Help With Memory Editing

kanazky · May 09, 2004, 03:31 PM

I made a program that finds the system process but now I wanna try and find a adrress inside that process and change the value of it. How would I do this?

Eric · May 09, 2004, 03:38 PM

I'm not completely sure on this because I just started working with memory allocation recently, but I don't think you can access another application's memory without actually being a part of the application so you'll have to read up on DLL injection.

iago · May 09, 2004, 03:40 PM

You'll want ReadProcessMemory() and WriteProcessMemory().

kanazky · May 09, 2004, 03:41 PM

You know any tutorials on this kinda stuff?

Eric · May 09, 2004, 03:46 PM

Quote from: iago on May 09, 2004, 03:40 PM
You'll want ReadProcessMemory() and WriteProcessMemory().

QuoteEach process on 32-bit Microsoft® Windows® has its own virtual address space that enables addressing up to 4 gigabytes of memory. Each process on 64-bit Windows has a virtual address space of 8 terabytes. All threads of a process can access its virtual address space. However, threads cannot access memory that belongs to another process, which protects a process from being corrupted by another process.

MSDN lied to me.

kanazky · May 09, 2004, 03:48 PM

completely clueless. If someone could help me out a bit. Im trying to make a program that will search the selected program for memory adresses with a value thats put in a text field. Then post all the results so that the user can change the value and get a different result out of the proccess. All my searches will be on Byte1 values.

Is there any tutorials out there

iago · May 09, 2004, 05:57 PM

I gave you two great keywords to stick into google.

Forged · May 09, 2004, 06:26 PM

Let me find my mh sourcew code for war3, that should help you a little.

kanazky · May 09, 2004, 06:26 PM

hahaha they most C++ results though

Forged · May 09, 2004, 06:36 PM

www.shadow-tech.org/Forged/mh.zip

WriteProcess is shown in that.

kanazky · May 09, 2004, 06:39 PM

Wow I can always count on you guys to bring great help with you to these forums!

iago · May 09, 2004, 06:43 PM

Quote from: kanazky on May 09, 2004, 06:26 PM
hahaha they most C++ results though

It works the same in vb as c++ once you get it going.

Adron · May 09, 2004, 06:50 PM

Quote from: kanazky on May 09, 2004, 03:31 PM
I made a program that finds the system process but now I wanna try and find a adrress inside that process and change the value of it. How would I do this?

I don't think you'll have much luck with the system process though. What would you want to replace there?

Skywing · May 09, 2004, 06:52 PM

Quote from: iago on May 09, 2004, 03:40 PM
You'll want ReadProcessMemory() and WriteProcessMemory().

The system process doesn't have it's own address space (when executing in the system process, the only addressable region is the kernel region). You would need to be running in kernel mode to read memory from there.

kanazky · May 09, 2004, 06:53 PM

Its actually a game. You can trigger new events by changing the memory adresses but I want to actually search though the adresses for ones that match the byte and then search for those that changed and stuff so i can find the 3 addresses that trigger the event. Yes I am aware that you can download stuff to do this but I wanna learn this.

Go to Page 2