更改另一个应用程序的地址指针 [英] change a pointer of address of another application

查看:29
本文介绍了更改另一个应用程序的地址指针的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我需要有人来编辑标题,我找不到更好的标题.

I need somebody to edit the title, I can't find better title.

假设有一个名为 source.exe 的简单程序:

Assume a have this simple program called source.exe:

#include <stdio.h>

int main()
{
   int a = 5;
   printf("%p", &a);
   return 0;
}

我想写另一个应用程序,change.exe,改变上面的a.

I want to write another application, change.exe, that changes a in the above.

我尝试过这样的事情:

int main()
{
   int * p = (int*) xxx; // xxx is what have printed above
   *p = 1;
   printf("%d", *p);
   return 0;
}

它不起作用.假设我有管理员权限,有没有办法做我上面试过的?谢谢.

It doesn't work. assuming I have Administrator rights, is there a way to do what I've tried above? thanks.

推荐答案

我觉得有点冒险,所以我想在 Windows 下写这样的东西,当然是使用 WinAPI.与 Linux 的 ptrace 一样,这段代码使用的调用只能由调试器使用,通常不会出现在任何正常的应用程序代码中.

I was feeling a bit adventurous, so I thought about writing something like this under Windows, using the WinAPI, of course. Like Linux's ptrace, the calls used by this code should only be used by debuggers and aren't normally seen in any normal application code.

此外,打开另一个进程的内存进行写入需要您以PROCESS_VM_WRITEPROCESS_VM_OPERATION 权限打开进程句柄.但是,这只有在打开进程的应用程序启用了 SeDebugPrivileged 权限时才有可能.我以管理员权限在提升模式下运行应用程序,但是我真的不知道这是否对 SeDebugPrivileged 有任何影响.

Furthermore, opening another process' memory for writing requires you to open the process handle with PROCESS_VM_WRITE and PROCESS_VM_OPERATION privileges. This, however, is only possible if the application opening the process has the SeDebugPriviledge priviledge enabled. I ran the application in elevated mode with administrator privileges, however I don't really know if that has any effect on the SeDebugPriviledge.

无论如何,这是我用于此的代码.它是用VS2008编译的.

Anyhow, here's the code that I used for this. It was compiled with VS2008.

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

int main()
{
    char cmd[2048];
    int a = 5;
    printf("%p %d
", &a, a);

    sprintf(cmd, "MemChange.exe %lu %x", GetCurrentProcessId(), &a);
    system(cmd);

    printf("%p %d
", &a, a);

    return 0;
}

这是此代码调用的 MemChange.exe 的代码.

And here's the code for MemChange.exe that this code calls.

#include <windows.h>
#include <stdio.h>

int main(int argc, char **argv)
{
    DWORD pId;
    LPVOID pAddr;
    HANDLE pHandle;
    SIZE_T bytesWritten;
    int newValue = 666;

    sscanf(argv[1], "%lu", &pId);
    sscanf(argv[2], "%x", &pAddr);

    pHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pId);
    WriteProcessMemory(pHandle, pAddr, &newValue, sizeof(newValue), &bytesWritten);
    CloseHandle(pHandle);

    fprintf(stderr, "Written %u bytes to process %u.
", bytesWritten, pId);
    return 0;
}

但是请不要使用此代码.这是可怕的,没有错误检查,可能像地狱一样泄漏.创建它只是为了说明可以使用 WriteProcessMemory 做什么.希望有帮助.

But please don't use this code. It is horrible, has no error checks and probably leaks like holy hell. It was created only to illustrate what can be done with WriteProcessMemory. Hope it helps.

这篇关于更改另一个应用程序的地址指针的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆