-1

Once I needed to modify a variable that was inside another application in order to modify its behavior.

I wonder whether its possibile to create an application that will get access to another process running on the same computer and modify some variable value. Process is a native one, and the application is written in c++. Do you know some good tutorials that help to achieve this?

AstroCB
  • 12,337
  • 20
  • 57
  • 73
Darqer
  • 2,847
  • 9
  • 45
  • 65
  • As far as I know, in modern Operating Systems there's no *easy* way to patch a running process' memory from another process, you'll have to struggle a bit running some piece of software running as a Windows service. In the meanwhile, you can try your memory patches using a powerful debugger like IDA Pro – gd1 Apr 23 '11 at 08:57

2 Answers2

1

You can use shared memory for this but this is more of an advanced concept: How to implement shared memory in .NET?

You can have a look at other alternatives: Passing data between C++ (MFC) app and C#

Community
  • 1
  • 1
Teoman Soygul
  • 25,584
  • 6
  • 69
  • 80
  • I think he is not trying to make some nice IPC. I think he wants to obtrusively patch a process image at runtime. – gd1 Apr 23 '11 at 08:56
  • Then if DEP is enabled, UAC will go wild and may never allow it. – Teoman Soygul Apr 23 '11 at 09:01
  • Unless the executable has been granted the right to do some stuff. Antiviruses and firewalls, for example, don't get 'blamed' for patching one process' memory. I don't know what are the actual requirements for a process to patch another process memory, but I do know that sometimes is possible. Moreover, DEP has a different goal. Even if DEP is disabled, memory of other processes is protected. – gd1 Apr 23 '11 at 09:03
1

I think you are looking for WriteProcessMemory function, take a look on this

Community
  • 1
  • 1
Anton Semenov
  • 6,227
  • 5
  • 41
  • 69
  • uhm... The docs say: `WriteProcessMemory copies the data from the specified buffer in the current process to the address range of the specified process. Any process that has a handle with PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process to be written to can call the function. Typically but not always, the process with address space that is being written to is being debugged.` – gd1 Apr 23 '11 at 09:05
  • @Giacomo: Yes primary function of WriteProcessMemory is useage during debugging proccess. But no rules prevents you from using it without debug. But you will meet another problem in your work - you should find out address of variable in another process you are intending to modify, this is another big question and in case variable was allocated in heap it would be a difficult but of course still possible – Anton Semenov Apr 23 '11 at 09:43
  • I'm not well prepared on this topic, but I suppose it's not easy as that. I cannot create an executable that, running as a normal (unprivileged) process, messes up with a previously running WINWORD.EXE image address space. There has to be some requisites/restrictions/concerns/etc... I'll dig into it, when I have some time. – gd1 Apr 23 '11 at 11:50
  • Giacomo: This may also be helpful to you http://stackoverflow.com/questions/1777526/c-dll-injection – Anton Semenov Apr 23 '11 at 12:09