read and write from other process

后端 未结 1 759
遥遥无期
遥遥无期 2021-01-22 11:27

I want to be able to read and write from another process\'s memory. I called the functions Readprocessmemory() and WriteProcessmemory() from Kern

1条回答
  •  逝去的感伤
    2021-01-22 12:27

    In order to read and write memory to another process you need to use the ReadProcessMemory and WriteProcessMemory functions provided by kernel32. If you are using C# you will need to use PInvoke to import these functions into your current process.

    More generally, what you need to do is this:

    • Work out what process it is that you want to read/inject
    • Call OpenProcess() to get a handle to the process. You'll want to send GENERIC_READ | GENERIC_WRITE as the flags to this, and you'll get a HPROCESS back that you'll need to check is not NULL.
    • Decide where you want to read from in the foreign process (this is a foreign process pointer). You also need to decide how many bytes to read.
    • Allocate that many bytes in your current process to hold the result of the read.
    • Call ReadProcessMemory passing in the HPROCESS that you've opened, the foreign-process-pointer to read from in the other process, a pointer to your local buffer and the number of bytes to be read from the foreign process to your local buffer.

    Once this is done you can look at your local buffer and you'll see data that used to be in the foreign process, and life will be good.

    0 讨论(0)
提交回复
热议问题