ReadProcessMemory from dll

[ragdog]

hi

It is possible a dll with ReadMemoryProcess read or write for patching a dll from runnning process

have your a idea or soucecodes in masm32

greets ragdog

[HVC]

Shub has done some excellent work on loaders, and has published some very good tutorials.

Although he uses C++, the technigues are easily portable to MASM.

Go to Arteam and search for "loaders" and "oraculums" (particularly the second term if i got right what you mean).

http://arteam.accessroot.com/tutorials.html

Edited June 2, 2008 by HVC

[atom0s]

If you are injecting a DLL to do the patching, you do not need to use API to read and write to the injected process. You are already inside it so you have direct access to the memory. Use pointers and such instead.

[human]

dont forget virtualprotect, you cant write in read only section.

[ragdog]

thx for the replys

have you a example please?

[Killboy]

Cant you do a little research on your own before posting here ?

I think noone in here is some sort of googling professional, you can do that just as well.

In the end, you're asking for source anyway so there's no point in asking for ideas in a thread...

This has probably been posted like 10 times before, I still remember that dude with the matrix avatar and ahmadmansor and probably countless other guys asking for sourcecode.

Youre better off looking for it on your own, this is way faster than waiting several hours for a reply that tells you to google.

We're not a code or link database, FYI

[ragdog]

i

[high6]

Okay well when I was doing research on this I never found much on google. So i'll just say how it works. You can google for source.

You alloc memory in the target.

You write the dlls path in the target (Where you alloced memory).

you create a remote thread of loadlibrarya in the target with the first param being a pointer to the path.

you free the alloced memory.

[Killboy]

http://www.edgeofnowhere.cc/viewtopic.php?p=2483118

http://www.dreamincode.net/code/snippet407.htm

http://www.opensc.ws/asm/1055-dll-injection.html

[ragdog]

thx for your repleys

i mean not inject a dll . read a dll from running process thats loaded this dll

for reading the serial from this dll .example serialme http://www.tuts4you.com/forum/index.php?showtopic=16155

i need all this to patch a dll that was load from a running process .i just want to read the memory max write.

i mean that in the point like a serialfisher or loader

for read the serial from memory @offset 100060B4=Prog.100060B4 (ASCII "BB927521-A9A62359-51682740-CCE97DB5")

from my serialme example

greets

ragdog

Edited June 2, 2008 by ragdog

[Killboy]

Maybe you should have said that in your first post

In that case, HVC already posted it, look at ARTeam website for Writing_Loaders_for_Dll_theory_and_techniques_v10_by_Shub-Nigurrath.rar

There is some perfect source for that case.

Nvm, I'll give you a hint...

if (!EnumProcessModules(hSaveProcess, hMods, sizeof(hMods), &cbNeeded))

Somewhere around these lines, there's your code.

You'll have a list of all modules (+ their bases).

What you have to do is find the dll you want to write to, calculate the dll base + the RVA where you want to patch (60B4 in your case) and then write to that adress.

As human said, dont forget VirtualProtect etc...

Edited June 2, 2008 by Killboy

[ragdog]

thanks to all my problem is solved

[whinternight]

Or even better: Use MaRKuS Serialfisher. Ask him for the Sorce. It's the same you mean!!!

[Angel-55]

i would say a debug loader fits exactly for his needs..... he can control the process and it's modules