flat assembler
Message board for the users of flat assembler.

Index > Windows > WriteProcessMemory

Author
Thread Post new topic Reply to topic
DerTobi



Joined: 20 May 2013
Posts: 10
Location: DE
DerTobi 28 Jun 2013, 12:25
Code:
; http://www.betamaster.us/blog/?p=757

format PE GUI 4.0
include 'D:\FASM\INCLUDE\WIN32AX.INC'

entry start
;================== code =====================
section '.code' code readable executable
;=============================================

proc start

        invoke FindWindow, NULL, WindowTitle ; Find the window titled ‘Notepad’
        test eax,eax ; Test whether a window with that title was found or not
             jnz .ju1 ; Don’t jump = The window was not found
             invoke MessageBox,0, message1, _caption, MB_OK ;  Display an error message (Window not found)
             jmp .exit ;  Exit the application
             .ju1: ; Jumped = The window was found
        invoke GetWindowThreadProcessId, eax, ProcID ; Get the ProcessID via the window handle
        invoke OpenProcess, 0x1F0FFF, FALSE, [ProcID] ; Open the process using PROCESS_ALL_ACCESS (0x1F0FFF) and get a handle
        mov dword[ProcHandle],eax ; Save the handle

        ; VirtualAllocEx: Reserves/commits a region of memory within the virtual address space of out target process
        ; We should do this in order to avoid potential access violations (which might cause crashes)
        invoke VirtualAllocEx,dword [ProcHandle], startAddress, _patch.size, MEM_COMMIT, PAGE_READWRITE
        cmp eax, 0 ; EAX == 0 : Failed to reserve the memory region
        jnz .cont ; EAX != 0 : Continue with further steps
        invoke MessageBox,0, message4, _caption, MB_OK ; Display an error: VirtualAllocEx failed to reserve the memory region
        jmp .exit ; Exit the application
        .cont:
        invoke WriteProcessMemory, dword[ProcHandle], startAddress, patchBytes, _patch.size, patchResult
        cmp [patchResult],_patch.size ; Compare the number of patched bytes with the length of our new bytes
        je .ju2 ; Don’t jump = Failed to patch the target
        invoke MessageBox,0, message3, _caption, MB_OK ;  Display an error message (An error occured)
        jmp .exit ;  Exit the application
        .ju2: ; Jumped = Target patched successfully.
        invoke MessageBox,0, message2, _caption, MB_OK ; Display: The target has been patched successfully
        .exit: ; Jumper: Here we’re going to exit our application
        invoke ExitProcess, 0 ; ExitProcess

endp

;=================== data ====================
section '.data' data readable writeable
;=============================================

WindowTitle db 'Unbenannt - Editor', 0
ProcID dd ?
ProcHandle dd ?


_caption db 'Information', 0
message1 db 'Unable to find the window', 0
message2 db 'Patched successfully',0
message3 db 'Patching: An error occured',0
message4 db 'VirtualAllocEx failed',0

startAddress dd 0x00401090 ; The memory address we’re starting to write from
patchBytes   db 0x2F, 0x66 ; These bytes will be written into the memory of our target executable
_patch.size = $ - patchBytes  ; Holds the number of bytes we’re going to write
patchResult dd ? ; Holds the number of successfully written bytes

;=============================================
section '.idata' import data readable
;=============================================

library kernel32,'KERNEL32.DLL',\
user32,'USER32.DLL'

import kernel32,\
       ExitProcess,'ExitProcess',\
       OpenProcess,'OpenProcess',\
       VirtualAllocEx, 'VirtualAllocEx',\
       WriteProcessMemory,'WriteProcessMemory'

import user32,\
       FindWindow,'FindWindowA',\
       GetWindowThreadProcessId,'GetWindowThreadProcessId',\
       MessageBox,'MessageBoxA'     


I found a well explained example about WriteProcessMemory but the coder did put some bugs inside the code. Some errors i did fix but is not enough, the byte patching does not work for me Sad
Post 28 Jun 2013, 12:25
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20413
Location: In your JS exploiting you and your system
revolution 28 Jun 2013, 13:03
Post 28 Jun 2013, 13:03
View user's profile Send private message Visit poster's website Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 29 Jun 2013, 00:27
DerTobi wrote:
I found a well explained example about WriteProcessMemory but the coder did put some bugs inside the code. Some errors i did fix but is not enough, the byte patching does not work for me Sad


What specifically doesn't work here? Does it fail because of security reasons or what? Have you tried debugging it? What does GetLastError return?
Post 29 Jun 2013, 00:27
View user's profile Send private message Reply with quote
DerTobi



Joined: 20 May 2013
Posts: 10
Location: DE
DerTobi 29 Jun 2013, 12:15
Oh i made a second topic about that, sorry

so after good sleeping I have thought again about it...
and i know my issue now Smile

At first i though i do patching some bytes inside the compiled exe and i can see the changes with the debugger but it is remote patching in an other process, i did forget it.

"If all fails, read the sourcode again"
is true, funny Very Happy

thx guys
Post 29 Jun 2013, 12:15
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.