Jump to content
kvk1989

Write process memory

By kvk1989, in General Help

Recommended Posts

kvk1989    2

kvk1989
Posted 

procedure TLoaderEngine.ResumePThread;
begin
  ResumeThread(hThread);
  bProcessSuspended := False;
end;

{ This function Exit the remote process }
procedure TLoaderEngine.TerminateRemoteProcess;
begin
  TerminateProcess(hProcess, 0);
end;

{ This function return the state of proces. If suspended it will return true }
function TLoaderEngine.CheckIfSuspended : Boolean;
begin
  Result := bProcessSuspended;
end;

{ This function returns the VA (Virtual Address) of desired dll or main process
  if you wanna find pattern in main process itself you have to put main exe name
  in ModuleName parameter, else you can put the name of dll }
function TLoaderEngine.FindBytesPattern(ModuleName : string; Pattern: array of Byte; Mask: array of Byte; Hits : Integer): DWORD;
var
  PELocation : DWORD;
  NoOfSections, PESign : Word;
  SectionHeader : IMAGE_SECTION_HEADER;
  BaseAddress, SectionStartAddress : DWORD;
  i, j, k, cnt: Integer;
  SectionDataBuffer : array of Byte;
begin
  PELocation := 0;
  NoOfSections := 0;
  PESign := 0;
  cnt := 0;
  Result := 0;
  ZeroMemory(@SectionHeader, SizeOf(SectionHeader));


  BaseAddress := GetRemoteDLLBase(ModuleName);
  ReadMemory(BaseAddress, PESign, 2);
  if PESign = $5A4D then
  begin

    ReadMemory(BaseAddress + $3C, PELocation, 4);
    ReadMemory(BaseAddress + PELocation, PESign, 2);

    if PESign = $4550 then
    begin

      ReadMemory(BaseAddress + PELocation + 6, NoOfSections, 2);
      if NoOfSections > 0 then
      begin

        SectionStartAddress := BaseAddress + PELocation + $F8;
        for i := 1 to NoOfSections do
        begin
          Result := 0;
          j := 0;

          { Read section header }
          ReadMemory(SectionStartAddress, SectionHeader, SizeOf(SectionHeader));
          { Set Length of array and read data from process }
          SetLength(SectionDataBuffer, SectionHeader.Misc.VirtualSize);
          ReadMemory(SectionHeader.VirtualAddress + BaseAddress, SectionDataBuffer[0], SectionHeader.Misc.VirtualSize);

          { Let's process that data }
          for k := 0 to (SectionHeader.Misc.VirtualSize - Length(Pattern)) -1 do
          begin
            if (SectionDataBuffer[k] = Pattern[j]) or (Mask[j] = 1) then
            begin
              Inc(j);
              if Length(Pattern) = j then
              begin
                Inc(cnt);
                { Check if we found it }
                if Hits = cnt then
                begin
                  Result := SectionHeader.VirtualAddress + (k - (Length(Pattern) - 1)) + BaseAddress;
                  Break;
                end;

              end;
            end
            else
              j := 0;
          end;

          if Result <> 0 then
            Break;

          { Process next section }
          SectionStartAddress := SectionStartAddress + SizeOf(IMAGE_SECTION_HEADER);

        end;

      end
      else
        Result := 0;

    end
    else
      Result := 0;

  end
  else
    Result := 0;

end;

{ This function return handle of process }
function TLoaderEngine.GetProcessHandle : THandle;
begin
  Result := hProcess;
end;

{ This function return handle of thread }
function TLoaderEngine.GetThreadHandle: THandle;
begin
  Result := hThread;
end;

{ This function will stop the program here until it finds a newly created window
  of Target or until it hits the timeout. }
function TLoaderEngine.WaitTillFirstWindow(Timeout: Integer) : Boolean;
var
  TimeoutCounter : Integer;
begin

  TimeoutCounter := 0;
  bEnumWindow := False;

  { Loop for checking EnumWindows }
  while not bEnumWindow do
  begin

    EnumWindows(@EnumWindowsProc, 0);

    Inc(TimeoutCounter);
    if TimeoutCounter div 100 = Timeout then
    begin
      Break;
    end;

  end;

  Result := bEnumWindow;

end;

{ This function return the base address of loaded dll in Remote process.
  If function fails returns 0 }
function TLoaderEngine.GetRemoteDLLBase(DLLName : string) : DWORD;
var
  cbNeeded, DLLPathSize : DWORD;
  DLLPath : string;
  hModP : PHMODULE;
  hMods : array of HMODULE;
  Filename : array[0..MAX_PATH-1] of Char;
  i : Integer;
begin

  EnumProcessModules(hProcess, nil, 0, cbNeeded);
  Result := 0;

  if cbNeeded <= 0 then Exit;

  //Alloc memory for storing hMods
  SetLength(hMods, cbNeeded div sizeof(HMODULE));
  ZeroMemory(@hMods[0], SizeOf(hMods));
  hModP := @hMods[0];

  if EnumProcessModules(hProcess, hModP, cbNeeded, cbNeeded) then
  begin

    for i := 0 to Length(hMods)-1 do
    begin

      ZeroMemory(@Filename[0], Length(Filename)*2);
      DLLPathSize := Length(Filename);
      if GetMappedFileName(hProcess, Pointer(hMods[i]), @Filename[0],DLLPathSize) > 0 then
      begin

        //do nothing

      end
      else
      begin     // just another trick to retrive dll path

        GetModuleFileNameEx(hProcess, hMods[i], @Filename[0], DLLPathSize);

      end;

      //make both text in lowercase just for case sensitive
      //if DLLname found in DLLpath break the loop and return Base of DLL
      DLLPath := LowerCase(Filename);
      DLLName := LowerCase(DLLName);
      if Pos(DLLName, DLLPath) > 0 then
      begin
        Result := hMods[i];
        Break;
      end;

    end;

  end
  else
    Result := 0;

end;

{ This function alloct memory in remote process, if this function fail it will return
 nil as result }
function TLoaderEngine.AllocMemory(Size: NativeUInt) : Pointer;
begin
  Result := VirtualAllocEx(hProcess, nil, Size, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
end;

{ This function free memory in which is alloct by AllocMemory }
function TLoaderEngine.DeAllocMemory(Memory: Pointer) : Boolean;
begin
  
  if VirtualFreeEx(hProcess, Memory, 0, MEM_RELEASE) then
    Result := True
  else
    Result := false;

end;

{ Destructor of TLoaderEngine class }
destructor TLoaderEngine.Destroy;
begin
  inherited;
  CloseHandle(hProcess);
  CloseHandle(hThread);
end;

end.

 Hi can someone help me to make it on gui thanks ! 

Here is link of. This code 

https://github.com/GautamGreat/LoaderEngine

Share this post

Link to post

Remy Lebeau    1394

Remy Lebeau
Posted (edited)
12 hours ago, kvk1989 said:

Hi can someone help me to make it on gui thanks !

I'm not sure what you are asking for exactly. Are you asking for someone to make a GUI frontend for your code?  Or, do you want to write to memory of an external GUI program?  Writing to a process's memory is the title of this discussion thread, but your code is not attempting to do that.  So your question seems to be about something else entirely. Please clarify.

Edited by Remy Lebeau
  • Thanks 1

Share this post

Link to post

kvk1989    2

kvk1989
Posted
5 hours ago, Remy Lebeau said:

I'm not sure what you are asking for exactly. Are you asking for someone to make a GUI frontend for your code?  Or, do you want to write to memory of an external GUI program?  Writing to a process's memory is the title of this discussion thread, but your code is not attempting to do that.  So your question seems to be about something else entirely. Please clarify.

Hi I attach a github link (loader engine)

unit Loader_Engine;
 

 

I just want to add these code on external gui program !

Thanks !

Share this post

Link to post

Remy Lebeau    1394

Remy Lebeau
Posted
18 hours ago, kvk1989 said:

Hi I attach a github link (loader engine)

unit Loader_Engine;
 

There is no link (not that it matters, I didn't ask for the code, I asked you to clarify your question).

18 hours ago, kvk1989 said:

I just want to add these code on external gui program !

That doesn't clarify anything.  My earlier question still stands.

Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing General Help
×