Recent

Author Topic: WriteProcessMemory not working for me...  (Read 3021 times)

CodeSculptor

  • New Member
  • *
  • Posts: 10
WriteProcessMemory not working for me...
« on: July 16, 2022, 05:36:24 pm »
My WRITEPROCESSMEMORY call is consistently not writing anything, and the Bytes Written returned is consistently ZERO..

Here's the code I am using to prepare for the calls :

Get the Process ID as :
      Main_Process_ID : Cardinal;
      Main_Process_ID := Get_ProcessID( Trim( UpperCase( lbProcesses.GetSelectedText )));

Set up the read/write area as :

VAR Heap_Byte_Address : Pointer;
       tmpByte_Array     : ARRAY [ 00 .. 128 ] OF BYTE;

Heap byte address was fetched from corresponding ModuleInfo.lpBaseOfDll...
So the READS work great.

This works ok. (even when I read the entire heap... but only trying two bytes here )

PROCEDURE intReadBuffer_From_Memory;
    VAR HowManyBytesRead : QWord;
        Process_Handle   : HANDLE;
       
    BEGIN
         Process_Handle := OpenProcess( PROCESS_ALL_ACCESS, False, Main_Process_ID );

         ReadProcessMemory( Process_Handle,
                            Pointer( Heap_Byte_Address ),
                            @tmpByte_Array,
                            2,
                            HowManyBytesRead );
         
         CloseHandle( Process_Handle );
    END;
   

Here is how I prepare the assigning for Write (two bytes only)...
       tmpByte_Array[ 0 ] := 65;
       tmpByte_Array[ 1 ] := 65;
       WB_Size                 := 2;

Then I call with  WriteBufferToMemory( Heap_Byte_Address );     (below)...


Here's the call that fails :

    PROCEDURE WriteBufferToMemory( inAddress : Pointer );
    VAR HowManyBytesWritten : QWord;
        Process_Handle      : HANDLE;
       
    BEGIN                                 
         HowManyBytesWritten := 0;
         Process_Handle := OpenProcess( PROCESS_ALL_ACCESS, False, Main_Process_ID );

         WriteProcessMemory( Process_Handle, 
                             Pointer( Heap_Byte_Address ),
                             @tmpByte_Array,
                             2, 
                             HowManyBytesWritten );
         
         CloseHandle( Process_Handle );
    END;

It's the WriteProcessMemory that fails.  Keeps showing 0 bytes written, and returns the original bytes again when I call the read again.

Any ideas?

Thaddy

  • Hero Member
  • *****
  • Posts: 14165
  • Probably until I exterminate Putin.
Re: WriteProcessMemory not working for me...
« Reply #1 on: July 16, 2022, 06:11:11 pm »
So you have an array of 129 bytes? Are you sure that is what you mean? Shouldn't it be [0..127]?
Code: Pascal  [Select][+][-]
  1.  tmpByte_Array     : packed array [ 0 .. 127 ] of byte;// packed because of alignment, 128 bytes long
I suspect, but did not test, that your code is over-indexing. In {$R+} state the compiler will warn you about that.
« Last Edit: July 16, 2022, 06:16:01 pm by Thaddy »
Specialize a type, not a var.

Martin_fr

  • Administrator
  • Hero Member
  • *
  • Posts: 9754
  • Debugger - SynEdit - and more
    • wiki
Re: WriteProcessMemory not working for me...
« Reply #2 on: July 16, 2022, 06:45:41 pm »
You didn't even tell what LastError reports....

440bx

  • Hero Member
  • *****
  • Posts: 3921
Re: WriteProcessMemory not working for me...
« Reply #3 on: July 16, 2022, 07:02:48 pm »
Code: Pascal  [Select][+][-]
  1. Process_Handle := OpenProcess( PROCESS_ALL_ACCESS, False, Main_Process_ID );
  2.  
The first thing to do is to check that OpenProcess succeeded, _particularly_ when you're asking for PROCESS_ALL_ACCESS.

Start there and, as Martin_fr suggested, when something fails, get the last error from the O/S, otherwise you're programming blind.

ETA:

formatting suggestion, put your code between tags [ code = pascal ] <your code> [ /code ]  (without the spaces after/before the brackets)
« Last Edit: July 16, 2022, 07:06:32 pm by 440bx »
(FPC v3.0.4 and Lazarus 1.8.2) or (FPC v3.2.2 and Lazarus v3.2) on Windows 7 SP1 64bit.

CodeSculptor

  • New Member
  • *
  • Posts: 10
Re: WriteProcessMemory not working for me...
« Reply #4 on: July 16, 2022, 07:05:49 pm »
I'd totally forgotten about Last Error..
it returns 998 .

Seems I MIGHT need : VirtualProtectEx'ing

440bx

  • Hero Member
  • *****
  • Posts: 3921
Re: WriteProcessMemory not working for me...
« Reply #5 on: July 16, 2022, 07:08:58 pm »
Did you first check that OpenProcess was successful ?
(FPC v3.0.4 and Lazarus 1.8.2) or (FPC v3.2.2 and Lazarus v3.2) on Windows 7 SP1 64bit.

CodeSculptor

  • New Member
  • *
  • Posts: 10
Re: WriteProcessMemory not working for me...
« Reply #6 on: July 17, 2022, 02:47:01 am »
To answer questions, YES, I did check to see that the process was open.

And the biggest clue was Martin_fr's comment regarding : "LastError"...

The 998 showed it was lack of permission to mod memory..

So the NEW write is now working as (oldSettings is : DWORD ) :

VirtualProtectEx( Process_Handle,
                           Pointer( Heap_Byte_Address ),
                           2,
                           PAGE_EXECUTE_READWRITE,
                           @oldSettings );

         
         
         WriteProcessMemory( Process_Handle, 
                                               Pointer( Heap_Byte_Address ),
                             @tmpByte_Array,
                             2, 
                             HowManyBytesWritten );

         VirtualProtectEx( Process_Handle,
                           Pointer( Heap_Byte_Address ),
                           2,
                           oldSettings,
                           @oldSettings);                 



Thanks everyone :)

 

TinyPortal © 2005-2018