memory editing

[Leonino]

also ich wollt mir mal nen eignenen namespoofer fuer wc3 basteln(der von shadowfrench suckt) aber dazu muesst ich wissen wie man in vb etwas in den speicher schreibt hab kein tut gefunden das darauf eingeht
helft mir plz

[neji]

zum schreiben

Code:

The WriteProcessMemory function writes memory in a specified process. The entire area to be written to must be accessible, or the operation fails. 

BOOL WriteProcessMemory(

  HANDLE hProcess,	// handle to process whose memory is written to 
  LPVOID lpBaseAddress,	// address to start writing to 
  LPVOID lpBuffer,	// pointer to buffer to write data to
  DWORD nSize,	// number of bytes to write
  LPDWORD lpNumberOfBytesWritten // actual number of bytes written 
  );	
 

Parameters

hProcess

Identifies an open handle to a process whose memory is to be written to. The handle must have PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process. 

lpBaseAddress

Points to the base address in the specified process to be written to. Before any data transfer occurs, the system verifies that all data in the base address and memory of the specified size is accessible for write access. If this is the case, the function proceeds; otherwise, the function fails. 

lpBuffer

Points to the buffer that supplies data to be written into the address space of the specified process. 

nSize

Specifies the requested number of bytes to write into the specified process. 

lpNumberOfBytesWritten

Points to the actual number of bytes transferred into the specified process. This parameter is optional. If lpNumberOfBytesWritten is NULL, the parameter is ignored. 

 

Return Values

If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError. The function will fail if the requested write operation crosses into an area of the process that is inaccessible. 

Remarks

WriteProcessMemory copies the data from the specified buffer in the current process to the address range of the specified process. Any process that has a handle with PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process to be written to can call the function. The process whose address space is being written to is typically, but not necessarily, being debugged. 
The entire area to be written to must be accessible. If it is not, the function fails as noted previously.

zum lesen :

Code:

The ReadProcessMemory function reads memory in a specified process. The entire area to be read must be accessible, or the operation fails. 

BOOL ReadProcessMemory(

  HANDLE hProcess,	// handle of the process whose memory is read 
  LPCVOID lpBaseAddress,	// address to start reading
  LPVOID lpBuffer,	// address of buffer to place read data
  DWORD nSize,	// number of bytes to read
  LPDWORD lpNumberOfBytesRead // address of number of bytes read
  );	
 

Parameters

hProcess

Identifies an open handle of a process whose memory is read. The handle must have PROCESS_VM_READ access to the process. 

lpBaseAddress

Points to the base address in the specified process to be read. Before any data transfer occurs, the system verifies that all data in the base address and memory of the specified size is accessible for read access. If this is the case, the function proceeds; otherwise, the function fails. 

lpBuffer

Points to a buffer that receives the contents from the address space of the specified process. 

nSize

Specifies the requested number of bytes to read from the specified process. 

lpNumberOfBytesRead

Points to the actual number of bytes transferred into the specified buffer. If lpNumberOfBytesRead is NULL, the parameter is ignored. 

 

Return Values

If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
The function fails if the requested read operation crosses into an area of the process that is inaccessible. 

Remarks

ReadProcessMemory copies the data in the specified address range from the address space of the specified process into the specified buffer of the current process. Any process that has a handle with PROCESS_VM_READ access can call the function. The process whose address space is read is typically, but not necessarily, being debugged. 
The entire area to be read must be accessible. If it is not, the function fails as noted previously.

[Leonino]

oki thx hast das aus der msdn?

[neji]

aus dem Windows SDK , in der msdn stehts aber sehr ähnlich drin

[r00kie]

*Achja mal meine ganzen alten module rauskram*

Code:

Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, ByVal lpNumberOfBytesWritten As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function WriteValue Lib "kernel32" Alias "WriteProcessMemory" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, ByVal lpNumberOfBytesWritten As Long) As Long
Private Declare Sub GetSystemInfo Lib "kernel32" (lpSystemInfo As SYSTEM_INFO)
Private Declare Function InvalidateRect Lib "user32" (ByVal hWnd As Long, ByVal lpRect As Long, ByVal bErase As Long) As Long
Private Declare Function VirtualQueryEx& Lib "kernel32" (ByVal hProcess As Long, lpAddress As Any, lpBuffer As MEMORY_BASIC_INFORMATION, ByVal dwLength As Long)
Private Declare Function GetVersionEx Lib "kernel32" Alias "GetVersionExA" (LpVersionInformation As OSVERSIONINFO) As Long
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As Long, ByVal lpWindowName As Long) As Long
Private Declare Function GetParent Lib "user32" (ByVal hWnd As Long) As Long
Private Declare Function GetWindow Lib "user32" (ByVal hWnd As Long, ByVal wCmd As Long) As Long

Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
Const PROCESS_VM_READ = (&H10)
Const PROCESS_VM_WRITE = (&H20)
Const PROCESS_VM_OPERATION = (&H8)
Const PROCESS_QUERY_INFORMATION = (&H400)
Const PROCESS_READ_WRITE_QUERY = PROCESS_VM_READ + PROCESS_VM_WRITE + PROCESS_VM_OPERATION + PROCESS_QUERY_INFORMATION
Const GW_HWNDNEXT = 2

Const MEM_PRIVATE& = &H20000
Const MEM_COMMIT& = &H1000

Private Type OSVERSIONINFO
  dwOSVersionInfoSize As Long
  dwMajorVersion As Long
  dwMinorVersion As Long
  dwBuildNumber As Long
  dwPlatformId As Long
  szCSDVersion As String * 128
End Type

Private Type MEMORY_BASIC_INFORMATION ' 28 bytes
  BaseAddress As Long
  AllocationBase As Long
  AllocationProtect As Long
  RegionSize As Long
  State As Long
  Protect As Long
  lType As Long
End Type

Private Type SYSTEM_INFO ' 36 Bytes
  dwOemID As Long
  dwPageSize As Long
  lpMinimumApplicationAddress As Long
  lpMaximumApplicationAddress As Long
  dwActiveProcessorMask As Long
  dwNumberOrfProcessors As Long
  dwProcessorType As Long
  dwAllocationGranularity As Long
  wProcessorLevel As Integer
  wProcessorRevision As Integer
End Type



Public Function ReadByte(phWnd As Long, pAddress As Long) As Byte
  Dim pRetVal As Long
  
  Call GetWindowThreadProcessId(phWnd, pid)
  
  pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
  
  Call ReadProcessMemory(pHandle, pAddress, pRetVal, 1, 0&)
  ReadByte = CByte(pRetVal)
  
  CloseHandle pHandle
End Function

Public Function ReadInteger(phWnd As Long, pAddress As Long) As Integer
  Dim pRetVal As Long
  
  Call GetWindowThreadProcessId(phWnd, pid)
  
  pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
  
  Call ReadProcessMemory(pHandle, pAddress, pRetVal, 2, 0&)
  ReadInteger = CInt(pRetVal)
  
  CloseHandle pHandle
End Function

Public Function ReadLong(phWnd As Long, pAddress As Long) As Long
  Dim pRetVal As Long
  
  Call GetWindowThreadProcessId(phWnd, pid)
  
  pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
  
  Call ReadProcessMemory(pHandle, pAddress, pRetVal, 4, 0&)
  ReadLong = CLng(pRetVal)
  
  CloseHandle pHandle
End Function

Public Function ReadString(phWnd As Long, pAddress As Long, pSize As Long) As String
  Dim pRetVal As Long
  Dim pString As String
  
  Call GetWindowThreadProcessId(phWnd, pid)
  
  pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
  
  For i& = 1 To pSize Step 1
    Call ReadProcessMemory(pHandle, pAddress + i& - 1, pRetVal, 1, 0&)
    pString = pString & Chr$(pRetVal)
    DoEvents
  Next i&
  ReadString = pString
  
  CloseHandle pHandle
End Function

'---------------------- Write Memory Functions ------------------

Public Function WriteByte(phWnd As Long, pAddress As Long, pValue As Byte)
  Dim pRetVal As Long
  
  Call GetWindowThreadProcessId(phWnd, pid)
  
  pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
  
  pRetVal = pValue
  Call WriteValue(pHandle, pAddress, pRetVal, 1, 0&)
  
  CloseHandle pHandle
End Function

Public Function WriteInteger(phWnd As Long, pAddress As Long, pValue As Integer)
  Dim pRetVal As Long
  
  Call GetWindowThreadProcessId(phWnd, pid)
  
  pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
  
  pRetVal = pValue
  Call WriteValue(pHandle, pAddress, pRetVal, 2, 0&)
  
  CloseHandle pHandle
End Function

Public Function WriteLong(phWnd As Long, pAddress As Long, pValue As Long)
  Dim pRetVal As Long
  
  Call GetWindowThreadProcessId(phWnd, pid)
  
  pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
  
  pRetVal = pValue
  Call WriteValue(pHandle, pAddress, pRetVal, 4, 0&)
  
  CloseHandle pHandle
End Function

Public Function WriteString(phWnd As Long, pAddress As Long, pString As String)
  Dim pRetVal As Long
  
  Call GetWindowThreadProcessId(phWnd, pid)
  
  pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
  
  'Call ReadProcessMemory(pHandle, pAddress + i& - 1, pRetVal, 1, 0&)
  WriteProcessMemory pHandle, pAddress, StrPtr(pString), LenB(pString), 0&
  
  CloseHandle pHandle
End Function

Public Function FindString(phWnd As Long, pFind As String, Optional pStart = 65565, Optional pReplace = False, Optional pRString = "") As Long
  Dim pid As Long, hProcess As Long, hWin As Long
  Dim lpMem As Long, ret As Long, lLenMBI As Long
  Dim lWritten As Long, CalcAddress As Long, lPos As Long
  Dim sBuffer As String
  Dim sSearchString As String, sReplaceString As String
  Dim si As SYSTEM_INFO
  Dim mbi As MEMORY_BASIC_INFORMATION
  sSearchString = pFind
  sReplaceString = "" & Chr(0)
  
  If IsWindowsNT Then 'NT store strings in RAM in UNICODE
    sSearchString = StrConv(sSearchString, vbUnicode)
    sReplaceString = StrConv(sReplaceString, vbUnicode)
  End If
  
  GetWindowThreadProcessId phWnd, pid
  'pid = Shell("calc.exe") 'launch application (calc.exe in this sample)
  hWin = InstanceToWnd(pid) 'get handle of launched window - only to repaint it after changes
'Open process with required access
  hProcess = OpenProcess(PROCESS_READ_WRITE_QUERY, False, pid)
  lLenMBI = Len(mbi)
'Determine applications memory addresses range
  Call GetSystemInfo(si)
  If pStart = 65535 Then
    lpMem = si.lpMinimumApplicationAddress
  Else
    lpMem = pStart
  End If
    
'Scan memory
  Do While lpMem < si.lpMaximumApplicationAddress
    mbi.RegionSize = 0
    ret = VirtualQueryEx(hProcess, ByVal lpMem, mbi, lLenMBI)
    If ret = lLenMBI Then
      If ((mbi.lType = MEM_PRIVATE) And (mbi.State = MEM_COMMIT)) Then ' this block is In use by this process
        If mbi.RegionSize > 0 Then
          sBuffer = String(mbi.RegionSize, 0)
'Read region into string
          ReadProcessMemory hProcess, ByVal mbi.BaseAddress, ByVal sBuffer, mbi.RegionSize, lWritten
'Check if region contain search string
          lPos = InStr(1, sBuffer, sSearchString, vbTextCompare)
          If lPos Then
           CalcAddress = mbi.BaseAddress + lPos
           
           'ret = MsgBox("Search string was found at address " & CalcAddress & "." & vbCrLf & "Do you want to replace it?", vbInformation + vbYesNo, "VB-O-Matic")
           'If ret = vbYes Then
'Replace string in virtual memory
              FindString = CalcAddress - 1
              If pReplace = True Then
                'Call WriteProcessMemory(hProcess, ByVal CalcAddress - 1, ByVal pRString , Len(pRString), lWritten)
              End If
             InvalidateRect hWin, 0, 1
           'End If
           Exit Do
          End If
        End If
      End If
'Increase base address for next searching cicle. Last address may overhead max Long value (Windows use 2GB memory, which is near max long value), so add Error checking
      On Error GoTo Finished
      lpMem = mbi.BaseAddress + mbi.RegionSize
      On Error GoTo 0
    Else
      Exit Do
    End If
  Loop
Finished:
  CloseHandle hProcess
End Function

Private Function InstanceToWnd(ByVal target_pid As Long) As Long
 Dim test_hwnd As Long
 Dim test_pid As Long
 Dim test_thread_id As Long
 test_hwnd = FindWindow(ByVal 0&, ByVal 0&)
 Do While test_hwnd <> 0
  If GetParent(test_hwnd) = 0 Then
   test_thread_id = GetWindowThreadProcessId(test_hwnd, test_pid)
   If test_pid = target_pid Then
     InstanceToWnd = test_hwnd
     Exit Do
   End If
  End If
  test_hwnd = GetWindow(test_hwnd, GW_HWNDNEXT)
 Loop
End Function

Private Function IsWindowsNT() As Boolean
  Dim verinfo As OSVERSIONINFO
  verinfo.dwOSVersionInfoSize = Len(verinfo)
  If (GetVersionEx(verinfo)) = 0 Then Exit Function
  If verinfo.dwPlatformId = 2 Then IsWindowsNT = True
End Function

Blubb damit kannst halt byte, int und long(1,2,4 byte(s)) an gegebenen mem posis lesen und schreiben

hf hab damit immer trainer gecoded
oder nen Music Addon für Conquer online(coMusicAddon falls das noch einer kennt=)

[Leonino]

thx war sehr hilfreich