All geek questions in one place

Access memory used by another program

Today I have a strange question again (at least for me this is). I experiment more with pointers, and the thought arises in my head:

Code (only part of it)

int * firefoxmemory = (char*) 0x11111111 //this is just an example of address. *firefoxmemory = 200;

Question:

In the above code, I am trying to access the memory used by firefox (I use the memory editor to view the address), and after that change its corresponding value. But when I try to do this, my program crashes.

Why is this happening with my program? Is there any special code used by Firefox to prevent a third-party program from interfering with its memory? Or is it done with Windows and Intel DEP hardware?

If the above action is prevented by DEP, why does some memory editing software still work, such as cheat engines that can change values ​​in memory?

+6
source share
3 answers

Failure because 0x11111111 does not indicate a valid address in your application memory space.

As for the cheat engine, there are several ways to access other program memory:

1) run the code inside the target memory space of the process. There are various ways to enter code into another process using SetWindowsHookEx() or CreateRemoteThread() .

2) use ReadProcessMemory() and WriteProcessMemory()

+7
source

The modern operating system uses virtual addressing, so each program has the same address space. The OS maps this to real memory addresses.

So, for example, Firefox has a line located at 0x100, you also have a line located at 0x100 - both of these virtual memory addresses - OS / CPU matches these addresses with real physical RAM - and this keeps them separate from each other - Avoid the hacking technique exactly described by you.

+3
source

Another way to exchange memory between a process in win32 is to use memory mapped files:

http://msdn.microsoft.com/en-us/library/dd997372.aspx

But similarly to ReadProcessMemory() and WriteProcessMemory() this method requires support for process 2.

There is no legitimate way to read process memory if the process does not provide any permissions to do so. This is the foundation of secure multiprocessing in all modern operating systems.

0
source

Source: https://habr.com/ru/post/901872/

More articles:


All Articles