Jump to content
Sign in to follow this  
E1M1

ReadProcessMemory problem.

Recommended Posts

E1M1

What's wrong in my code? OpenProcess returns valist handle, 0x04E53125 is copied from cheat engine. What else can be wrong? buffer is blank but should contain number.

#Include <WinAPI.au3>
local $pBuffer
$iRead = 4
$hwnd = _WinAPI_OpenProcess(0x0010, 1, ProcessExists("game.exe"))
_WinAPI_ReadProcessMemory($hwnd, 0x04E53125, $pBuffer, 4,$iRead)
MsgBox(0,"",$pBuffer)
Edited by E1M1

edited

Share this post


Link to post
Share on other sites
Ascend4nt

$pBuffer must be a pointer to a buffer to receive the data. You must create this buffer manually, using DLLStructCreate(). You can then use DLLStructGetPtr() to use as the $pBuffer variable, and DLLStructGetSize() to get the size if you don't know it beforehand.

Share this post


Link to post
Share on other sites
E1M1

thanks, now it works but not with out following C++

openSecureProcess(LPCSTR wndclass,
                     DWORD rights)
   {
      DWORD pid;
      HWND window;
      HANDLE process;
      PACL dacl;
      PSECURITY_DESCRIPTOR secdesc;

      // Find a window which uses the window class.
      window = FindWindow(wndclass, 0);
      if(window == 0)
      {
        return 0;
      }

      // Get the process id of the process which created it.
      GetWindowThreadProcessId(window, &pid);
     
      // Try to open the process with the requested rights.
      process = OpenProcess(rights, 0, pid);
      if(process != 0)
      {
         return process;
      }

      // Get the DACL of this process since we know we have
      // all rights in it. This really can't fail.
      if(GetSecurityInfo(GetCurrentProcess(),
                         SE_KERNEL_OBJECT,
                         DACL_SECURITY_INFORMATION,
                         0,
                         0,
                         &dacl,
                         0,
                         &secdesc) != ERROR_SUCCESS)
      {
         return 0;
      }
     
      // Open it with WRITE_DAC access so that we can write to the DACL.
      process = OpenProcess(WRITE_DAC, 0, pid);
      if(process == 0)
      {
         LocalFree(secdesc);
         return 0;
      }
     
      if(SetSecurityInfo(process,
                         SE_KERNEL_OBJECT,
                         DACL_SECURITY_INFORMATION |
                         UNPROTECTED_DACL_SECURITY_INFORMATION,
                         0,
                         0,
                         dacl,
                         0) != ERROR_SUCCESS)
      {
         LocalFree(secdesc);
         return 0;
      }
         
      // The DACL is overwritten with our own DACL. We
      // should be able to open it with the requested
      // privileges now.
      CloseHandle(process);
      LocalFree(secdesc);
      process = OpenProcess(rights, 0, pid);
      if(process == 0)
      {
         return 0;
      }

      return process;
   }

I have almosst converted it to autoit, just can't convert 2 funcs.

http://www.autoitscript.com/forum/index.php?showtopic=116400&st=0&p=812224

Edited by E1M1

edited

Share this post


Link to post
Share on other sites
Ascend4nt

Just so you know, opening a Process with 'WRITE_DAC' access will require elevated privileges to alter a process running under another session or with higher Privileges in Vista+. Also, Protected processes like 'audiodg.exe' will not allow any such changes.

Opening pretty much any Process with 'WRITE_DAC' seems to work in Windows XP (at least in Admin mode), but I've only tested for the current session.. Its unlikely you'll have processes running on other sessions, but still possible in a multiple-logon situation.

Still, I find it hard to believe something like 'game.exe' would run with elevated privileges, and I think what you're trying to do is overkill. Get/Set SecurityInfo functions are easy enough to implement, but I suspect 'game.exe' is not what you're after here and I don't think its a good idea to go further with that. Plus - like I said - Vista+ will give you failure unless you alter your own Privileges.

Share this post


Link to post
Share on other sites
E1M1

try your self Diablo 2 Exp 1.13 patch.

but I suspect 'game.exe' is not what you're after here and I don't think its a good idea to go further with that

What you meant by that?

edited

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.