believe, and what we ourselves think, we imagine others think also."
    PHP Code:
    sadf 

  5. #5
    Registered User
    Join Date
    Dec 2001
    Posts
    206
    Quote Originally Posted by durban
    I don't know what exactly you're trying to do but have you tried using ReadProcessMemory/WriteProcessMemory ? As far as I know, you don't need an privileges to use them and they work on all windows programs.
    Can't WriteProcessMemory or ReadProcessMemory without the correct handle.

    For example.
    This grabs the ReadProcessMemory handle:
    Code:
    m_hProcess = ::OpenProcess(PROCESS_VM_READ, false, _PID)

    This grabs the WriteProcessMemory handle:
    Code:
    m_hProcess = ::OpenProcess(PROCESS_VM_WRITE, false, _PID)
    My access to the handle is denied with PROCESS_VM_WRITE. And I can't write anything without the handle.

  6. #6
    Bioport Productions
    Join Date
    Oct 2005
    Posts
    215
    Hmm, try using PROCESS_ALL_ACCESS.
    -"What we wish, we readily believe, and what we ourselves think, we imagine others think also."
    PHP Code:
    sadf 

  7. #7
    Registered User
    Join Date
    Dec 2001
    Posts
    206
    I don't have access to any but _READ

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Memory problem with Borland C 3.1
    By AZ1699 in forum C Programming
    Replies: 16
    Last Post: 11-16-2007, 10:22 AM
  2. Suggestions on this C style code
    By Joelito in forum C Programming
    Replies: 11
    Last Post: 06-07-2007, 03:22 AM
  3. Relate memory allocation in struct->variable
    By Niara in forum C Programming
    Replies: 4
    Last Post: 03-23-2007, 03:06 PM
  4. Copying memory, pointers and the like.
    By psychopath in forum C++ Programming
    Replies: 34
    Last Post: 12-12-2006, 12:37 PM
  5. Shared Memory - shmget questions
    By hendler in forum C Programming
    Replies: 1
    Last Post: 11-29-2005, 01:15 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21