1. 首頁
  2. 問答
  3. WriteProcessMemory

WriteProcessMemory

2010-02-05 32 views
2

好的...我想讓win32api的WriteProcessMemory工作。WriteProcessMemory

只是爲了.Net的平臺上學習WINAPI!^ ___^

我使用Nemerle但語法類似於C#,我可以肯定閱讀C#代碼。

因此,這裏是我的步驟

1)獲得勝利API函數

[DllImport("kernel32.dll",SetLastError = true)] 
public static extern WriteProcessMemory 
(hProcess : IntPtr, 
lpBaseAddress : int, 
lpBuffer : array[byte], 
nSize : int, 
lpNumberOfBytesWritten : out int) : bool;

2)開立流程,獲取調試特權^ _^...和通話功能

def WriteToMem(ProcessHandle : IntPtr, BaseAddress : int, NewVal : array[byte]) : bool 
    { 
     mutable BytesWritten : int = 0; 
     WriteProcessMemory(ProcessHandle, BaseAddress, NewVal, NewVal.Length, out BytesWritten) 
    }

3)參數:

PatchOptions.noerror = 
    if (this.textBox1.Text=="" && !this.checkBox1.Checked) 
    { 
     MessageBox.Show("Wind header caption could not be empty"); 
     false 
    } 
    else 
    if (this.textBox4.Text=="" && this.checkBox1.Checked) 
    { 
     MessageBox.Show("Process Id could not be empty"); 
     false 
    } 
    else 
    if (this.textBox2.Text=="") 
    { 
     MessageBox.Show("BaseAddress could not be empty"); 
     false 
    } 
    else 
    if (this.textBox3.Text=="") 
    { 
     MessageBox.Show("NewValue could not be empty"); 
     false 
    } 
    else 
    { 
     try 
     { 
      if(checkBox1.Checked) 
      { 
       PatchOptions.WinHeader=this.textBox4.Text.ToString(); 
       PatchOptions.window=false; 
      } 
      else 
      { 
       PatchOptions.WinHeader=this.textBox1.Text.ToString(); 
       PatchOptions.window=true; 
      } 
      PatchOptions.BaseAddress=Int32.Parse(this.textBox2.Text.ToString()); 
      PatchOptions.NewValue=BitConverter.GetBytes(Int32.Parse(this.textBox3.Text.ToString())); 
      this.Close(); 
      true 
     } 
     catch 
     { 
      e is Exception => MessageBox.Show("You entered incorrect values."); 
      false 
     } 
    }

4)調用:

def isinjected() : string 
    { 
    if (Options.PatchOptions.noerror) 
    { 
     try 
     { 
      Memory.Patch(Options.PatchOptions.WinHeader,Options.PatchOptions.BaseAddress,Options.PatchOptions.NewValue,Options.PatchOptions.window); 
     } 
     catch 
     { 
      | e is Exception => MessageBox.Show("Memory Patching error"); 
      "" 
     } 
    } 
    else 
    { 
     MessageBox.Show("Patch options Error"); 
     "" 
    } 
    } 

    def injection = isinjected(); 
    unless (injection=="") 
     this.label1.Text =injection;

5)記事本ShowStatus偏移:d(用於測試)

00b550d2 - 89 35 2c c0 b5 00 - mov [00b5c02c],esi 
00b5509d - 89 3d 2c c0 b5 00 - mov [00b5c02c],edi

6)使用轉換六角至12月取勝計算值: (這裏是麻煩)

00b550d2 = B550D2 = 11882706 ...希望它是正確的 (這是基址我猜) 陛下...什麼的NewValue? 以及我如何進入字節數組作爲整數:S

請幫我> _ <

來源

2010-02-05 Cynede

+1

.NET,你可能不應該從'WriteProcessMemory'開始,這是非常複雜的,而且通常不是很有用。 – 2012-02-23 21:46:42

回答

2

這裏是WriteProcessMemory的使用在Nemerle一個例子:如果你只是想學習

using System.Runtime.InteropServices; 
using System; 
using WinApi; 

[ Flags ] 
enum AllocationType 
{ 
    | Commit = 0x1000 
} 

[ Flags ] 
enum ProcessAccess : int 
{ 
    | VMOperation = 0x8 
    | VMRead  = 0x10 
    | VMWrite  = 0x20 
} 

[ Flags ] 
enum MemoryProtection 
{ 
    | ReadWrite = 0x04 
} 

module WinApi 
{ 
    [ DllImport("kernel32.dll") ] 
    public extern OpenProcess 
     (dwDesiredAccess : ProcessAccess 
     , bInheritHandle : bool 
     , dwProcessId  : int 
     ) : IntPtr; 

    [ DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true) ] 
    public extern VirtualAllocEx 
     (hProcess   : IntPtr 
     , lpAddress  : IntPtr 
     , dwSize   : uint 
     , flAllocationType : AllocationType 
     , flProtect  : MemoryProtection 
     ) : IntPtr; 

    [ DllImport("kernel32.dll", SetLastError = true) ] 
    public extern WriteProcessMemory 
     (hProcess    : IntPtr 
     , lpBaseAddress   : IntPtr 
     , lpBuffer    : array[byte] 
     , nSize     : uint 
     , lpNumberOfBytesWritten : out int 
     ) : bool; 
} 

def data = System.Text.Encoding.Unicode.GetBytes("Hello World!\0"); 

def process = OpenProcess 
    (dwDesiredAccess 
     = ProcessAccess.VMOperation 
     | ProcessAccess.VMRead 
     | ProcessAccess.VMWrite 
    , bInheritHandle = false 
    , dwProcessId  = 0x00005394 // Notepad instance 
    ); 
Console.WriteLine($"process: $process"); 

def memory = VirtualAllocEx 
    (hProcess   = process 
    , lpAddress  = IntPtr.Zero 
    , dwSize   = data.Length :> uint 
    , flAllocationType = AllocationType.Commit 
    , flProtect  = MemoryProtection.ReadWrite 
    ); 
Console.WriteLine($"memory: $memory"); 

mutable bytesWritten; 
_ = WriteProcessMemory 
    (hProcess    = process 
    , lpBaseAddress   = memory 
    , lpBuffer    = data 
    , nSize     = data.Length :> uint 
    , lpNumberOfBytesWritten = out bytesWritten 
    ); 
Console.WriteLine($"bytesWritten: $bytesWritten");

來源

2010-02-05 12:44:21

+0

非常感謝你:)什麼意思是「_ =」模式匹配? : - /很高興認識你 - 有人可以幫助Nemerle堆棧溢出* __ * – Cynede 2010-02-05 13:22:03

+1

「_ =」是一種說法,你不需要表達式的結果。如果你沒有將任何非void函數的結果賦值給任何東西,編譯器會給你一個警告。 – 2010-02-05 13:33:33

+0

我必須添加_ =到任何顯示函數的MessageBox嗎? :) – Cynede 2010-02-05 13:54:21

相關問題

 相關問題