Posted June 26, 20169 yr Hi, I'm quite new to reverse engineering and C++. I've made an injector and I have a couple of questions regarding DLL operations. (I'm quite confused, so please be kind incase I ask something that makes no sense) Can I directly just access memory addresse's? (Or might require to execute VirtualProtect?) Lets say this address 0x140050D9E contains some data or a function, how could I read it? (Things I've heard that confuses me... base address, offset?) Appreciate it, thanks!
June 27, 20169 yr Yes you can directly access memory. But also yes, it may require you to use VirtualProtect if the memory is protected. As for reading addresses directly, you can cast the data to various types for example: auto dword_SomeValue = *(DWORD*)0x140050D9E; auto short_SomeValue = *(short*)0x140050D9E; struct some_data { unsigned int Value1; unsigned int Value2; LPVOID Value3; }; auto struct_Value = *(some_data*)0x140050D9E; You can write to the address in the same manner like: *(DWORD*)0x140050D9E = 0; // writes a dword *(float*)0x140050D9E = 1.0f; // writes a float
June 27, 20169 yr Author 1 hour ago, atom0s said: Yes you can directly access memory. But also yes, it may require you to use VirtualProtect if the memory is protected. As for reading addresses directly, you can cast the data to various types for example: auto dword_SomeValue = *(DWORD*)0x140050D9E; auto short_SomeValue = *(short*)0x140050D9E; struct some_data { unsigned int Value1; unsigned int Value2; LPVOID Value3; }; auto struct_Value = *(some_data*)0x140050D9E; You can write to the address in the same manner like: *(DWORD*)0x140050D9E = 0; // writes a dword *(float*)0x140050D9E = 1.0f; // writes a float Thank you so much! Makes more sense now
June 27, 20169 yr 2 hours ago, portbinder said: Use ReadProcessMemory bro. If you are injected, ReadProcessMemory is not needed and is nothing but overhead.
Create an account or sign in to comment