更改另一个应用程序的地址指针 [英] change a pointer of address of another application

问题描述

我需要编辑标题，找不到更好的标题.

I need somebody to edit the title, I can't find better title.

假设有一个名为source.exe的简单程序:

Assume a have this simple program called source.exe:

#include <stdio.h>

int main()
{
   int a = 5;
   printf("%p", &a);
   return 0;
}

我想编写另一个应用程序change.exe，该应用程序会在上面更改a.

I want to write another application, change.exe, that changes a in the above.

我尝试过这样的事情:

int main()
{
   int * p = (int*) xxx; // xxx is what have printed above
   *p = 1;
   printf("%d", *p);
   return 0;
}

它不起作用.假设我拥有管理员权限，是否有办法做我上面尝试过的事情?谢谢.

It doesn't work. assuming I have Administrator rights, is there a way to do what I've tried above? thanks.

推荐答案

我当时有点冒险，所以我考虑过要在Windows下使用WinAPI编写类似的东西.像Linux的ptrace一样，此代码使用的调用仅应由调试器使用，并且在任何普通的应用程序代码中通常都看不到.

I was feeling a bit adventurous, so I thought about writing something like this under Windows, using the WinAPI, of course. Like Linux's ptrace, the calls used by this code should only be used by debuggers and aren't normally seen in any normal application code.

此外，打开另一个进程的内存进行写入要求您使用PROCESS_VM_WRITE和PROCESS_VM_OPERATION特权打开进程句柄.但是，只有在打开进程的应用程序启用了SeDebugPriviledge特权的情况下，才有可能.我以管理员权限在提升模式下运行该应用程序，但是我真的不知道这是否对SeDebugPriviledge有任何影响.

Furthermore, opening another process' memory for writing requires you to open the process handle with PROCESS_VM_WRITE and PROCESS_VM_OPERATION privileges. This, however, is only possible if the application opening the process has the SeDebugPriviledge priviledge enabled. I ran the application in elevated mode with administrator privileges, however I don't really know if that has any effect on the SeDebugPriviledge.

无论如何，这是我用于此的代码.它是用VS2008编译的.

Anyhow, here's the code that I used for this. It was compiled with VS2008.

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main()
{
    char cmd[2048];
    int a = 5;
    printf("%p %d\n", &a, a);

    sprintf(cmd, "MemChange.exe %lu %x", GetCurrentProcessId(), &a);
    system(cmd);

    printf("%p %d\n", &a, a);

    return 0;
}

这是此代码调用的MemChange.exe的代码.

And here's the code for MemChange.exe that this code calls.

#include <windows.h>
#include <stdio.h>

int main(int argc, char **argv)
{
    DWORD pId;
    LPVOID pAddr;
    HANDLE pHandle;
    SIZE_T bytesWritten;
    int newValue = 666;

    sscanf(argv[1], "%lu", &pId);
    sscanf(argv[2], "%x", &pAddr);

    pHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pId);
    WriteProcessMemory(pHandle, pAddr, &newValue, sizeof(newValue), &bytesWritten);
    CloseHandle(pHandle);

    fprintf(stderr, "Written %u bytes to process %u.\n", bytesWritten, pId);
    return 0;
}

但是请不要使用此代码.这太可怕了，没有错误检查，很可能像圣地狱一样泄漏.创建它仅是为了说明WriteProcessMemory可以完成的操作.希望对您有所帮助.

But please don't use this code. It is horrible, has no error checks and probably leaks like holy hell. It was created only to illustrate what can be done with WriteProcessMemory. Hope it helps.

这篇关于更改另一个应用程序的地址指针的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！