How To Manipulate Process Memory On Windows
ฝัง
- เผยแพร่เมื่อ 25 ก.ย. 2024
- Find out how to use the win32 API to manipulate the memory of another process. This is cut down from a livestream, subscribe to get notifications and join in on us building a hacking toolkit
Get the code: github.com/nat...
Become a member to get early access to videos (and to previous livestreams in full) - / @nathanbaggs
Want to build cool stuff from scratch? app.codecrafte...
💭 All views are my own 💭
Become a member to get early access to videos (and to previous livestreams in full) - th-cam.com/channels/QvW_89l7f-hCMP1pzGm4xw.htmljoin
Dude I absolutely love your channel there’s so much diversity
Glad to hear it!
Writing the entire memory section every time when you only need to replace a few bytes is a bit of overkill. Not to say the other memory may change between read and write, so you’re risking of corrupting process state unless pausing all threads first.
I made an in depth comment explaining this on his previous video about VirtualQueryEx as well :)
Sure, we’re building this on live stream so I’m focussing on the underlying techniques, we can always improve the API later. Will also be looking at debugging and thread suspension in the future
I'm loving the Peter Norton pink shirt vibe your rocking.
If the ReadProcessMemory function was never implemented, game cheating would have probably been much harder 😂. Awesome video as always.
We don’t have it on Linux, so porting this is a fun challenge
@@nathanbaggs linux memory editors do exist.
RPM/WPM was how I made most my game cheats. I always loved this method.
This is pretty interesting for sure. Is there a C# way of doing this? (without memory.dll as it's always flagged by Windows Defender).
Nevermind, just learnt about DllImport :-)
template instead of requires :)
Yup - the joy of C++, there's multiple ways of doing everything
@@nathanbaggs not sure if you are being sarcastic but that is what i love about C++ it gives you some easy things on a plate and if you need something more you can use more advanced features which you then make easy for the rest of the code to use.
would banning the read memory function be a good solution to stop most cheats in games?
what genuine functionality would we lose?
While using uint8_t will work on pretty much all compilers for bytes, your probably better using std::byte or unsigned char here as uint8_t might not be an alias to unsigned char meaning that the compiler could not treat it as aliasing everything and instead as a unique type. However looking at clang, gcc, msvc and icc on compiler explorer they all end up with uint8_t being treated as the equivalent of std::byte.
The problem I have with std::byte is that’s it’s an opaque type (by design). It usually implemented as “enum class byte : unsigned char” so you have to cast to read the data
One rare edge case that can happen here: it is possible for a string to begin in one region and end in another region directly after it, in which case your code will not find it. This is very fun to debug if you don't know what's happening, ask me how I know ;)
Stuff like this is full of edge cases!
This happened to me for real once, the app was calling VirtualProtect in order to make a page writable so it could modify some stuff, and didn't remove the write permission afterward, effectively cutting the region that the page was a part of in half. In practice everything continued to work because having the additional write permission wouldn't cause anything to fail, since the rest of the code only read from the page. There was a string I wanted to read that started right on the end of that page, and ended at the start of the next. Because of the changed permissions it counted as a different region. I had to change my process memory reading code around to account for this because I was assuming (like in this example) that strings wouldn't cross regions
Are you going to keep this library private or open source it some day?
It’s open source now! github.com/nathan-baggs/blind_io
println? no way! when was that added?
C++23
Will you do the same for linux?
We're doing it on stream at the moment! Keep an eye out for future videos
oh absolutely! @@nathanbaggs
Its almost like ptrace on linux
We’re looking at that now on stream