flat assembler
Message board for the users of flat assembler.

Index > Windows > WriteProcessMemory before Windows 2000?

Author
Thread Post new topic Reply to topic
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 07 Jun 2009, 07:57
What is the equivalent function I should use for Windows 3.1/95/98?

According to MSDN WriteProcessMemory only works in Windows 2000 and up. Sad


Last edited by Azu on 07 Jun 2009, 09:46; edited 2 times in total
Post 07 Jun 2009, 07:57
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 07 Jun 2009, 09:38
IIRC, all that Windows junk before 2000 don't have protected memory, just go ahead and write wherever you want to.

Oh, and replace your brackets in the link with %28 and %29.
Post 07 Jun 2009, 09:38
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 07 Jun 2009, 09:42
revolution wrote:
IIRC, all that Windows junk before 2000 don't have protected memory, just go ahead and write wherever you want to.
Thanks! So I just have to find what address the process starts at?
Is there a function for doing this, or do I have to manually search through all memory for some string that exists in that process and hopefully no others?


Last edited by Azu on 07 Jun 2009, 09:46; edited 1 time in total
Post 07 Jun 2009, 09:42
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 07 Jun 2009, 09:48
Usually one would use an inter-process communication to pass addresses to each other before reading/writing the memory.

Oh, BTW, I'm not really sure about the old Windows stuff, so take what I say with due caution.
Post 07 Jun 2009, 09:48
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 07 Jun 2009, 14:29
WriteProcessMemory is available on Win95. MSDN started to remove Win9x from the support list of many functions because that is way too smart.

revolution, I think that even programs in Win 3.0 can't write the memory of each other by simple passing a pointer (i.e., "stdcall communicate_pointer, [anotherProcess], seg:someLabel" won't work). In case I'm wrong about Win 3.0, I'm sure that on Win95 is not that simple as the virtual addresses below $80000000 are not shared across processes.
Post 07 Jun 2009, 14:29
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 07 Jun 2009, 15:16
LocoDelAssembly wrote:
because that is way too smart.
I don't get it.
The functions are too smart? Or MSDN is? Or Win95 is? Or the act of changing MSDN to say they are Win2000 only is? Or?? Confused






Anyways, since MSDN is no longer accurate, where should I look for function information from now on? Please advise.. Shocked


Last edited by Azu on 21 Aug 2009, 08:34; edited 1 time in total
Post 07 Jun 2009, 15:16
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 07 Jun 2009, 15:25
Azu wrote:
I don't get it.
I presume it was just a bit of sarcasm.
Post 07 Jun 2009, 15:25
View user's profile Send private message Visit poster's website Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 07 Jun 2009, 15:28
revolution wrote:
Azu wrote:
I don't get it.
I presume it was just a bit of sarcasm.
Yes but about what part? Confused
Post 07 Jun 2009, 15:28
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 07 Jun 2009, 15:47
About MSDN telling that Windows 2000 is the minimum OS supporting it when it isn't true (the same happens with CreateFile where clearly it can't be true).

You'll have to see the old Win32.HLP help file and press the quick info button to know if Win95 supports it.
Post 07 Jun 2009, 15:47
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 08 Jun 2009, 00:17
Thanks, I'll use this from now on.

I'm curious though, why has the data on MSDN been corrupted like that? Did Microsoft really mess up their own website (on purpose), or did someone hack it without them knowing?


edit: typo


Last edited by Azu on 08 Jun 2009, 01:41; edited 1 time in total
Post 08 Jun 2009, 00:17
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 08 Jun 2009, 01:38
I suppose this is because of the end of product support, note they don't say NT 4.0 support CreateFile when again it can't be true but yet they removed NT 4.0 from the list even though it is a NT kernel.

I haven't checked but perhaps when they move the minimum requirements to some newer OS maybe they remove some remarks about some flags/whatever that are not supported on older versions. For example if a given flag started to be supported on Windows 2000, it won't be necessary to point that out anymore because the function is documented to be available since Windows 2000 instead of, say, Windows 98 SE. So, when they misinform like this, they are also simplifying the documentation while leaving those who want to program for deprecated and unsupported OSes misinformed.
Post 08 Jun 2009, 01:38
View user's profile Send private message Reply with quote
Azu



Joined: 16 Dec 2008
Posts: 1159
Azu 08 Jun 2009, 01:42
Sad

Well I hope they stop doing this.



Thanks for explaining it though.
Post 08 Jun 2009, 01:42
View user's profile Send private message Send e-mail AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.