I'm working on a c++ windows application project. A portion of this project requires me to read the value of a memory address used in a separate process and use this value as a "trigger" within a function. I know the value is a string, and constantly changes, but i have no idea how to read or use it. Any ideas? Any help would be wonderful.
Are you allowed to use standard IPC? If not, you're going to run into issues. Processes are not supposed to share memory space like that. In fact, if you compile with standard settings and try to read outside your application's memory space, you'll get a fatal seg-fault.
What you're going to want to do is essentially design a very rudimentary debugger, which is no small task. I would recommend starting by looking at existing debugger source code (e.g., x64dbg, or cheat engine: https://github.com/cheat-engine/cheat-engine).
What is the purpose of this project?
Related
I am building a C++ application for Windows that I'm going to hook with a DLL (in assembly code). But I'm having problems reverse engineering the console application I made.
I want to keep the function addresses in the same place, but they keep moving in memory each time I edit and rebuild the DLL.
Is there a way to keep them in the same place? And is there a way to keep the backing storage of a variable (e.g. int) in the same spot (memory address)?
You don't need to hardcode addresses in assembly language.
You can just link with the DLL as usual.
If this doesn't work for you, post code and exact problem description.
Short answer: no. I've never heard about compiler/linker with this feature.
I have asked pretty much the same thing before, but my post got deleted for some reason.
Anyway, I'm trying to use C++ and write a program that allows me to access directly to the memory and write stuff to it. I heard I need to do something with the kernel as that is a "bridge" that connects the OS and application (I think). Is there anyway I can download some sdk for the kernel?
I've said this in my previous post (which got deleted after some time) that the reason to this is because I want to try and crash windows 7 as my professor at university asked me to. (so please don't ask me stuff like "why do you want to crash windows?" or something along those lines...)
Any help will be greatly appreciated.
If you're interesting in working with the kernel, you're likely looking for the Windows Driver Kit, found here:
http://msdn.microsoft.com/en-us/windows/hardware/gg487428
It has a variety of lower-level tools and headers to help you write drivers and other kernel-mode code.
Typical programs obviously don't have carte blanche access to memory, while drivers have more control (although I would guess they use the system's memory management as well, not entirely sure). You'll find more information in the WDK.
Write a driver, make it crash. Of course, in only very specific circumstances will this actually make Windows 7 crash (because, unlike the public opinion, it wasn't written by total idiots).
You can use the RtlSetProcessIsCritical function in order to flag that your process is critical for system operations.
If your process is terminated (for example if your application calls ExitProcess) a bluescreen will appear. In order to use this function you need to enable the SE_DEBUG_NAME privilege.
Good morning all,
Forgive me if the title is not too clear, I'll try to explain more here:
I am currently working with the ASI for VBS2. VBS2 executes functions from a VBS2 DLL plugin. I have my own application which I want to use to modify variables within that plugin whilst it is being used, to change what is being executed by VBS2. I began by, foolish as it may be, directly changing the variables with my application whilst the VBS2 program was running.
When this did not work I tested and found that the VBS2 program was using a different instance of the "message" object, in which I was storing the variable, to the one being accessed by my application.
What I would like to do is have my application access the same instance of the object being accessed by VBS2. I have experimented a bit with
#pragma data_seg(".testseg")
Message msg;
void foo(...); //etc.
#pragma data_seg()
but for some reason or another it still appears there are two instances being used.
I would greatly appreciate any and all help, and would add that C++ is a new language to me so please be gentle. :)
Thanks,
M
You need to use linker flags to tell the linker to place that segment in sharable memory.
See http://msdn.microsoft.com/en-us/library/ms933104.aspx
I belive you need to add something like
#pragma comment(linker, "/SECTION:.testseg,RWS")
to your program.
I'm not sure, this may only work in a DLL...
If I understand correctly what you want, you can't do this with standard C/C++ tools. Your program and the other program live in separate memory spaces and they are completely insulated from each other. If your program has administrative privileges, you can attempt to read & write the memory space of the other process using WriteProcessMemory():
http://msdn.microsoft.com/en-us/library/ms681674%28v=VS.85%29.aspx
But then there's a problem of finding the right object in that memory space.
It's not clear whether you have the source for the plugin. If you do, there are other interprocess communication techniques that can be utilised. None as simple as just changing the variable, unfortunately.
If you could help me with this dilemma I have. Now, I know C \ C++, I know asm, I know about dll injection, I know about virtual memory addressing, but I just can't figure out how
software like CheatEngine, and others, manage to change a variable's value in another process.
For those who don't know, 3rd party cheat engine tools can scan for values in the memory space of a program and identify the location of a variable with a given value and change it.
My question is, how do they do it?
Given an address, if I were to write C code, how could I change the value at that address belonging to another process without getting an invalid addressing error?
Thanks.
I'm fairly certain those programs are pretending to be debuggers. On Windows, I would start with DebugActiveProcess() and go from there.
Oh, and the very useful looking ReadProcessMemory() function (and WriteProcessMemory()).
On unix: ptrace()
You can't do this with Standard C or C++ - you have to use operating system specific features. So you need to tell us which OS you are interested in.
You may also be interested in Detours:
Software packaged for detouring Win32 and application APIs.
I want to create a file that only resides in memory... In looking through some documentation I saw a recommendation to use a shell extension as a virtual file. Im not sure that is a workable solution but I would like to know
Is it a good approach (or should I be using a ramdisk instead)
Where is a good place to start to read up on it
Note: This is on the Windows platform
As I understand, you want your program to create a "file", which resides only in memory and that you can pass on to another external program (say, Microsoft Word).
AFAIK this is not possible, short of a ramdrive. I'd suggest using a temporary folder. You will however have to come up with a strategy for deleting the file when it's not needed anymore.
Added: On second though, you might want to check out Reparse points. I'm not familiar with them myself, and they will only work for NTFS formatted disks, but perhaps they can provide you with what you want. It will be a lot of coding though.
You don't say on which plateform you are but I'm guessing Windows. Is mmap() available? If not, I think BerkeleyDB has been ported to Windows so you should be able to use that. Win32 API may have something akin to mmap() but I don't know it.
If you want a file that resides only in memory, use a named pipe or something, though I question your scenario - can you go up a level and describe what you want to do?