ryuchetval
How do I cheat?
![]() Reputation: 0
Joined: 10 Feb 2015
Posts: 2
|
 Posted: Tue Feb 10, 2015 5:34 pm Post subject: C# WriteProcessMemory on Read-Only memory |
 |
|
Hello everybody.
I am currently trying to read a value from memory and modify it using ReadProcessMemory and WriteProcessMemory in C#.
When I am reading from memory at
| Code: | proc.MainModule.BaseAddress + 0x2235D4
or directly at
0x006235D4 |
it prints a 16 bytes length char array (ASCII)
The read procedure is successful and prints the value as expected but the problem comes when I am trying to write at that address (using either of the memory offset values).
The WriteProcessMemory returns false (as in it did not write anything in memory).
When I am using CheatEngine to search for the 16 char long string in the executable it is only found if "Writable" is unchecked or set to "Square", therefore I believe it is constant. I can change it with CheatEngine but I can't from my program and I don't know why.
This is part of the code :
| Code: | [DllImport("kernel32.dll")]
private static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll")]
private static extern bool WriteProcessMemory(IntPtr hProcess, uint lpBaseAddress,
byte[] lpBuffer, int nSize, IntPtr lpNumberOfBytesWritten);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, [Out] byte[] lpBuffer, int dwSize, out int lpNumberOfBytesRead);
public enum ProcessAccessFlags : uint
{
All = 2035711,
Terminate = 0x00000001,
CreateThread = 0x00000002,
VMOperation = 0x00000008,
VMRead = 0x00000010,
VMWrite = 0x00000020,
DupHandle = 0x00000040,
SetInformation = 0x00000200,
QueryInformation = 0x00000400,
Synchronize = 0x00100000
}
Process proc = new Process();
proc.StartInfo.FileName = executable_name;
if (proc.Start())
{
proc = Process.GetProcessById(proc.Id);
//IntPtr processHandle = OpenProcess(ProcessAccessFlags.All, false, proc.Id);
IntPtr processHandle = proc.Handle; //tried the above and not working either
int bytesRead = 0;
byte[] readbuffer = new byte[16]
ReadProcessMemory(processHandle, new IntPtr((uint)proc.MainModule.BaseAddress + 0x2235D4), readbuffer, readbuffer.Length, out bytesRead)
Console.WriteLine(Encoding.ASCII.GetString(readbuffer));//prints the 16 chars correclty
IntPtr bytesWritten = IntPtr.Zero;
byte[] buffer = Encoding.ASCII.GetBytes("lalalalalalalala");
WriteProcessMemory(processHandle, (uint)proc.MainModule.BaseAddress + 0x2235D4, buffer, buffer.Length, bytesWritten);//returns false all the time and no memory is changed
}
I really don't know how to fix this and be able to write in the memory, I googled everything possible and nothing worked.
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Reputation: 470
