accessing the memory of a foreign process

Question

ive been reading around the website and googling to try and find a conclusive answer to what im trying to do, but i didnt find one that answers all my questions.

i have two processes. one has an integer variable which i want to change by a second process. i know how to read/write to specific memory locations, but i only know how to do it on the native process addresses.

i dont understand createremotethread. is it possible i get the cleanest, simplest example of manipulating memory of a process not native to the running program? assuming both programs are running, of course.

thanks in advance

EDIT: i got some answers about my question from other sources. i just want to understand how do i write a vairable to a memory location, say:

WriteProcessMemory(phandle,(void*)address,val,sizeof(val),NULL);

this seems to have no effect, assuming the val is a bool:

while(true){
    key=getch();
    if(key=='1'){
        if(val)val=false;
        else val=true;
        WriteProcessMemory(phandle,(void*)address,&val,sizeof(val),NULL);
    }
    bool val2;
    ReadProcessMemory(phandle, (void*)address, &val2, sizeof(val2), NULL);
    cout<<val2<<endl;
}

always shows 0. why?

if `val` is an actual `bool` variable, then you need to use `&val` instead. But if `val` is already a pointer to a `bool`, then you don't need the `&`. — Remy Lebeau, Jun 20 '13 at 23:06
first thing, do this BOOL result = ReadProcessMemory, then output result, if result is 0 then something is wrong with either phandle, or address — aah134, Jun 20 '13 at 23:12
did that, it returns a positive. nothing wrong with reading from memory it seems — ziggyyoyo, Jun 21 '13 at 10:02
when i do BOOL result=WriteProcessMemory(phandle,(void*)address,&val,sizeof(val),NULL); , it returns a 0 though — ziggyyoyo, Jun 21 '13 at 10:21

aah134 · Answer 1 · 2013-06-20T23:03:43.713

0

try to read about shared memory, and mutex to make sure not two processes manipulating same memory spot at the same time.

BOOL WINAPI WriteProcessMemory(
  _In_   HANDLE hProcess,
  _In_   LPVOID lpBaseAddress,
  _In_   LPCVOID lpBuffer,
  _In_   SIZE_T nSize,
  _Out_  SIZE_T *lpNumberOfBytesWritten
);

did you pass the correct parameters as above, you will have to have at least the first 4 parameters to work

do the follow

WriteProcessMemory(phandle,(void*)address,&val,sizeof(val),NULL);

notice the val pass the address of the val

edited Jun 20 '13 at 23:03

answered Jun 20 '13 at 22:47

aah134

860
12
25

i did, the only question i have remaining is the usage of writeprocessmemory. i am unable to get it to work – ziggyyoyo Jun 20 '13 at 22:59
doesnt work either WriteProcessMemory(phandle,(void*)address,&val,sizeof(val),NULL); int val2; ReadProcessMemory(phandle, (void*)address, &val2, sizeof(val2), NULL); cout< – ziggyyoyo Jun 20 '13 at 23:07
check the returning value, if 0, then some parameter is wrong – aah134 Jun 20 '13 at 23:09

score 0 · Accepted Answer · answered Jun 21 '13 at 10:42

0

issue solved, i had to use HANDLE phandle = OpenProcess(PROCESS_ALL_ACCESS, 0, pid)

instead of HANDLE phandle = OpenProcess(PROCESS_VM_READ, 0, pid)

answered Jun 21 '13 at 10:42

ziggyyoyo

81
1
1
6

accessing the memory of a foreign process

2 Answers2