0

Just pasted what was necessary, the memory addresses aren't being written to even though my logging shows that WriteProcessMemory() was successful. Also, I've double checked that i have the correct memory addresses as well. Thank You for help.

char* offsets[][3] = {
    { "0x3E264", "0", "char[1]" },
    { "0x45848", "Auto-Mine", "char[10]" },
    { "0x458C0", "Auto-Build", "char[10]" },
    //to be continued...
};

HANDLE scHandle = OpenProcess(PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, ID);
if (scHandle == NULL) {
    log << "ERROR: OpenProcess() returned " << GetLastError() << endl;
    return false;
}
DWORD bytesOut;
for (int a = 0; a < 9; a++) {
    if (WriteProcessMemory(scHandle, (LPVOID)(wDetectorBaseAddress + (int)strtol(offsets[a][0], NULL, 0)), offsets[a][1], strlen(offsets[a][1]) + 1, &bytesOut))
    {
        log << "WriteProcessMemory() to address " << wDetectorBaseAddress << " + " << (int)strtol(offsets[a][0], NULL, 0) << " = " << wDetectorBaseAddress + (int)strtol(offsets[a][0], NULL, 0) << " with '" << offsets[a][1] << "'; " << bytesOut << " bytes were written" << endl;
    }
    else
    {
        log << "ERROR: WriteProcessMemory() returned " << GetLastError() << endl;
        return false;
    }
}
CloseHandle(scHandle);
mca64
  • 534
  • 1
  • 5
  • 17

1 Answers1

2

You need to call VirtualProtect with PAGE_EXECUTE_READWRITE before you can write to the process's memory. After writing, you need to restore the original protection.

Another thing is, how exactly do you know those addresses are always the same? Can you confirm that it never changes?

Note: You MIGHT also have to call FlushInstructionCache after writing.

Brandon
  • 22,723
  • 11
  • 93
  • 186
  • I have another question. I use similair code in Delphi (WriteProcessMemory in loop, byte are witten in every step) without VirtualProtect and it works there. Why? – mca64 Jan 13 '14 at 04:16
  • I'm not sure why it would work in delphi and not c++ but I do know that if you are trying to write to a process's memory, you MUST call virtual protect if the memory is not accessible so the delphi code may have weird behaviour when it comes to writing to other processes. Did this work for you though? – Brandon Jan 13 '14 at 11:06
  • i will let You know later. This question is for my friend. In delphi i use this for another process. He using this for the same process (inject first dll then use WriteProcessMemory) so maybe here is the problem – mca64 Jan 13 '14 at 14:35