Programming Forums > Application Development > C

JeezO · Jun 14th, 2005, 9:10 AM

Hi

I have a proxy d3d9.dll which is loaded by an executable. The proxy dll loads the real dll and then passes a pointer to the real one onto the executable. My proxy can write to screen and can read/write to the exe's memory. So far so good.

The problem is that the exe has an .rdata section which i need to write to. It would be trivial to amend the exe to fix this but this is definitely a legal no-no.

So I've tried using VirtualProtect() from within my proxy dll to change the protections on the .rdata section, but it doesn't work for me. Everything I've read so far concerns amending the protections from outwith the process concerned (ie. Change the protection, do something, restore the pages to their original protection).

What I'm wondering is:

1. Can I change protections from within my proxy dll?
2. Is it as simple as single call to VirtualProtect()?
3. Am I perhaps making the call to VirtualProtect() too early? The call is made when the directx9 Initialisation call is made, and possibly before the pages I'm trying to amend have been fully committed. Should I wait until the executable is fully loaded, perhaps only making the call to VirtualProtect() from a user keypress?

Any suggestions or links to pertinent code would be much appreciated.

Thanks

mitakeet · Jun 14th, 2005, 10:13 AM

I am more than a bit concerned about your 'need' to write data to that location. Typically that is only done by malicious programs and people attempting to obfuscate their binary to make reverse engineering it more problematic. I suspect that if it is a legal no-no to amend the exe source, I suspect those same legal entanglements will prohibit modifications of the binary, even during runtime.

JeezO · Jun 15th, 2005, 4:10 AM

Sir, your moral stance does you credit!

It's ok, I found out what I was doing wrong, VirtualProtect only seems to work if you restore the old protection to its original setting after you have done your work. The fact I was attempting to change 0x1000 worth of memory probably didn't help either. Stick to 4 bytes or so at a time and it works fine.

As to the legal position of whether it is permissable to amend the executable image of a file, the stance adopted in the community is that this is ok, a position which has never to my knowledge been tested in court.

Thanks for your courteous reply.

Jun 14th, 2005, 9:10 AM	#1
JeezO Newbie Join Date: Jun 2005 Location: UK Posts: 7 Rep Power: 0	VirtualProtect called within proxy dll Hi I have a proxy d3d9.dll which is loaded by an executable. The proxy dll loads the real dll and then passes a pointer to the real one onto the executable. My proxy can write to screen and can read/write to the exe's memory. So far so good. The problem is that the exe has an .rdata section which i need to write to. It would be trivial to amend the exe to fix this but this is definitely a legal no-no. So I've tried using VirtualProtect() from within my proxy dll to change the protections on the .rdata section, but it doesn't work for me. Everything I've read so far concerns amending the protections from outwith the process concerned (ie. Change the protection, do something, restore the pages to their original protection). What I'm wondering is: 1. Can I change protections from within my proxy dll? 2. Is it as simple as single call to VirtualProtect()? 3. Am I perhaps making the call to VirtualProtect() too early? The call is made when the directx9 Initialisation call is made, and possibly before the pages I'm trying to amend have been fully committed. Should I wait until the executable is fully loaded, perhaps only making the call to VirtualProtect() from a user keypress? Any suggestions or links to pertinent code would be much appreciated. Thanks

Jun 14th, 2005, 10:13 AM	#2
mitakeet Programmer Join Date: Jun 2005 Location: Maryland, USA Posts: 59 Rep Power: 4	I am more than a bit concerned about your 'need' to write data to that location. Typically that is only done by malicious programs and people attempting to obfuscate their binary to make reverse engineering it more problematic. I suspect that if it is a legal no-no to amend the exe source, I suspect those same legal entanglements will prohibit modifications of the binary, even during runtime. __________________ Free code: http://sol-biotech.com/code/. It is not that old programmers are any smarter or code better, it is just that they have made the same stupid mistake so many times that it is second nature to fix it. --Mitakeet The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable man. --George Bernard Shaw

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Jun 15th, 2005, 4:10 AM	#3
JeezO Newbie Join Date: Jun 2005 Location: UK Posts: 7 Rep Power: 0	Sir, your moral stance does you credit! It's ok, I found out what I was doing wrong, VirtualProtect only seems to work if you restore the old protection to its original setting after you have done your work. The fact I was attempting to change 0x1000 worth of memory probably didn't help either. Stick to 4 bytes or so at a time and it works fine. As to the legal position of whether it is permissable to amend the executable image of a file, the stance adopted in the community is that this is ok, a position which has never to my knowledge been tested in court. Thanks for your courteous reply.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Programming Forums > Application Development > C

VirtualProtect called within proxy dll