I want to learn how to read other processes memory and have my program call the other processes functions and what not with my own parameters and stuff. I've googled it and it seems like you need to use things like ReadProcessMemory but I haven't been able to find any good tutorials explaining how to use them. Could anyone point me in the right direction to learn things like this? I want to do it in C++ (or java if possible) on Windows (7 and 64bit if that matters).
Also, I know this sounds subjective and could be used for malicious purposes, but I guarantee that I will not use any knowledge gained from this for any harmful reasons. I purely want to learn this for fun and to teach myself something new.
Processes cannot access other processes' memory in principle. In practice the underlying operating system usually offers this mechanism to privileged processes. Save this answer.
To do so, use EnumProcessModules and GetModuleFileNameEx to find the filename of the module with the function you want. (Could be an EXE or a DLL.)
Now, whenever a function is called a new stack frame is created with all the function's data and this stack frame is pushed in the program stack, and the stack pointer that always points the top of the program stack points the stack frame pushed as it is on the top of the program stack.
You can't directly call functions in other processes, because your process and the other process have different address spaces. One way to get around this is by creating a remote thread in the process (using CreateRemoteThread or RtlCreateUserThread), but that only allows you to pass in one parameter to the function. You could try creating a remote thread, writing the parameters to its stack and changing its registers using SetThreadContext. Another way is to inject your own DLL which calls the function.
Another problem is locating the function to call. You would probably need to load symbols for EXEs or DLLs where the function you need isn't exported.
For general questions about Windows internals, try asking on Sysinternals Forums.
EDIT: What you've stated (reading a string which the process checks against user input) is very difficult to do in a program without knowing the layout of the instructions and data in the image file beforehand. If for example you have a crackme program, you would either use a static analysis tool like IDA Pro or run the program under a debugger. Either way, these things usually require human input and are difficult to do automatically.
Processes, by design and by definition, are isolated from each other. They have separate address space.
The operating system keeps its processes separated and allocates the resources they need so that they are less likely to interfere with each other ...
They can certainly communicate, but only if they choose to, through some form of inter-process communication.
However, threads, sometimes known as lightweight process, share their address space and can read each others' data structures.
Not sure, what you meant by
call the other processes functions
A function f()
can be compiled into multiple processes' executable code. Process A and process B can call f()
independently in their context.
Otherwise, process A can "communicate" to process B to perform some action, which for example may be implemented in function g()
in B. B can execute it in its context and "communicate" the result back to A.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With