-2

I am currently writing some debugging tools for personal use, and I am trying to write a software breakpoint to msvcrt.dll's printf function. As I have done error checking, my program tells me that the access is denied. How can I fix that ? With VirtualProtectEx ? That is not working.

WriteProcessMemory fails, too.

if (WriteProcessMemory(h, (void*)address, "\xcc", 1, NULL))
        {
            printf("set breakpoint..\n");
        }
        else
            printf("Failed setting breakpoint..\n");

this code fails and I think it has to do with access rights. Maybe VirtualProtectEx ?

Denis Muhic
  • 11
  • 5
  • There is not *nearly enough* information in your question to help you. Please provide *much more* detail. Show a [mcve]. Tell us what you've tried, what it did, what you expected. Tell us what you are trying to achieve in the first place. Tell us what OS you are using, what compiler you are using, etc etc. – Jesper Juhl Nov 30 '19 at 13:48
  • Yes ,sorry, that was my second thought.. – Denis Muhic Nov 30 '19 at 13:49
  • this is some of the code I wrote, which fails I am guessing.if (WriteProcessMemory(h, (void*)address, "\xcc", 1, NULL)) { printf("set breakpoint..\n"); } else printf("Failed setting breakpoint..\n"); – Denis Muhic Nov 30 '19 at 13:50
  • [What is a debugger and how can it help me diagnose problems?](https://stackoverflow.com/q/25385173/5910058) – Jesper Juhl Nov 30 '19 at 13:53
  • Also; debugging optimized code is *hard*. And debug symbols may not be reliable. Setting breakpoints in optimized code *may* not set them where you expect. – Jesper Juhl Nov 30 '19 at 13:54
  • Nah I think I know what a debugger is.I wrote other programs using WriteProcessMemory and they worked out. I can even get the address of printf in msvcrt.dll ,but I cannot write to it.. – Denis Muhic Nov 30 '19 at 13:55
  • But I am just talking to write to the address in memory."\xcc" should be the first byte and that would be the equivalent of a software breakpoint ? – Denis Muhic Nov 30 '19 at 13:57
  • https://support.microsoft.com/en-us/help/131065/how-to-obtain-a-handle-to-any-process-with-sedebugprivilege – Hans Passant Nov 30 '19 at 14:43
  • thanks .. I'll try and see – Denis Muhic Nov 30 '19 at 18:02
  • actually it is a solved question : the answer lies here https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/debug-privilege – Denis Muhic Dec 01 '19 at 00:16

1 Answers1

0

You need to run your program as administrator, you may also need to use SeDebugPrivelage to have the correct permissions.

Secondly, anytime you use WriteProcessMemory and target a code page you need to take permissions because code pages do not have write permissions. You can edit data anytime you want as these pages are marked for write permissions.

Anytime you write to code sections you want to use VirtualProtectEx, I like to do so using this function to write to memory:

void PatchEx(HANDLE hProcess, char* dst, char* src, int size)
{
    DWORD oldprotect;
    VirtualProtectEx(hProcess, dst, size, PAGE_EXECUTE_READWRITE, &oldprotect);
    WriteProcessMemory(hProcess, dst, src, size, NULL);
    VirtualProtectEx(hProcess, dst, size, oldprotect, &oldprotect);
}
GuidedHacking
  • 3,628
  • 1
  • 9
  • 59