Thread: How do I... (process operations)

  1. #1
    Amateur
    Join Date
    Sep 2003
    Posts
    228

    How do I... (process operations)

    Hello,

    I have two questions about processes this time:
    How do I...
    - ...get the base address of a process?
    - ...write to the code of a process? do I just use the WriteProcessMemory function with the code loction?

    Thanks for answering.

  2. #2
    Yes, my avatar is stolen anonytmouse's Avatar
    Join Date
    Dec 2002
    Posts
    2,544
    - ...write to the code of a process? do I just use the WriteProcessMemory function with the code loction?

    http://www.mvps.org/win32/processes/remthread.html

    http://www.planet-source-code.com/vb...=7011&lngWId=3

  3. #3
    Registered User
    Join Date
    Jun 2003
    Posts
    245
    ...get the base address of a process?
    Here's something I wrote a while ago to do that:

    Code:
       HANDLE        hProcessSnap = NULL;
       PROCESSENTRY32 pe32        = { 0 };
    
       hProcessSnap = CreateToolhelp32Snapshot ( TH32CS_SNAPPROCESS, 0);
       if ( hProcessSnap == ( HANDLE ) -1 )
           return;
    
       pe32.dwSize = sizeof ( PROCESSENTRY32 );
    
       if ( Process32First ( hProcessSnap, &pe32 ) )
       {
           do
           {
                if ( pe32.th32ProcessID )      // Skip the system idle process
                {
                   HANDLE hModuleSnap = CreateToolhelp32Snapshot ( TH32CS_SNAPMODULE, pe32.th32ProcessID );
                   MODULEENTRY32 me32        = { 0 };
    
                   if (hModuleSnap != ( HANDLE ) -1)
                   {
                      me32.dwSize = sizeof ( MODULEENTRY32 );
    
                      if ( Module32First ( hModuleSnap, &me32 ) )
                      {
                         do
                         {
                         	// All info you need is now in "me32". First module is the process itself, rest of modules are the dll's it's using
                         }
                         while ( Module32Next ( hModuleSnap, &me32 ) );
                         CloseHandle (hModuleSnap);
                      }
                   }
                }
           }
           while ( Process32Next ( hProcessSnap, &pe32 ) );
       }
       CloseHandle ( hProcessSnap );
    If you know the process id, then you can pass it directly, and not have to scan every process like the above snippet does. See the MSDN for how the functions work.

  4. #4
    Amateur
    Join Date
    Sep 2003
    Posts
    228
    Thanks for your answers, I'll look at your code Elixia but not right now and for anonytmouse, well, I think it is not what I wanted, I just want to be able to inject an opcode or two into a running child process text section... Besides, using CreateRemoteThread is not compatible with non-NT systems...

  5. #5
    'AlHamdulillah
    Join Date
    Feb 2003
    Posts
    790
    not compatible with non-NT systems...
    don't worry about it, Win9x users represent such a small minority of users right now, just use CreateRemotThread().

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. init adopts zombie process?
    By password636 in forum Linux Programming
    Replies: 4
    Last Post: 07-01-2009, 10:05 AM
  2. create a child process that creates a child process
    By cus in forum Linux Programming
    Replies: 9
    Last Post: 01-13-2009, 02:14 PM
  3. Replies: 3
    Last Post: 10-15-2008, 09:24 AM
  4. Problem with forking a process
    By Unitedroad in forum C Programming
    Replies: 10
    Last Post: 10-04-2007, 01:43 AM
  5. process programming
    By St0rM-MaN in forum Linux Programming
    Replies: 2
    Last Post: 09-15-2007, 07:53 AM