Reputation: 5
Writing process memory without WriteProcessMemory
I'm trying to write another process memory without using WriteProcessMemory() function.
I'm calling VirtualAllocEx() to pass data to my thread with CreateRemoteThread().
WriteMemoryInfo* m = (WriteMemoryInfo*)VirtualAllocEx(
hProc,
NULL,
1024,
MEM_COMMIT | MEM_RESERVE,
PAGE_READWRITE
);
m->addr = FinalAddress; // Problem
m->data = Data; // Problem
m->length = Size; // Problem
HANDLE threadID = CreateRemoteThread(
hProc,
NULL,
0,
(LPTHREAD_START_ROUTINE)RemoteThread,
m,
NULL,
NULL
);
The problem is, I can't write to the new created memory with VirtualAllocEx() as it doesn't belong to my process. The solution would be to use WriteProcessMemory() on this memory but it's the function I'm doing.
How can I initialize this memory (m variable) without WriteProcessMemory() ?
Upvotes: 0
Views: 864
Answers (1)
Reputation: 3923
CreateRemoteThread() and VirtualAllocEx() will be categorized as just as risky as WriteProcessMemory(), if you're using these you might as well use WriteProcessMemory() also.
The lpParameter argument for CreateRemoteThread() takes a pointer to a variable to be passed to the function.
If you don't want to use WriteProcessMemory() you can start the process with a command line argument, pass whatever you want to use for lpParameter as a command line argument. It will exist in the target process but the process will just ignore it.
You can then pattern scan for this variable to get the address and then pass this address as the lpParameter variable.
This neat trick was shared with me by my friend timb3r.
Upvotes: 2