Visual Basic Programming | Help With Memory Editing

Author	Message	Time
kanazky	I made a program that finds the system process but now I wanna try and find a adrress inside that process and change the value of it. How would I do this?	May 9, 2004, 8:31 PM
LoRd	I'm not completely sure on this because I just started working with memory allocation recently, but I don't think you can access another application's memory without actually being a part of the application so you'll have to read up on DLL injection.	May 9, 2004, 8:38 PM
iago	You'll want ReadProcessMemory() and WriteProcessMemory().	May 9, 2004, 8:40 PM
kanazky	You know any tutorials on this kinda stuff????	May 9, 2004, 8:41 PM
LoRd	[quote author=iago link=board=31;threadid=6719;start=0#msg59213 date=1084135216] You'll want ReadProcessMemory() and WriteProcessMemory(). [/quote] [quote]Each process on 32-bit Microsoft® Windows® has its own virtual address space that enables addressing up to 4 gigabytes of memory. Each process on 64-bit Windows has a virtual address space of 8 terabytes. All threads of a process can access its virtual address space. However, threads cannot access memory that belongs to another process, which protects a process from being corrupted by another process.[/quote] MSDN lied to me. :(	May 9, 2004, 8:46 PM
kanazky	completely clueless. If someone could help me out a bit. Im trying to make a program that will search the selected program for memory adresses with a value thats put in a text field. Then post all the results so that the user can change the value and get a different result out of the proccess. All my searches will be on Byte1 values. Is there any tutorials out there	May 9, 2004, 8:48 PM
iago	I gave you two great keywords to stick into google.	May 9, 2004, 10:57 PM
Forged	Let me find my mh sourcew code for war3, that should help you a little.	May 9, 2004, 11:26 PM
kanazky	hahaha they most C++ results though	May 9, 2004, 11:26 PM
Forged	www.shadow-tech.org/Forged/mh.zip WriteProcess is shown in that.	May 9, 2004, 11:36 PM
kanazky	Wow I can always count on you guys to bring great help with you to these forums!	May 9, 2004, 11:39 PM
iago	[quote author=kanazky link=board=31;threadid=6719;start=0#msg59242 date=1084145212] hahaha they most C++ results though [/quote] It works the same in vb as c++ once you get it going.	May 9, 2004, 11:43 PM
Adron	[quote author=kanazky link=board=31;threadid=6719;start=0#msg59209 date=1084134674] I made a program that finds the system process but now I wanna try and find a adrress inside that process and change the value of it. How would I do this? [/quote] I don't think you'll have much luck with the system process though. What would you want to replace there?	May 9, 2004, 11:50 PM
Skywing	[quote author=iago link=board=31;threadid=6719;start=0#msg59213 date=1084135216] You'll want ReadProcessMemory() and WriteProcessMemory(). [/quote] The system process doesn't have it's own address space (when executing in the system process, the only addressable region is the kernel region). You would need to be running in kernel mode to read memory from there.	May 9, 2004, 11:52 PM
kanazky	Its actually a game. You can trigger new events by changing the memory adresses but I want to actually search though the adresses for ones that match the byte and then search for those that changed and stuff so i can find the 3 addresses that trigger the event. Yes I am aware that you can download stuff to do this but I wanna learn this. Go to Page 2	May 9, 2004, 11:53 PM
kanazky	Can someone write an example script of a search. if Command1_click then Adress = ReadProcessMemory() hprocess = FrmMain.list1.Iteam nsize = FrmMain.Text2 lpNumberOfBytesRead = 1 FrmMain.List2.Additeam Adress End If Somthing like that??? sorry im kind of new to this lol.	May 9, 2004, 11:56 PM
TheMinistered	Lord, MSDN didn't lie to you! They just didn't expand further... while you can not directly access another application's memory space inside your application, the ReadProcessMemory() and WriteProcessMemory() can! i.e. let's say in the TARGET application, at address 0040004, a long is stored. However, that is in the TARGET application... in OUR application it might be used for something completely different! Thus, the following would code would not be able to change the value located at that address in the TARGET application, but rather the value located in OUR application [code] __asm { mov dword ptr [0040004], 20h; } [/code]	May 12, 2004, 2:08 AM
LoRd	Ah, thanks for clearing that up. I kinda had that thought in mind when I was reading up on ReadProcessMemory() and WriteProcessMemory().	May 12, 2004, 6:27 AM
Dyndrilliac	http://www.gamehacking.com/tutorials/prgvb2.php A tutorial on programming trainers in VB using Read/Write Process Memory.	May 15, 2004, 11:27 PM

Author

Message

Time

kanazky

I made a program that finds the system process but now I wanna try and find a adrress inside that process and change the value of it. How would I do this?

May 9, 2004, 8:31 PM

LoRd

I'm not completely sure on this because I just started working with memory allocation recently, but I don't think you can access another application's memory without actually being a part of the application so you'll have to read up on DLL injection.

May 9, 2004, 8:38 PM

iago

You'll want ReadProcessMemory() and WriteProcessMemory().

May 9, 2004, 8:40 PM

kanazky

You know any tutorials on this kinda stuff????

May 9, 2004, 8:41 PM

LoRd

[quote author=iago link=board=31;threadid=6719;start=0#msg59213 date=1084135216]
You'll want ReadProcessMemory() and WriteProcessMemory().
[/quote]

[quote]Each process on 32-bit Microsoft® Windows® has its own virtual address space that enables addressing up to 4 gigabytes of memory. Each process on 64-bit Windows has a virtual address space of 8 terabytes. All threads of a process can access its virtual address space. However, threads cannot access memory that belongs to another process, which protects a process from being corrupted by another process.[/quote]
MSDN lied to me. :(

May 9, 2004, 8:46 PM

kanazky

completely clueless. If someone could help me out a bit. Im trying to make a program that will search the selected program for memory adresses with a value thats put in a text field. Then post all the results so that the user can change the value and get a different result out of the proccess. All my searches will be on Byte1 values.

Is there any tutorials out there

May 9, 2004, 8:48 PM

iago

I gave you two great keywords to stick into google.

May 9, 2004, 10:57 PM

Forged

Let me find my mh sourcew code for war3, that should help you a little.

May 9, 2004, 11:26 PM

kanazky

hahaha they most C++ results though

May 9, 2004, 11:26 PM

Forged

www.shadow-tech.org/Forged/mh.zip

WriteProcess is shown in that.

May 9, 2004, 11:36 PM

kanazky

Wow I can always count on you guys to bring great help with you to these forums!

May 9, 2004, 11:39 PM

iago

[quote author=kanazky link=board=31;threadid=6719;start=0#msg59242 date=1084145212]
hahaha they most C++ results though
[/quote]

It works the same in vb as c++ once you get it going.

May 9, 2004, 11:43 PM

Adron

[quote author=kanazky link=board=31;threadid=6719;start=0#msg59209 date=1084134674]
I made a program that finds the system process but now I wanna try and find a adrress inside that process and change the value of it. How would I do this?
[/quote]

I don't think you'll have much luck with the system process though. What would you want to replace there?

May 9, 2004, 11:50 PM

Skywing

[quote author=iago link=board=31;threadid=6719;start=0#msg59213 date=1084135216]
You'll want ReadProcessMemory() and WriteProcessMemory().
[/quote]
The system process doesn't have it's own address space (when executing in the system process, the only addressable region is the kernel region). You would need to be running in kernel mode to read memory from there.

May 9, 2004, 11:52 PM

kanazky

Its actually a game. You can trigger new events by changing the memory adresses but I want to actually search though the adresses for ones that match the byte and then search for those that changed and stuff so i can find the 3 addresses that trigger the event. Yes I am aware that you can download stuff to do this but I wanna learn this.

Go to Page 2

May 9, 2004, 11:53 PM

kanazky

Can someone write an example script of a search.
if Command1_click then
Adress = ReadProcessMemory()
hprocess = FrmMain.list1.Iteam
nsize = FrmMain.Text2
lpNumberOfBytesRead = 1
FrmMain.List2.Additeam Adress
End If

Somthing like that??? sorry im kind of new to this lol.

May 9, 2004, 11:56 PM

TheMinistered

Lord, MSDN didn't lie to you! They just didn't expand further... while you can not directly access another application's memory space inside your application, the ReadProcessMemory() and WriteProcessMemory() can!

i.e. let's say in the TARGET application, at address 0040004, a long is stored. However, that is in the TARGET application... in OUR application it might be used for something completely different!

Thus, the following would code would not be able to change the value located at that address in the TARGET application, but rather the value located in OUR application
[code]
__asm
{
mov dword ptr [0040004], 20h;
}
[/code]

May 12, 2004, 2:08 AM

LoRd

Ah, thanks for clearing that up. I kinda had that thought in mind when I was reading up on ReadProcessMemory() and WriteProcessMemory().

May 12, 2004, 6:27 AM

Dyndrilliac

http://www.gamehacking.com/tutorials/prgvb2.php

A tutorial on programming trainers in VB using Read/Write Process Memory.

May 15, 2004, 11:27 PM

Valhalla Legends Forums Archive | Visual Basic Programming | Help With Memory Editing