memory-editing

How (and why?) do memory editors work

生来就可爱ヽ(ⅴ<●) 提交于 2021-02-08 11:33:38
问题 Memory editors such as Cheat Engine are able to read the memory of other processes and modify it. How do they do it?(a code snippet would be interesting!) A process does typically not have the ability to access the memory of another one, the only cases that I've heard of are in sub-processes/threading, but memory editors are typically not related to the target process in any way. Why do they work? In what scenario is this ability useful aside from using it to hack other processes, why wouldn

How (and why?) do memory editors work

最后都变了- 提交于 2021-02-08 11:33:37
问题 Memory editors such as Cheat Engine are able to read the memory of other processes and modify it. How do they do it?(a code snippet would be interesting!) A process does typically not have the ability to access the memory of another one, the only cases that I've heard of are in sub-processes/threading, but memory editors are typically not related to the target process in any way. Why do they work? In what scenario is this ability useful aside from using it to hack other processes, why wouldn

MemorySharp setting offset to an address not working

我与影子孤独终老i 提交于 2019-12-06 10:08:52
问题 Ok so I am using the MemorySharp library to read/write the memory of a game. My problem is when I try to add the offsets to the base pointer address Visual Studio throws an error during runtime. Here is the base code using (var m = new MemorySharp(ApplicationFinder.FromProcessName("Cube").First())) { IntPtr healthPtr = GetBaseAddress("Cube") + 0x0036B1C8; int[] offsets = {0x39c, 0x16c}; foreach(var offset in offsets) { healthPtr = m[healthPtr + offset].Read<IntPtr>(); //I'm getting the error

How can I find the data structure that represents mine layout of Minesweeper in memory?

和自甴很熟 提交于 2019-12-04 07:19:46
问题 I'm trying to learn about reverse engineering, using Minesweeper as a sample application. I've found this MSDN article on a simple WinDbg command that reveals all the mines but it is old, is not explained in any detail and really isn't what I'm looking for. I have IDA Pro disassembler and the WinDbg debugger and I've loaded winmine.exe into both of them. Can someone provide some practical tips for either of these programs in terms of finding the location of the data structure that represents

How do I convert hex numbers to a character in c++?

假装没事ソ 提交于 2019-12-02 20:03:06
问题 I'm trying to convert a hex number to a character in C++. I looked it up but I can't find an answer that works for me. Here is my code: char mod_tostring(int state, int index, int size) { int stringAddress = lua_tolstring(state, index, 0); const char* const Base = (const char* const)stringAddress; return Base[0]; }; Base[0] would return a hex number like: 0000005B If you go here http://string-functions.com/hex-string.aspx and put 0000005B as the input it outputs the character "[". How would I

How can I find the data structure that represents mine layout of Minesweeper in memory?

和自甴很熟 提交于 2019-12-02 13:48:46
I'm trying to learn about reverse engineering, using Minesweeper as a sample application. I've found this MSDN article on a simple WinDbg command that reveals all the mines but it is old, is not explained in any detail and really isn't what I'm looking for. I have IDA Pro disassembler and the WinDbg debugger and I've loaded winmine.exe into both of them. Can someone provide some practical tips for either of these programs in terms of finding the location of the data structure that represents the mine field? In WinDbg I can set breakpoints, but it is difficult for me to imagine at what point to

How can I write on another process memory?

三世轮回 提交于 2019-11-27 13:21:30
I have an address that I would like to modify. I have the process. I have the new value. So now what? // My Process var p = Process.GetProcessesByName("ePSXe").FirstOrDefault(); // Address var addr = 0x00A66E11; // Value var val = 0x63; How can I write 0x63 (99) to this address on another process memory? @Harvey, from your answer I dug up and found a lot: Open, Close and Write signatures: [DllImport("kernel32.dll")] static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, [MarshalAs(UnmanagedType.Bool)] bool bInheritHandle, int dwProcessId); [DllImport("kernel32.dll", SetLastError

How can I write on another process memory?

大城市里の小女人 提交于 2019-11-26 16:10:22
问题 I have an address that I would like to modify. I have the process. I have the new value. So now what? // My Process var p = Process.GetProcessesByName("ePSXe").FirstOrDefault(); // Address var addr = 0x00A66E11; // Value var val = 0x63; How can I write 0x63 (99) to this address on another process memory? 回答1: @Harvey, from your answer I dug up and found a lot: Open, Close and Write signatures: [DllImport("kernel32.dll")] static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess,
订阅 memory-editing