Patching A Processes Memory Without Injecting

tarafından **Hello EMO** Perş. Ara. 09, 2010 6:14 am

[QUOTE=sAtAn;254535]Small Tutorial On Patching A Processes Memory Without Injecting A Dll:

Kod:: ReadProcessMemory( hProcess, // handle to the process which you want to patch (void*)0x[b]OffsetHere[/b], // offset to the function you want to read (void*)Pointer, // pointer to get the function offset e.g. origin function 4, // size to read most of the time this is 4 or 6 the sizeof(DWORD) 0 ); // number bytes read not really needed

This code is used to read the function out the memory and save the offset so we can call it later.
It is really not needed cause you can make a pointer directly if you like.

Kod:: // [b]Typedef Calling[/b] typedef int ( *FuncPtr ) ( void ); FuncPtr Org_Pointer = ( FuncPtr ) ( 0xOffsetHere ); // Nows hold the original function Org_Pointer( ); // So calling from the hooked is easy which so it doesn't [i]crash the process[/i] // [b]Indirect Calling[/b] DWORD * dwPointer = ( DWORD* ) ( 0xOffsetHere ); DWORD dwOrg_Pointer = NULL; // Set [i]dwOrg_Pointer[/i] as a [i]reference[/i] to [b]dwPointer[/b] dwOrg_Pointer = *dwPointer; // This is a bit more confusing a [b]Indirect Pointer[/b] to the function which can be called via inline assemble _asm { call dwPointer // Must be called inside the hooked function } // Now if the function you are hooking has Arguments and you want to use the [b]Indirect Pointer[/b] you must // push these Arguments on to the stack before calling the function _asm { push argumentC push argumentB push argumentA call ArgumentFunction } // Since the stack is Last In First Out( LIFO ) you have push the arguments on backwards e.g. // Say this is [b]ArgumentFunction[/b] void ArgumentFunction ( int argumentA, int argumentB, int argumentC ); // Pushing the Arguments goes like so push argumentC push argumentB push argumentA

OK! All the calling methods have been covered now for patching Smile

.

Kod:: WriteProcessMemory( hProcess, // handle to the process which you want to patch (void*)0x[b]OffsetHere[/b], // offset to the function you which was read or the address you want (void*)Pointer, // pointer to the hooked function 4, // size to read most of the time this is 4 or 6 the sizeof(DWORD) 0 ); // number bytes read not really needed // This method is more likly to be used with [b]Typedef Calling[/b] and not [b]Indirect Calling[/b]. // But still isn't needed at all if you know alot aboput pointer's. Since everything is covered now i'm done // [b]Indirect Calling[/b] Patch dwPointer = &Hooked_Function; // Pie?

- RetarT -[/QUOTE]