Hello,
I have two questions about processes this time:
How do I...
- ...get the base address of a process?
- ...write to the code of a process? do I just use the WriteProcessMemory function with the code loction?
Thanks for answering.
Hello,
I have two questions about processes this time:
How do I...
- ...get the base address of a process?
- ...write to the code of a process? do I just use the WriteProcessMemory function with the code loction?
Thanks for answering.
- ...write to the code of a process? do I just use the WriteProcessMemory function with the code loction?
http://www.mvps.org/win32/processes/remthread.html
http://www.planet-source-code.com/vb...=7011&lngWId=3
Here's something I wrote a while ago to do that:...get the base address of a process?
If you know the process id, then you can pass it directly, and not have to scan every process like the above snippet does. See the MSDN for how the functions work.Code:HANDLE hProcessSnap = NULL; PROCESSENTRY32 pe32 = { 0 }; hProcessSnap = CreateToolhelp32Snapshot ( TH32CS_SNAPPROCESS, 0); if ( hProcessSnap == ( HANDLE ) -1 ) return; pe32.dwSize = sizeof ( PROCESSENTRY32 ); if ( Process32First ( hProcessSnap, &pe32 ) ) { do { if ( pe32.th32ProcessID ) // Skip the system idle process { HANDLE hModuleSnap = CreateToolhelp32Snapshot ( TH32CS_SNAPMODULE, pe32.th32ProcessID ); MODULEENTRY32 me32 = { 0 }; if (hModuleSnap != ( HANDLE ) -1) { me32.dwSize = sizeof ( MODULEENTRY32 ); if ( Module32First ( hModuleSnap, &me32 ) ) { do { // All info you need is now in "me32". First module is the process itself, rest of modules are the dll's it's using } while ( Module32Next ( hModuleSnap, &me32 ) ); CloseHandle (hModuleSnap); } } } } while ( Process32Next ( hProcessSnap, &pe32 ) ); } CloseHandle ( hProcessSnap );
Thanks for your answers, I'll look at your code Elixia but not right now and for anonytmouse, well, I think it is not what I wanted, I just want to be able to inject an opcode or two into a running child process text section... Besides, using CreateRemoteThread is not compatible with non-NT systems...
don't worry about it, Win9x users represent such a small minority of users right now, just use CreateRemotThread().not compatible with non-NT systems...