Jump to content
Tuts 4 You

ReadProcessMemory from dll


Recommended Posts


It is possible a dll with ReadMemoryProcess read or write for patching a dll from runnning process

have your a idea or soucecodes in masm32

greets ragdog

Link to comment

Shub has done some excellent work on loaders, and has published some very good tutorials.

Although he uses C++, the technigues are easily portable to MASM.

Go to Arteam and search for "loaders" and "oraculums" (particularly the second term if i got right what you mean).


Edited by HVC
Link to comment

If you are injecting a DLL to do the patching, you do not need to use API to read and write to the injected process. You are already inside it so you have direct access to the memory. Use pointers and such instead.

Link to comment

Cant you do a little research on your own before posting here ?

I think noone in here is some sort of googling professional, you can do that just as well.

In the end, you're asking for source anyway so there's no point in asking for ideas in a thread...

This has probably been posted like 10 times before, I still remember that dude with the matrix avatar and ahmadmansor and probably countless other guys asking for sourcecode.

Youre better off looking for it on your own, this is way faster than waiting several hours for a reply that tells you to google.

We're not a code or link database, FYI :)

Link to comment

Okay well when I was doing research on this I never found much on google. So i'll just say how it works. You can google for source.

You alloc memory in the target.

You write the dlls path in the target (Where you alloced memory).

you create a remote thread of loadlibrarya in the target with the first param being a pointer to the path.

you free the alloced memory.

Link to comment

thx for your repleys

i mean not inject a dll . read a dll from running process thats loaded this dll

for reading the serial from this dll .example serialme http://www.tuts4you.com/forum/index.php?showtopic=16155

i need all this to patch a dll that was load from a running process .i just want to read the memory max write.

i mean that in the point like a serialfisher or loader

for read the serial from memory @offset 100060B4=Prog.100060B4 (ASCII "BB927521-A9A62359-51682740-CCE97DB5")

from my serialme example



Edited by ragdog
Link to comment

Maybe you should have said that in your first post :D

In that case, HVC already posted it, look at ARTeam website for Writing_Loaders_for_Dll_theory_and_techniques_v10_by_Shub-Nigurrath.rar

There is some perfect source for that case.

Nvm, I'll give you a hint...

if (!EnumProcessModules(hSaveProcess, hMods, sizeof(hMods), &cbNeeded))

Somewhere around these lines, there's your code.

You'll have a list of all modules (+ their bases).

What you have to do is find the dll you want to write to, calculate the dll base + the RVA where you want to patch (60B4 in your case) and then write to that adress.

As human said, dont forget VirtualProtect etc...

Edited by Killboy
Link to comment
  • 4 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...