Edit Box to Memory

**fufu1** · 07-03-2007

Hello, I am currently working on a project so that you can change a password in the middle of the game (halo). Right now I'm able to read the memory, and find/display the password. I've tried to make an edit box that takes the users inputted text, and write it to the memory. Heres my current code, which is written in visual c++ 6 compiler.

[Main.c]

Code:

#include <windows.h>
#include "resource.h"
#pragma comment(linker,"/FILEALIGN:512 /MERGE:.rdata=.text /MERGE:.data=.text /SECTION:.text,EWR /IGNORE:4078")

char *gameWindow = "Halo";
DWORD pid; HWND hwndWindow; DWORD bytes; HANDLE hand = NULL;

void Initialize(HWND hwnd,WPARAM wParam, LPARAM lParam) {
    hwndWindow = FindWindow(NULL,gameWindow);

    if(hwndWindow) {
        GetWindowThreadProcessId(hwndWindow, &pid);
            hand = OpenProcess(PROCESS_VM_READ|PROCESS_VM_WRITE|     
                PROCESS_VM_OPERATION|PROCESS_QUERY_INFORMATION,FALSE, pid);
        SetTimer(hwnd, 1, 100, NULL);
    }else {
        MessageBox(NULL, "Cannot find Halo Trial! It MUST be open for this trainer to work!", "Error", MB_OK + MB_ICONWARNING);
    }
}

void timerCall()
{



}

BOOL CALLBACK DialogProc (HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
{       
    HWND hwnd;
    DWORD pid;
    HANDLE process = NULL;

    int x, y, z;
    DWORD iAddress = 0x851178; //Starting value of password
    DWORD dummy = 0;
    unsigned char value[512];
    char outvalue[32];


    switch (message)
    {
        case WM_INITDIALOG:
            Initialize(hDlg,wParam,lParam);
            SendDlgItemMessage(hDlg, IDC_PLAYERLIST,  LB_RESETCONTENT, 0, 0);
            for(x = 0; x < 1;x++){
                ReadProcessMemory(process,(void*)iAddress,(void*) &value,sizeof(value),&dummy);
                z = 0;
                for(y = 0; y < 32; y+=2){
                    outvalue[z++] = value[y];
                }outvalue[11] = '\0';
                SendDlgItemMessage(hDlg, IDC_PLAYERLIST, LB_ADDSTRING, 0, (LPARAM)outvalue);
                iAddress += sizeof value;
 }

            return TRUE;

        case WM_COMMAND:

            if (LOWORD(wParam) == IDOK ||LOWORD(wParam)== IDCANCEL) {
                EndDialog(hDlg, TRUE);
                return TRUE;
            }
              
     
                        if (LOWORD(wParam) == IDC_REFRESH) {
                SendDlgItemMessage(hDlg, IDC_PLAYERLIST,  LB_RESETCONTENT, 0, 0);
                    hwnd=FindWindow(NULL, "Halo");
            GetWindowThreadProcessId(hwnd, &pid);
            process = OpenProcess(PROCESS_VM_READ|PROCESS_VM_WRITE|     
                PROCESS_VM_OPERATION|PROCESS_QUERY_INFORMATION,FALSE, pid);    
                for(x = 0; x < 1;x++){
                ReadProcessMemory(process,(void*)iAddress,(void*) &value,sizeof(value),&dummy);
                z = 0;
                for(y = 0; y < 32; y+=2){ //y = 0 means how many after the starting value
					// y+=2 means it skips 1 each time
                    outvalue[z++] = value[y];
                }outvalue[11] = '\0';
                SendDlgItemMessage(hDlg, IDC_PLAYERLIST, LB_ADDSTRING, 0, (LPARAM)outvalue);
                iAddress += sizeof value;                    
            }        
                return TRUE;
            }
        return TRUE;

        case WM_DESTROY:
            PostQuitMessage(0);
            return TRUE;

        case WM_CLOSE:
            PostQuitMessage(0);
            return TRUE;
        case WM_TIMER:
            timerCall();
            return TRUE;
    }
    return FALSE;
}

int APIENTRY WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow )
{


    DialogBox(hInstance,MAKEINTRESOURCE(IDD_MAINDLG), NULL,DialogProc);
    return 0;
}

[rsrc.rc]

Code:

//Microsoft Developer Studio generated resource script.
//
#include "resource.h"

#define APSTUDIO_READONLY_SYMBOLS
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 2 resource.
//
#include "afxres.h"

/////////////////////////////////////////////////////////////////////////////
#undef APSTUDIO_READONLY_SYMBOLS

/////////////////////////////////////////////////////////////////////////////
// German (Germany) resources

#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_DEU)
#ifdef _WIN32
LANGUAGE LANG_GERMAN, SUBLANG_GERMAN
#pragma code_page(1252)
#endif //_WIN32

#ifdef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// TEXTINCLUDE
//

1 TEXTINCLUDE DISCARDABLE 
BEGIN
    "resource.h\0"
END

2 TEXTINCLUDE DISCARDABLE 
BEGIN
    "#include ""afxres.h""\r\n"
    "\0"
END

3 TEXTINCLUDE DISCARDABLE 
BEGIN
    "\r\n"
    "\0"
END

#endif    // APSTUDIO_INVOKED

#endif    // German (Germany) resources
/////////////////////////////////////////////////////////////////////////////


/////////////////////////////////////////////////////////////////////////////
// English (U.S.) resources

#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU)
#ifdef _WIN32
LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US
#pragma code_page(1252)
#endif //_WIN32

/////////////////////////////////////////////////////////////////////////////
//
// DESIGNINFO
//

#ifdef APSTUDIO_INVOKED
GUIDELINES DESIGNINFO DISCARDABLE 
BEGIN
    IDD_MAINDLG, DIALOG
    BEGIN
        LEFTMARGIN, 2
        RIGHTMARGIN, 145
        TOPMARGIN, 6
        BOTTOMMARGIN, 36
    END
END
#endif    // APSTUDIO_INVOKED


/////////////////////////////////////////////////////////////////////////////
//
// Dialog
//

IDD_MAINDLG DIALOGEX 0, 0, 151, 38
STYLE DS_SYSMODAL | DS_MODALFRAME | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | 
    WS_SYSMENU
EXSTYLE WS_EX_TOOLWINDOW
CAPTION "Password Changer"
FONT 8, "Verdana"
BEGIN
    LISTBOX         IDC_PLAYERLIST,2,6,48,13,LBS_NOINTEGRALHEIGHT | 
                    WS_TABSTOP
    PUSHBUTTON      "&Refresh",IDC_REFRESH,111,6,34,14,0,WS_EX_CLIENTEDGE | 
                    WS_EX_STATICEDGE
    PUSHBUTTON      "&Close",IDOK,111,22,34,14,0,WS_EX_CLIENTEDGE | 
                    WS_EX_STATICEDGE
    LTEXT           "Orig. Password",IDC_STATIC,52,8,50,8
    EDITTEXT        IDC_EDIT1,2,21,48,15,ES_AUTOHSCROLL
    LTEXT           "New Password",IDC_STATIC,52,23,53,10
END

#endif    // English (U.S.) resources
/////////////////////////////////////////////////////////////////////////////



#ifndef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 3 resource.
//


/////////////////////////////////////////////////////////////////////////////
#endif    // not APSTUDIO_INVOKED

[Resource.h]

Code:

//{{NO_DEPENDENCIES}}
// Microsoft Developer Studio generated include file.
// Used by rsrc.rc
//
#define IDD_MAINDLG                     101
#define IDC_REFRESH                     102
#define IDC_ABOUT                       1009
#define IDC_EXIT                        1010
#define IDC_PLAYERLIST                  1011
#define IDC_FAST                        1015
#define IDC_CHECK1                      1016
#define IDC_CHECK2                      1017
#define IDC_NOFLAGS                     1018
#define IDC_NOTEAM                      1019
#define IDC_NADES                       1020
#define IDC_BUTTON4                     1021
#define IDC_AMMO                        1021
#define IDC_EDIT1                       1022

// Next default values for new objects
// 
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE        106
#define _APS_NEXT_COMMAND_VALUE         40001
#define _APS_NEXT_CONTROL_VALUE         1023
#define _APS_NEXT_SYMED_VALUE           101
#endif
#endif

Any help would be greatly appreciated.
-Thanks, FuFu

**swoopy** · 07-03-2007

Probably in your DialogProc under switch case WM_COMMAND, under the if() for the IDOK button, you'd read the user's inputted text with something similar to:

Code:

if (!GetDlgItemText(hDlg, IDC_EDIT1, outvalue, sizeof outvalue)) *outvalue = '\0';

Then after moving outvalue back to array value, I'm assuming you'd then call WriteProcessMemory() instead of ReadProcessMemory() to write to memory.

**fufu1** · 07-04-2007

Hmm, this didn't work, and suggestions?

Code:

        case WM_COMMAND:

            if (LOWORD(wParam) == IDOK ||LOWORD(wParam)== IDCANCEL) {
                EndDialog(hDlg, TRUE);
                return TRUE;
            }
              
     
                        if (LOWORD(wParam) == IDC_REFRESH) {
                SendDlgItemMessage(hDlg, IDC_PASSWORD,  LB_RESETCONTENT, 0, 0);
                    hwnd=FindWindow(NULL, "Halo");
            GetWindowThreadProcessId(hwnd, &pid);
            process = OpenProcess(PROCESS_VM_READ|PROCESS_VM_WRITE|     
                PROCESS_VM_OPERATION|PROCESS_QUERY_INFORMATION,FALSE, pid);    
                for(x = 0; x < 1;x++){
                ReadProcessMemory(process,(void*)iAddress,(void*) &value,sizeof(value),&dummy);
                z = 0;
                for(y = 0; y < 32; y+=2){ //y = 0 means how many after the starting value
					// y+=2 means it skips 1 each time
                    outvalue[z++] = value[y];
                }outvalue[11] = '\0';
                SendDlgItemMessage(hDlg, IDC_PASSWORD, LB_ADDSTRING, 0, (LPARAM)outvalue);
                iAddress += sizeof value;                    
            }        
				if (!GetDlgItemText(hDlg, IDC_EDIT1, outvalue, sizeof outvalue)) *outvalue = '\0';
				{
					value[3] = outvalue[3];
					WriteProcessMemory(process,(void*)iAddress,(void*) &value,sizeof(value),&dummy);
				}
                return TRUE;
            }

Thanks,
Fufu1

**Yarin** · 07-04-2007

This goes in the Windows section. :P

**fufu1** · 07-05-2007

oh well can someone move it then. i thought vc++ would go into c++ =\. I would still appreciate any help.

**swoopy** · 07-05-2007

Code:

>                for(y = 0; y < 32; y+=2){ //y = 0 means how many after the starting value
>					// y+=2 means it skips 1 each time
>                    outvalue[z++] = value[y];
>                }outvalue[11] = '\0';

Here you're storing the even elements of array value from 0 to 32. Actually from 0 to 20, since you terminate outvalue after 11 characters. So shouldn't you do the same thing in reverse when you WriteProcessMemory? Also I reversed the logic on GetDlgItemText (notice the ! is missing), and printed a message box if GetDlgItemText was unsuccessful. You should probably do the same for WriteProcessMemory().

Code:

				if (GetDlgItemText(hDlg, IDC_EDIT1, outvalue, sizeof outvalue))
				{
					for (int i=0,j=0; i<strlen(outvalue); i++,j+=2)
					{
						value[j] = outvalue[i];
					}
					WriteProcessMemory(process,(void*)iAddress,(void*) value,sizeof(value),&dummy);
				}
				else
				{

					MessageBox(NULL, "Unable to get text from edit box!", "Error", MB_OK + MB_ICONWARNING);
				}

**swoopy** · 07-05-2007

Actually that should probably be:

Code:

				if (GetDlgItemText(hDlg, IDC_EDIT1, outvalue, sizeof outvalue))
				{
					for (int i=0,j=0; i<strlen(outvalue)+1; i++,j+=2)
					{
						value[j] = outvalue[i];
					}
					WriteProcessMemory(process,(void*)iAddress,(void*) value,sizeof(value),&dummy);
				}
				else
				{

					MessageBox(NULL, "Unable to get text from edit box!", "Error", MB_OK + MB_ICONWARNING);
				}

So that the string terminator gets written to memory.

**Crypteasy** · 07-11-2007

Hmm, i tried the source code & i couldn't get it to compile correctly. I made new integers too. Any feed back?

**swoopy** · 07-12-2007

Posting your error messages would be helpful. It looks like fufu is using a Microsoft compiler.

Thread: Edit Box to Memory

Thread Tools

Search Thread

Display

Edit Box to Memory

Similar Threads

edit box

WS_HSCROLL in ES_READONLY edit box error

pointers

setting fixed floats in edit box

Limiting Characters in Edit Box :: MFC