Page 2 of 2 FirstFirst 12
Results 16 to 22 of 22

Thread: Patch a program in memory

  1. #16
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,456
    Blog Entries
    15
    because it shouldn't work
    any arbitrary process shouldn't be able to write / modify any other arbitrary process
    unless the writing process has gained itself proper authorities / privileges
    else any script kiddies samanthalovesyou.scr would be able to edit winlogon.exe and
    send more screen savers to bill gates from your mickysoft.oldlook

    i made 3 changes to your program that you suggest are setup changes user should modify before using
    address to write / what to write / whom to write

    the three changes i do are

    Code:
    0:000> !grep -i -e "Calc" -c "!hwnd"
    Name        Calculator   < this will be my window name
    Class       SciCalc
    Name        CalcMsgPumpWnd
    0:000> du poi(1014b6c)   < this will be where i write
    000b87c0  "Cannot divide by zero."
    0:000> du 100131c  this will be what i write
    0100131c  "An unknown error has occured."
    0:000>
    and i should get access denied for PROCESS_ALL_ACCESS in OpenProcess
    changing it to PROCESS_VM_OPERATION || PROCESS_VM_WRITE

    i should get access denied error for WriteProcessMemory

    from where i should strive to become a debugger proper not some screensaver overwriting one of my important password with 1am133tbabe from an ordinary untrusted temporary guest account with barest of the barest privileges on a closed down box


    i run a fresh calc instance
    list the directory and pipe the output to a txt file (create new every time so 0 byte file no previous entries inside)
    compare the posted code with modified code and append the results to the previously created txt file
    print the contents of the file that contains posted code for verification and append the results aain to the file
    compile the modified file and append the results
    list the directory again and append teh results
    run the compiled executable and append the output
    and print the contents of the file with all the results back in one go in a xp sp3 box

    see below




    Code:
    C:\TESTPA~1>calc & dir /b > res.txt & fc modpatchmem.cpp unmodpatchmem.cpp >> re
    s.txt & type unmodpatchmem.cpp >> res.txt & cl /EHsc modpatchmem.cpp user32.lib
    >> res.txt & dir/b >> res.txt & modpatchmem.exe >> res.txt & wmic os get caption
    , csdversion /format:list  >> res.txt & type res.txt  
    
    Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 16.00.30319.01 for 80x86
    Copyright (C) Microsoft Corporation.  All rights reserved.
    
    modpatchmem.cpp
    res.txt
    unmodpatchmem.cpp
    
    Comparing files modpatchmem.cpp and UNMODPATCHMEM.CPP
    ***** modpatchmem.cpp
    // setup here
    LPVOID targetAddress = (LPWORD)0x01014b6c; // address
    int newValue = 0x100131c;
    
    ***** UNMODPATCHMEM.CPP
    // setup here
    LPVOID targetAddress = (LPWORD)0x017E5950; // address
    int newValue = 1000;
    
    *****
    
    ***** modpatchmem.cpp
    {
        HWND hWnd = FindWindowW(0, L"Calculator");
    
    ***** UNMODPATCHMEM.CPP
    {
        HWND hWnd = FindWindow(0, L"WindowName");
    
    *****
    
    
    
    #include <iostream>
    #include <windows.h>
    
    using namespace std;
    
    // setup here
    LPVOID targetAddress = (LPWORD)0x017E5950; // address
    int newValue = 1000;
    
    int main()
    {
        HWND hWnd = FindWindow(0, L"WindowName");
    
        if(!hWnd)
        {
            cout << "Could not find target window" << endl;
            return 1;
        }
    
        DWORD pID;
        GetWindowThreadProcessId(hWnd, &pID);
    
        HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, false, pID);
        if(!handle)
        {
            cout << "Could not open a process handle!" << endl;
            return 1;
        }
    
        size_t sznewValue = sizeof(newValue);
        int ret = WriteProcessMemory(handle, targetAddress, &newValue, sznewValue, N
    ULL);
    
        if(ret < 1)
        {
            cout << "WriteProcessMemory failed!" << endl;
            return 1;
        }
        cout << "Written value to target memory address!" << endl;
        return 0;
    }modpatchmem.cpp
    
    Microsoft (R) Incremental Linker Version 10.00.30319.01
    Copyright (C) Microsoft Corporation.  All rights reserved.
    
    /out:modpatchmem.exe
    modpatchmem.obj
    user32.lib
    modpatchmem.cpp
    modpatchmem.exe
    modpatchmem.obj
    res.txt
    unmodpatchmem.cpp
    
    
    Could not open a process handle!
    
    
     C a p t i o n = M i c r o s o f t   W i n d o w s   X P   P r o f e s s i o n a
     l
     C S D V e r s i o n = S e r v i c e   P a c k   3
    
    
    
    C:\TESTPA~1>

    second modification

    Code:
    
    C:\TESTPA~1>ren modpatchmem.cpp modpatchmemold.cpp
    
    C:\TESTPA~1>copy modpatchmemold.cpp modpatchmem.cpp
            1 file(s) copied.
    
    C:\TESTPA~1>del *.exe *.txt *.obj
    
    C:\TESTPA~1>dir /b
    modpatchmem.cpp
    modpatchmemold.cpp
    unmodpatchmem.cpp
    
    C:\TESTPA~1>edit modpatchmem.cpp
    
    C:\TESTPA~1>fc modpatchmem.cpp modpatchmemold.cpp
    Comparing files modpatchmem.cpp and MODPATCHMEMOLD.CPP
    ***** modpatchmem.cpp
    
        HANDLE handle = OpenProcess(PROCESS_VM_OPERATION || PROCESS_VM_WRITE, false,
     pID);
        if(!handle)
    ***** MODPATCHMEMOLD.CPP
    
        HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, false, pID);
        if(!handle)
    *****
    
    
    C:\TESTPA~1>cl /EHsc modpatchmem.cpp user32.lib
    Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 16.00.30319.01 for 80x86
    Copyright (C) Microsoft Corporation.  All rights reserved.
    
    modpatchmem.cpp
    Microsoft (R) Incremental Linker Version 10.00.30319.01
    Copyright (C) Microsoft Corporation.  All rights reserved.
    
    /out:modpatchmem.exe
    modpatchmem.obj
    user32.lib
    
    C:\TESTPA~1>modpatchmem.cpp
    
    C:\TESTPA~1>modpatchmem.exe
    Could not find target window
    
    C:\TESTPA~1>calc
    
    C:\TESTPA~1>modpatchmem.exe
    WriteProcessMemory failed!
    
    C:\TESTPA~1>
    Last edited by blabberer; August 20th, 2013 at 03:20.

  2. #17
    Well of course! All that is needed is something very simple depending on the OS and libarys used by the target, But DLL redirection, ON ATTACH, write to memory. (depending how the dll was loaded)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #18
    NtProtectVM/NtWriteVM. Amen!

  4. #19
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,456
    Blog Entries
    15
    Well of course!

    oh yeah of course

    so you say writing a proper debugger is a breeze for some one who just came to know that there is a programming language called c and landed here via google search well hats off to you

  5. #20
    Quote Originally Posted by blabberer View Post
    Well of course!

    oh yeah of course

    so you say writing a proper debugger is a breeze for some one who just came to know that there is a programming language called c and landed here via google search well hats off to you
    Why thank you
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #21
    qZanity, blabber thank you very much your POF is very usefull for me

  7. #22
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Location
    Obscure Kadath
    Posts
    430
    Hi
    Probably I join late in this thread but just wanted to point that if you need to customize your own loader the best source is here
    http://www.accessroot.com/arteam/site/download.php?view.108

    and all the other loaders related tutorials you can find there like this
    http://www.accessroot.com/arteam/site/download.php?view.81
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't
    http://www.accessroot.com

Similar Threads

  1. Patch works in memory but not in executable file!
    By yyzyyz in forum The Newbie Forum
    Replies: 7
    Last Post: June 26th, 2008, 06:51
  2. How can I allocate memory in debugged program?
    By forgot in forum Plugins (General)
    Replies: 4
    Last Post: August 9th, 2005, 06:07
  3. "Patch program" functions removed in IDA Pro?!?
    By dELTA in forum Tools of Our Trade (TOT) Messageboard
    Replies: 13
    Last Post: August 21st, 2004, 18:55
  4. Unable to read memory of debugged program
    By yaa in forum OllyDbg Support Forums
    Replies: 7
    Last Post: August 15th, 2003, 13:39
  5. DS 2.7 Patch correction. Sorry.
    By nikolatesla20 in forum Tools of Our Trade (TOT) Messageboard
    Replies: 5
    Last Post: October 25th, 2002, 16:02

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •