Programming Forums > Application Development > Visual Basic

drruggy · Apr 14th, 2005, 3:18 PM

Does anyone know of a more effective method to WriteProcessMemory? Looking for a forceful method because the normal WPM method is blocked.

Rory · Apr 14th, 2005, 4:17 PM

I'm not sure if there is a more "forceful" method as such, at least not one that'll work on NT (there were memory hacks in win95/98 through the 16-bit subsystem however it's obviously emulated now so any such calls will produce a GPF or something). The only case in which that API would fail is if you're trying to access a privileged area with a non-privileged handle, or you're doing code injection or something.

Be aware that this is actually a debug function, called by IDEs etc when breaking into a thread, and so the user will have to have the SE_DEBUG privilege under NT anyway, so Admins only. Plus the thread needs to have the token and a privileged handle (as in with the kernel, not security).

However, even this function won't let you access protected areas of memory, certain areas limited under XP service pack 2 with firewalling activated (data execution/manipulation prevention to stop things like blaster) and areas created with the separate "Secure" Rtl memory functions which can't be impersonated. And .NET seems to be very protective of its memory as well.

What are you trying to do anyway, and why are you doing it in VB6?

drruggy · Apr 14th, 2005, 5:37 PM

Visual Basics 6 is a powerful WPM api tool language. Basically I am attempting to write to an area with no privledges to be written to. There is an alternitive that I've seen and used infact that works but I am unable to find out the API function called. It is a different way to WPM that isnt blocked on most games.

drruggy · Apr 14th, 2005, 6:11 PM

Possibly an example of forcing write on Xp Sp2 with Token_Privledges or somthing???

Rory · Apr 15th, 2005, 1:26 PM

Are you sure it's not the game itself, as Half Life 2 apparently has some sort of "memory protection" feature, for example. If you googled for instructions on memory hacking the specific game concerned you might find something.
Personally I'm not into games enough to have any experience with this kind of thing: perhaps someone else can give you more help with this specifically, or you could try asking in the C forum, though most of the guys there come here regularly too.

drruggy · Apr 15th, 2005, 5:00 PM

Its not a game. Infact its a problem with my computer. Its blocking functions it shouldnt. I want to write Nop to the functions to stop them but I cant get privledges over the process its a virus that has a shit load of protection like Process_Guard i got no token privledges over it.

Rory · Apr 16th, 2005, 4:39 PM

OK, sorry, I thought you were making an aim bot or something, seeing as you said "games". I'd get a virus scanner: it'd be much better.

Apr 14th, 2005, 3:18 PM	#1
drruggy Newbie Join Date: Apr 2005 Posts: 19 Rep Power: 0	Alternitive to WriteProcessMemory. Does anyone know of a more effective method to WriteProcessMemory? Looking for a forceful method because the normal WPM method is blocked.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Apr 14th, 2005, 4:17 PM	#2
Rory Expert Programmer Join Date: Jan 2005 Location: London Posts: 542 Rep Power: 4	I'm not sure if there is a more "forceful" method as such, at least not one that'll work on NT (there were memory hacks in win95/98 through the 16-bit subsystem however it's obviously emulated now so any such calls will produce a GPF or something). The only case in which that API would fail is if you're trying to access a privileged area with a non-privileged handle, or you're doing code injection or something. Be aware that this is actually a debug function, called by IDEs etc when breaking into a thread, and so the user will have to have the SE_DEBUG privilege under NT anyway, so Admins only. Plus the thread needs to have the token and a privileged handle (as in with the kernel, not security). However, even this function won't let you access protected areas of memory, certain areas limited under XP service pack 2 with firewalling activated (data execution/manipulation prevention to stop things like blaster) and areas created with the separate "Secure" Rtl memory functions which can't be impersonated. And .NET seems to be very protective of its memory as well. What are you trying to do anyway, and why are you doing it in VB6?

Apr 14th, 2005, 5:37 PM	#3
drruggy Newbie Join Date: Apr 2005 Posts: 19 Rep Power: 0	Visual Basics 6 is a powerful WPM api tool language. Basically I am attempting to write to an area with no privledges to be written to. There is an alternitive that I've seen and used infact that works but I am unable to find out the API function called. It is a different way to WPM that isnt blocked on most games.

Apr 14th, 2005, 6:11 PM	#4
drruggy Newbie Join Date: Apr 2005 Posts: 19 Rep Power: 0	Possibly an example of forcing write on Xp Sp2 with Token_Privledges or somthing???

Apr 15th, 2005, 1:26 PM	#5
Rory Expert Programmer Join Date: Jan 2005 Location: London Posts: 542 Rep Power: 4	Are you sure it's not the game itself, as Half Life 2 apparently has some sort of "memory protection" feature, for example. If you googled for instructions on memory hacking the specific game concerned you might find something. Personally I'm not into games enough to have any experience with this kind of thing: perhaps someone else can give you more help with this specifically, or you could try asking in the C forum, though most of the guys there come here regularly too.

Apr 15th, 2005, 5:00 PM	#6
drruggy Newbie Join Date: Apr 2005 Posts: 19 Rep Power: 0	Its not a game. Infact its a problem with my computer. Its blocking functions it shouldnt. I want to write Nop to the functions to stop them but I cant get privledges over the process its a virus that has a shit load of protection like Process_Guard i got no token privledges over it.

Apr 16th, 2005, 4:39 PM	#7
Rory Expert Programmer Join Date: Jan 2005 Location: London Posts: 542 Rep Power: 4	OK, sorry, I thought you were making an aim bot or something, seeing as you said "games". I'd get a virus scanner: it'd be much better.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Programming Forums > Application Development > Visual Basic

Alternitive to WriteProcessMemory.