I made "a" intentionally a pointer. A scanned with CE and over these days I learnt that I should find pointers related to the scanned value, cause it is dinamically alocated. In the example I showed, there should be no way inside by reverse engineering any of the dlls since I don't use (except os stuff which I maybe not discovered yet how to exploit them). I used the pointer map functionality and got linked to "THREADSTACK". I spent some time how to get to my desired value by working with the offsets and hardcoded "THREADSTACK" address. I made a C# utility that opens the process for me, and let me easily write / read and so on.
After ~ 1 day of working, I got everything up. I studied how to get the tricky "THREADSTACK" address. I have been working with Windows API, but so far I was able to actually get it just for x86 apps, and I don't have any idea why that. I followed some people that said that getting the address is one of hardest way and not preffered. I got myself into DLL injecting, and as my first topic, I automated it myself using C# (no injecting using CE). So far it worked and I displayed a MessageBox from the injected app. I followed this way thinking that now I could get the "THREADSTACK" easily since the code is executed into the victim process, but at the time of writing I didn't found anything about how to do that.
Am I supposed to approach another way to do this? I'm not looking especially for "THREADSTACK" address, but for being able to create an executable that can edit another process' memory in any given circumstances (restart app, restart pc, another pc, etc). Sry for bad English.
Last edited by X9UWiAx8 on Sat Aug 31, 2019 1:07 pm; edited 1 time in total
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum