C # simple memory patch,

C # simple memory patch,

I wrote it at the beginning: After reading some video tutorials, I felt that it was so easy for others to learn and crack it. Maybe it wasn't that much time.

Explanation: in my opinion, the so-called memory patch means modifying the content of the running program to perform operations for a certain purpose. Open with OpenProcess, write WriteProcessMemory, and close CloseHandle. Read data to determine whether to use: ReadProcessMemory

0x1 read the tutorial

For some Tutorial Courses, you really need to watch the video to learn about others' operations, or it is very simple. If there is no guidance from others, it is really not easy to operate on your own.

0x2 learn some concepts

It is certainly impossible to simply imitate and do the same thing, so it is critical to apply what you have learned. Therefore, I wrote several lines of code with vs2013 c ++ for self-testing. I used C # To write the memory patch.

0x3 online search

No one knows why, so online queries are also a key step. What are the queries? It is to query how C # writes memory patches. The code is similar but not necessarily usable.

0x4 Code practices

The code found on the Internet also needs to be used in practice. Therefore, this step is also essential.

As a result, the following code is available. You need to use OD to find the code location, that is, the difference between the code and the code in the memory.

In the C ++ OK method of the MPs Program

Void CMFCTestDlg: OnBnClickedOk () {CString str; GetDlgItemText (IDC_EDIT1, str); if (str = "test123456789") {: MessageBox (NULL, L "OK ", L "prompt", 0);} else {: MessageBox (NULL, L "Fail", L "prompt", 0 );}}

View Code

C # program call, first paste a help class, source online. Of course, some methods are added and modified.

Public abstract class ApiHelper {[DllImportAttribute ("kernel32.dll", EntryPoint = "ReadProcessMemory")] public static extern bool ReadProcessMemory (IntPtr hProcess, IntPtr lpBaseAddress, IntPtr lpBuffer, int nSize, intPtr lpNumberOfBytesRead); [DllImportAttribute ("kernel32.dll", EntryPoint = "OpenProcess")] public static extern IntPtr OpenProcess (int dwDesiredAccess, bool bInheritHandle, int DwProcessId); [DllImport ("kernel32.dll")] private static extern void CloseHandle (IntPtr hObject); // write memory [DllImportAttribute ("kernel32.dll", EntryPoint = "kernel")] public static extern bool WriteProcessMemory (IntPtr hProcess, IntPtr lpBaseAddress, int [] lpBuffer, int nSize, IntPtr lpNumberOfBytesWritten); // obtain the process ID of the form public static int GetPid (string windowTitle) {int rs = 0; P Rocess [] arrayProcess = Process. GetProcesses (); foreach (Process p in arrayProcess) {if (p. MainWindowTitle. IndexOf (windowTitle )! =-1) {rs = p. id; break ;}} return rs;} // obtain the PID public static int GetPidByProcessName (string processName, ref IntPtr baseAddress) {Process [] arrayProcess = Process. getProcessesByName (processName); foreach (Process p in arrayProcess) {baseAddress = p. mainModule. baseAddress; return p. id;} return 0;} // obtain the PID public static int GetPidByProcessName (string processName) {Process [] arrayPr based on the Process name Ocess = Process. getProcessesByName (processName); foreach (Process p in arrayProcess) {return p. id;} return 0;} // find the window Handle Based on the Form title (fuzzy match supported) public static IntPtr FindWindow (string title) {Process [] ps = Process. getProcesses (); foreach (Process p in ps) {if (p. mainWindowTitle. indexOf (title )! =-1) {return p. main1_whandle;} return IntPtr. zero;} // read the value of public static int ReadMemoryValue (int baseAddress, string processName) {try {byte [] buffer = new byte [2]; IntPtr byteAddress = Marshal. buffers (buffer, 0); // obtain the buffer address IntPtr hProcess = OpenProcess (0x1F0FFF, false, GetPidByProcessName (processName); ReadProcessMemory (hProcess, (IntPtr) baseAddress, byteAddress, buffer. length, IntPtr. zero); // read the value in the specified memory into the buffer zone CloseHandle (hProcess); return Marshal. readInt32 (byteAddress) ;}catch {return 0 ;}// write the value to the public static bool WriteMemoryValue (int baseAddress, string processName, int [] value) in the specified memory address) {IntPtr hProcess = OpenProcess (0x1F0FFF, false, GetPidByProcessName (processName); // 0x1F0FFF highest permission bool result = WriteProcessMemory (hProcess, (IntPtr) baseAddress, value, value. length, IntPtr. zero); CloseHandle (hProcess); return result ;}}

View Code

Finally, it is called in the specific button.

Private string processName = "MFCTest"; // private void button#click (object sender, EventArgs e) {IntPtr startAddress = IntPtr. zero; int pid = ApiHelper. getPidByProcessName (processName, ref startAddress); if (pid = 0) {MessageBox. show ("Run it before you enable it! "); Return;} int baseAddress = startAddress. toInt32 () + 0x1000; int value = ReadMemoryValue (baseAddress); // read the base address (this address will not change) int address = baseAddress + 0x14F3; // obtain Level 2 address value = ReadMemoryValue (address); bool result = WriteMemory (address, new int [] {144}); address = address + 0x1; result = WriteMemory (address, new int [] {144}); MessageBox. show (result? "Successful": "failed");} // read the public int ReadMemoryValue (int baseAdd) {return ApiHelper. readMemoryValue (baseAdd, processName);} // write the value to the public bool WriteMemory (int baseAdd, int [] value) {return ApiHelper. writeMemoryValue (baseAdd, processName, value );}

View Code0x5 Summary

Only by constantly learning can we know new knowledge and make progress in learning. Many concepts are actually very simple. The premise is that you understand the future.

Note that.

Download the test code: enter an array in the buffer of WriteProcessMemory. Length to be calculated. Then nSize is used as the preceding array as several bytes.

// Restructured some code. // write the value to the public static bool WriteMemoryValue (int baseAddress, string processName, int [] value, int len) in the specified memory address) {IntPtr hProcess = OpenProcess (0x1F0FFF, false, GetPidByProcessName (processName); // 0x1F0FFF highest permission bool result = WriteProcessMemory (hProcess, (IntPtr) baseAddress, value, len, IntPtr. zero); CloseHandle (hProcess); return result;} // 144 = 0x90 indicates nopbool result = ApiHelper. writeMemoryValue (address, processName, new int [] {144 + 144*256}, 2 );

 

WinTestRe.zip