Geek Answers Handbook

How can you access the memory of another process and call its functions?

I want to learn how to read the memory of other processes, and my program calls other functions of the processes, as well as not my own parameters and so on. I searched for it, and it seems to you that you need to use things like ReadProcessMemory, but I could not find any good tutorials explaining how to use them. Can someone point me in the right direction to learn such things? I want to do this in C ++ (or, if possible, in Java) on Windows (7 and 64 bits, if that matters).

In addition, I know that this sounds subjective and can be used for malicious purposes, but I guarantee that I will not use any knowledge gained from this for any harmful reasons. I just want to learn this for fun and teach myself something new.

+6
c ++ windows
source share
3 answers

You cannot directly call functions in other processes because your process and another process have different address spaces. One way around this is to create a remote thread in the process (using CreateRemoteThread or RtlCreateUserThread), but this only allows you to pass one parameter to the function. You can try creating a remote thread, writing parameters to your stack, and changing its registers with SetThreadContext. Another way is to add your own DLL that calls the function.

Another problem is finding a function to call. You will probably need to load characters for an EXE or DLL where the required function is not exported.

For general questions about internal Windows components, try asking the Sysinternals Forums .

EDIT: what you specified (reading the line that the process checks for user input) is very difficult to do in the program without knowing the layout of the instructions and the data in the image file in advance. If, for example, you have a crackme program, you either use a static analysis tool, such as IDA Pro, or run the program under a debugger. In any case, these things usually require human input and are difficult to do automatically.

+6
source share

The processes , by design and by definition, are isolated from each other. They have a separate address space.

The operating system supports processes that are shared and allocate the resources they need so that they are less likely to interfere with each other ...

They can, of course, communicate, but only if they choose through interprocess communication .

However, threads , sometimes known as light processes, share their address space and can read each other's data structures.

Not sure what you meant by

call other process functions

The f() function can be compiled into the executable code of several processes. Process A and process B can call f() independently in their context.

Otherwise, process A can โ€œexchangeโ€ process B in order to perform some action, which, for example, can be implemented in function g() in B. B can execute it in its context and โ€œcommunicateโ€ the result back to A.

+1
source share

I do not see any useful use for this, but anyway. There are at least two ways to do something else:

1) CreateRemoteThread() , will create a thread in the process.

2) QueueUserAPC() will make the existing thread in this process call the callback function.

If ASLR is disabled, then just call the function without parameters. In addition, you will also need VirtualQueryEx() , ReadProcessMemory() and WriteProcessMemory() .

Yes, and this is not something to do in java :)

0
source share

More articles:


All Articles