How can I write on another process memory?

2019-01-17 18:42发布

站内问答 / C#
1178 4 4

I have an address that I would like to modify. I have the process. I have the new value. So now what?

// My Process
var p = Process.GetProcessesByName("ePSXe").FirstOrDefault();

// Address
var addr = 0x00A66E11;

// Value
var val = 0x63;

How can I write 0x63 (99) to this address on another process memory?

4条回答
一纸荒年 Trace。
2楼-- · 2019-01-17 18:52

@Harvey, from your answer I dug up and found a lot:

Open, Close and Write signatures:

[DllImport("kernel32.dll")]
static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);

[DllImport("kernel32.dll", SetLastError = true)]
static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out int lpNumberOfBytesWritten);

[DllImport("kernel32.dll")]
public static extern Int32 CloseHandle(IntPtr hProcess);

Flags:

[Flags]
public enum ProcessAccessFlags : uint
{
    All = 0x001F0FFF,
    Terminate = 0x00000001,
    CreateThread = 0x00000002,
    VMOperation = 0x00000008,
    VMRead = 0x00000010,
    VMWrite = 0x00000020,
    DupHandle = 0x00000040,
    SetInformation = 0x00000200,
    QueryInformation = 0x00000400,
    Synchronize = 0x00100000
}

Make my life easier method:

public static void WriteMem(Process p, int address, long v)
{
    var hProc = OpenProcess(ProcessAccessFlags.All, false, (int)p.Id);
    var val = new byte[] { (byte)v };

    int wtf = 0;
    WriteProcessMemory(hProc, new IntPtr(address), val, (UInt32)val.LongLength, out wtf);

    CloseHandle(hProc);
}

Writing into another process memory:

static void Main(string[] args)
{
    var p = Process.GetProcessesByName("ePSXe").FirstOrDefault();

    WriteMem(p, 0x00A66DB9, 99);
}
查看更多
0人赞 添加讨论(0) 举报
做自己的国王
3楼-- · 2019-01-17 18:54

Despite P/Invoke native functions such as WriteProcessMemory works perfectly, libraries dedicated to memory editing exist and enables you to accomplish this task in an easier way.

Using the library MemorySharp, this can be summarized as:

using(var sharp = new MemorySharp(Process.GetProcessesByName("ePSXe").FirstOrDefault()))
{
   sharp[0x00A66E11, false].Write(0x63);
}

The previous code assumes the address where the value is written is not rebased.

查看更多
0人赞 添加讨论(0) 举报
Ridiculous、
4楼-- · 2019-01-17 18:55

You can use WriteProcessMemory, but be aware that you need to turn on debug privileges, and that it won't work with lots of secured processes in Vista and later.

And that you'll probably shoot yourself in the foot and crash things a few times. I suggest you don't have any important programs running when you do this.

Good luck, you'll need it. :)

查看更多
0人赞 添加讨论(0) 举报
虎瘦雄心在
5楼-- · 2019-01-17 19:05

Check out WriteProcessMemory at pinvoke.net

Here is another similar post on StackOverflow but they are talking about C++. You can do the same using pinvoke.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)