View previous topic :: View next topic |
Author |
Message |
ronjaraeubertochter How do I cheat? Reputation: 0
Joined: 11 Aug 2017 Posts: 3
|
Posted: Fri Aug 11, 2017 11:44 am Post subject: [C#] ReadProcessMemory like CE do |
|
|
Hey guys,
I want to read the memory of a external process using C#.
The ReadProcessMemory-method from kernel32.dll seems to not allow to read the protected memory (always returns zeros while reading protected memory).
I have read that I can use the dbk32.sys to create a dbk32.dll to read the process memory like CE do. But I have no idea how to create and include this dll
|
|
Back to top |
|
|
JohnnyBF How do I cheat? Reputation: 0
Joined: 11 Aug 2017 Posts: 3
|
Posted: Fri Aug 11, 2017 12:31 pm Post subject: |
|
|
Try VAMemory class (i cant post urls ;/ google it)
|
|
Back to top |
|
|
ronjaraeubertochter How do I cheat? Reputation: 0
Joined: 11 Aug 2017 Posts: 3
|
Posted: Fri Aug 11, 2017 1:46 pm Post subject: |
|
|
thank you for your help so far
But I see 2 problems with vamemory:
1st) I can't open a process with its pid (only by name which is not unique all the time)
2nd) It looks like that vamemory is using the same standard api so I would not have read-access to protected memory
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Mon Aug 14, 2017 1:52 am Post subject: |
|
|
Try using VirtualProtectEx to adjust the protections of the memory you are trying to read if it does not have proper access. Otherwise, you are going to have to either code a driver, which is what dbk32.sys is or inject into the process and read the memory locally.
_________________
- Retired. |
|
Back to top |
|
|
ronjaraeubertochter How do I cheat? Reputation: 0
Joined: 11 Aug 2017 Posts: 3
|
Posted: Tue Aug 15, 2017 8:36 am Post subject: |
|
|
atom0s wrote: | Try using VirtualProtectEx to adjust the protections of the memory you are trying to read if it does not have proper access. |
I tried this but no changes happen:
Code: |
int bytesRead = 0;
byte[] buffer = new byte[3000000];
uint oldProtect = 0;
uint PAGE_EXECUTE_READWRITE = 0x40;
VirtualProtectEx(processHandle, (IntPtr)0x5E57F000, (UIntPtr)buffer.Length, PAGE_EXECUTE_READWRITE, out oldProtect);
ReadProcessMemory((int)processHandle, 0x5E57F000, buffer, buffer.Length, ref bytesRead);
|
After reading, my buffer still contains only zeros (while reading protected memory - unprotected memory is working fine)
atom0s wrote: | Otherwise, you are going to have to either code a driver, which is what dbk32.sys is. |
Few days ago I already tried to compile the "mykerneldriver.sln" from the CE-sources but it fails
But I will try it today again....
atom0s wrote: | or inject into the process and read the memory locally. |
Uff.. this sounds hard. Have you got some information for me to do this using c#?
|
|
Back to top |
|
|
hollow87 Cheater Reputation: 0
Joined: 07 Feb 2015 Posts: 28
|
Posted: Sun Sep 17, 2017 8:08 pm Post subject: |
|
|
DLL injection normally requires a native DLL (like from C/C++ etc)
If you wish to do it mostly from all C# you can try injecting a native bootstrap DLL into the target process and have that load the CLR runtime and execute a managed DLL in the new CLR runtime.
|
|
Back to top |
|
|
|