View previous topic :: View next topic |
Author |
Message |
Evil_Intentions Expert Cheater Reputation: 65
Joined: 07 Jan 2010 Posts: 214
|
Posted: Sat Jun 12, 2010 8:44 pm Post subject: Memory writing |
|
|
I've decided i wanted to get into the world of memory editing. Mainly to make a hack tool for n64 roms. Now i know what you're thinking, "don't ALL emulators have gameshark codes?", and, "you can always use cheatengine". But i want to try making it myself.
basically, i ask. what are some good sources, or references for functions/techniques i am going to have to use?
Thanks for your time.
PS: i am fairly new at c++(4 weeks) but i have quite a bit of VB experience(if the functions are available for VB)
EDIT: ive learned a little bit but i am having trouble. Here is the coding for my writer:
Code: | #include <iostream>
#include <windows.h>
using namespace std;
int main()
{
//Variables
char whatDo;
int adress;
int value;
DWORD pid;
HWND hwnd;
//PROGRAM
hwnd = FindWindow(NULL, "apple");
if(!hwnd)
{
cout << "apple not running!";
}
else
{
cout << "apple is running!";
GetWindowThreadProcessId(hwnd, &pid);
HANDLE phandle = OpenProcess(PROCESS_ALL_ACCESS, 0, pid);
if(!phandle)
{
cout << "\nCouldn't get processID";
}
else
{
cout << "\nEnter address to Write: ";
cin >> adress;
cout << "\nEnter new value: ";
cin >> value;
WriteProcessMemory(phandle, (LPVOID)adress, &value, sizeof(value), 0);
return 0;
}
}
}
|
"apple" is a program i made to test my writer, it looks like this:
Code: | #include <iostream>
using namespace std;
int main()
{
system("title apple");
char whatDo;
int apples, oranges;
apples = 20;
oranges = 10;
do{
cout << "I have " << oranges << " oranges at adress " << &oranges << endl;
cout << "I have " << apples << " apples at adress " << &apples << endl;
cout << endl << endl << "read again? [y/n]";
cin >> whatDo;
}while(whatDo == 'y' || whatDo == 'Y');
return 0;
}
|
please dont bitch about the system call, i only used it to make targeting it easier.
The problem im having, is for some reason, in my writer, the program ends right before i can enter a new value. It displays the line "Enter new value: " then terminates. Any clue whats going on?
also, i THINK im on the right track, but if you see something wrong with my code, please tell me.
|
|
Back to top |
|
|
hcavolsdsadgadsg I'm a spammer Reputation: 26
Joined: 11 Jun 2007 Posts: 5801
|
Posted: Sat Jun 12, 2010 11:18 pm Post subject: |
|
|
you're probably writing something like 0x00102030 or whatever for your address and cin might be going into the fail state.
|
|
Back to top |
|
|
Evil_Intentions Expert Cheater Reputation: 65
Joined: 07 Jan 2010 Posts: 214
|
Posted: Sat Jun 12, 2010 11:28 pm Post subject: |
|
|
yea probly, but a new problem just occurred. I tried making a reader, using more or less the same code: Code: |
#include <iostream>
#include <Windows.h>
using namespace std;
int main()
{
//Variables
DWORD adress = 0x00000000;
int value = 3; //set to 3 in order to test
DWORD pid = 0x00000000;
HWND hwnd = 0;
//PROGRAM
hwnd = FindWindow(NULL, "apple");
if(!hwnd)
{
cout << "apple not running!";
}
else
{
cout << "apple is running!";
GetWindowThreadProcessId(hwnd, &pid);
HANDLE phandle = OpenProcess(PROCESS_ALL_ACCESS, 0, pid);
if(!phandle)
{
cout << "\nCouldn't get processID";
}
else
{
cout << "\nEnter address to READ: ";
cin >> adress;
ReadProcessMemory(phandle, (LPVOID)adress, &value, sizeof(long int), NULL);
cout << value;
return 0;
}
}
} |
in this case, value isn't getting changed, it stays at 3, so its not reading the value form "apple". I dont see why. Ive looked through the msdn documentation and i am using it correctly. Which means the function isnt FAILING, because it would return a 0 if it was.
could it be the way im typing the adress? in the "apple" program, it shows the adresss to be 0x23ff6c for oranges. That is EXACTLY what im typing in my read program.
|
|
Back to top |
|
|
hcavolsdsadgadsg I'm a spammer Reputation: 26
Joined: 11 Jun 2007 Posts: 5801
|
Posted: Sat Jun 12, 2010 11:33 pm Post subject: |
|
|
yes, that's your problem. the 'x'
|
|
Back to top |
|
|
Evil_Intentions Expert Cheater Reputation: 65
Joined: 07 Jan 2010 Posts: 214
|
Posted: Sat Jun 12, 2010 11:41 pm Post subject: |
|
|
Just tried 23ff6c, 023ff6c, and 0023ff6c
none worked D:
|
|
Back to top |
|
|
hcavolsdsadgadsg I'm a spammer Reputation: 26
Joined: 11 Jun 2007 Posts: 5801
|
Posted: Sat Jun 12, 2010 11:44 pm Post subject: |
|
|
i didn't explain it well, it's because you have letters.
your input is an integer, not a string.
|
|
Back to top |
|
|
Evil_Intentions Expert Cheater Reputation: 65
Joined: 07 Jan 2010 Posts: 214
|
Posted: Sat Jun 12, 2010 11:47 pm Post subject: |
|
|
hmm, so i guess i dont fully understand memory scanning. I thought that you put in the value that you normally get with a pointer. So how WOULD i scan or oranges? do i need to convert the memory address to decimal or something?
|
|
Back to top |
|
|
hcavolsdsadgadsg I'm a spammer Reputation: 26
Joined: 11 Jun 2007 Posts: 5801
|
Posted: Sat Jun 12, 2010 11:51 pm Post subject: |
|
|
0x00AABBCC isn't a valid input as far as cin is concerned when you're trying to put it in an integer.
0x00102030 will also fail
00102030 will pass
00AABBCC will fail
one is strictly numerical in the sense that it's entirely decimal, which is what kind of input it expects
you want the std::hex modifier.
Code: | #include <iostream>
int main()
{
int yams;
std::cin >> std::hex >> yams;
std::cout << yams;
return 0;
} |
|
|
Back to top |
|
|
Evil_Intentions Expert Cheater Reputation: 65
Joined: 07 Jan 2010 Posts: 214
|
Posted: Sat Jun 12, 2010 11:55 pm Post subject: |
|
|
slovach wrote: | 0x00AABBCC isn't a valid input as far as cin is concerned when you're trying to put it in an integer.
0x00102030 will also fail
00102030 will pass
00AABBCC will fail
one is strictly numerical, it expects decimal input... so...
you want the std::hex modifier.
Code: | #include <iostream>
int main()
{
int yams;
std::cin >> std::hex >> yams;
std::cout << yams;
return 0;
} |
|
Oh god, thanks man. changed adress from DWORD to long int, and this worked perfectly. I LOVE YOU (no homo)
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Sun Jun 13, 2010 1:30 am Post subject: |
|
|
Keep in mind, with newer systems, you will run into issues using PROCESS_ALL_ACCESS. You should specify which access you need and avoid using _ALL_ACCESS with any open calls. (OpenProcess, OpenThread, etc.)
_________________
- Retired. |
|
Back to top |
|
|
Evil_Intentions Expert Cheater Reputation: 65
Joined: 07 Jan 2010 Posts: 214
|
Posted: Sun Jun 13, 2010 1:43 am Post subject: |
|
|
Wiccaan wrote: | Keep in mind, with newer systems, you will run into issues using PROCESS_ALL_ACCESS. You should specify which access you need and avoid using _ALL_ACCESS with any open calls. (OpenProcess, OpenThread, etc.) |
Thanks for the advice, but as of right now, im just starting to learn c++ and have no intention of distributing anything i make commercially, or in any form of contests etc. etc. So im fine developing tools for myself on my XP system.
I will look into making my code better though, and any other criticism you (or anyone else) has is definitely wanted.
|
|
Back to top |
|
|
Uzeil Moderator Reputation: 6
Joined: 21 Oct 2006 Posts: 2411
|
Posted: Sun Jun 13, 2010 2:07 am Post subject: |
|
|
Why does ALL_ACCESS give issues? Does _ALL_ACCESS give a value other than just or'ing all of them together?
_________________
|
|
Back to top |
|
|
Evil_Intentions Expert Cheater Reputation: 65
Joined: 07 Jan 2010 Posts: 214
|
Posted: Sun Jun 13, 2010 3:25 am Post subject: |
|
|
Uzeil wrote: | Why does ALL_ACCESS give issues? Does _ALL_ACCESS give a value other than just or'ing all of them together? |
Honestly im not to keen as to how _ALL_ACCESS even works, i just found out that thats what i was missing to do memory editing.
|
|
Back to top |
|
|
Uzeil Moderator Reputation: 6
Joined: 21 Oct 2006 Posts: 2411
|
Posted: Sun Jun 13, 2010 3:38 am Post subject: |
|
|
Constant properties/flags like that tend to be done as follows:
In binary representation, each flag is a different 1, starting from 1 going left (so 10, then 100, then 1000, then 10000, etc)
That way, you can OR multiple properties together without losing any information, allowing the API(or other system API) to see what flags are set.
For example:
Let's say _READ is 001
and _WRITE is 010
and _EXECUTE is 100
So if you want _READ and _WRITE privileges, you would put (_READ or _WRITE), or (_READ | _WRITE) or whatever your logical 'or' operator is (not your boolean or! like || would be a big difference in this case depending on the compiler)
So doing _READ or _WRITE would get you:
001 <- _READ
010 <- _WRITE
___
011 <- _READ_WRITE
Similarly, READ_WRITE_EXECUTE (essentially 'ALL_ACCESS' if those were your only access modifiers) would give you
001 or 010 or 100
=
111 <- READ_WRITE_EXECUTE
(Note that this is all hypothetical. In most cases, sending 111 in isn't going to work for READ_WRITE_EXECUTE ... unless you're using linux)
So my question to Wiccaan is: Why does using ALL_ACCESS give you a problem? Does ALL_ACCESS not just OR them altogether, and instead have it's own number? (like 1000, in this case)
_________________
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Sun Jun 13, 2010 5:16 am Post subject: |
|
|
Flags like PROCESS_ALL_ACCESS changed in size between Windows XP and Windows Vista/Windows 7. The flag was extended to include other options on the newer OS'. Depending on how you compile, as well as other things, the flag is not the same between different versions of Windows.
With Visual Studio 2008/2010, PROCESS_ALL_ACCESS is defined as:
Code: |
#if (NTDDI_VERSION >= NTDDI_VISTA)
#define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
0xFFFF)
#else
#define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
0xFFF)
#endif |
NTDDI_VERSION is based on the version of _WIN32_WINNT is set to.
There are ways to avoid the problem all together but overall the best approach is to specify what you need and avoid using _ALL_ACCESS flags.
_________________
- Retired. |
|
Back to top |
|
|
|