| View previous topic :: View next topic |
| Author |
Message |
mStorm
Expert Cheater
![]() Reputation: 0
Joined: 21 Feb 2009
Posts: 107
|
 Posted: Thu Mar 19, 2009 12:01 pm Post subject: Injection/Changing OpCodes |
 |
|
I used Wiccaan's "finding opcode address" source located here in the forums, and could find opcodes, but not the specific one I was looking for.
I'm thinking because was using pure readprocessmem from an outside process, it could not access these values even with PROCESS_ALL_ACCESS and changing the region to READWRITE_EXECUTE.
So will DLL injection solve this problem? When you inject, does it give the dll you injected full access to the memory since it's the same process, or do you still have to use VirtualProtect..
|
|
| Back to top |
|
 |
AlbanainRetard
Master Cheater
 Reputation: 0
Joined: 02 Nov 2008
Posts: 494
Location: Canada eh?
|
| Posted: Thu Mar 19, 2009 12:03 pm Post subject: |
|
|
With an injeted dll like kitterz you can read with out RPM.
| Code: |
*(DWORD*)Address
*(DWORD*)Address = value;
|
You can use other types and pointers.
_________________
|
|
| Back to top |
|
|
mStorm
Expert Cheater
![]() Reputation: 0
Joined: 21 Feb 2009
Posts: 107
|
| Posted: Thu Mar 19, 2009 12:05 pm Post subject: |
|
|
Ok, that's what I figured.
Does this give full access to even GUARDED pages?
|
|
| Back to top |
|
|
kitterz
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 24 Dec 2007
Posts: 1268
|
| Posted: Thu Mar 19, 2009 12:05 pm Post subject: Re: Injection/Changing OpCodes |
|
|
| mStorm wrote: | I used Wiccaan's "finding opcode address" source located here in the forums, and could find opcodes, but not the specific one I was looking for.
I'm thinking because was using pure readprocessmem from an outside process, it could not access these values even with PROCESS_ALL_ACCESS and changing the region to READWRITE_EXECUTE.
So will DLL injection solve this problem? When you inject, does it give the dll you injected full access to the memory since it's the same process, or do you still have to use VirtualProtect.. |
You get full access to the process's memory. Personallly, I never needed VirtualProtect with ass dll...so go for it!
_________________
|
|
| Back to top |
|
|
mStorm
Expert Cheater
![]() Reputation: 0
Joined: 21 Feb 2009
Posts: 107
|
| Posted: Thu Mar 19, 2009 3:38 pm Post subject: |
|
|
I am injecting my opcode search function into calc.exe, and it will find some matches, then it crashes due to access violation?
So you don't have full access to the .exe's memory even when injected?
Is there something I am missing?
|
|
| Back to top |
|
|
smartz993
I post too much
 Reputation: 2
Joined: 20 Jun 2006
Posts: 2013
Location: USA
|
| Posted: Thu Mar 19, 2009 3:41 pm Post subject: |
|
|
No.
If pages are marked as PAGE_READONLY, you must set the memory to writable.
|
|
| Back to top |
|
|
mStorm
Expert Cheater
![]() Reputation: 0
Joined: 21 Feb 2009
Posts: 107
|
| Posted: Thu Mar 19, 2009 3:50 pm Post subject: |
|
|
| Code: | | VirtualProtect(mbi.BaseAddress, mbi.RegionSize, PAGE_EXECUTE_READWRITE, &oldProtect) |
should suffice?
I have that in there:(
|
|
| Back to top |
|
|
smartz993
I post too much
Reputation: 2
Joined: 20 Jun 2006
Posts: 2013
Location: USA
|
| Posted: Thu Mar 19, 2009 3:51 pm Post subject: |
|
|
| mStorm wrote: | | Code: | | VirtualProtect(mbi.BaseAddress, mbi.RegionSize, PAGE_EXECUTE_READWRITE, &oldProtect) |
should suffice?
I have that in there:( |
Fine.
|
|
| Back to top |
|
|
mStorm
Expert Cheater
![]() Reputation: 0
Joined: 21 Feb 2009
Posts: 107
|
| Posted: Thu Mar 19, 2009 3:53 pm Post subject: |
|
|
| So, unlimited access is not real?... argh.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
