For injecting a hook into another process.madshi wrote:Work for doing what?
Search found 9 matches
- Thu Mar 23, 2017 9:26 am
- Forum: fun talk
- Topic: Question about WriteProcessMemory
- Replies: 17
- Views: 29187
Re: Question about WriteProcessMemory
- Thu Mar 23, 2017 9:01 am
- Forum: fun talk
- Topic: Question about WriteProcessMemory
- Replies: 17
- Views: 29187
Re: Question about WriteProcessMemory
I understand. Would something like this work:madshi wrote:You need to do the WriteProcessMemory hooking in every running user mode process. In order to do that your hooking code should be in a dll, and that dll needs to be injected into all those processes.
http://pastebin.com/vFTTsdS5 ?
Thanks.
- Thu Mar 23, 2017 8:02 am
- Forum: fun talk
- Topic: Question about WriteProcessMemory
- Replies: 17
- Views: 29187
Re: Question about WriteProcessMemory
Ok, if you can wait then you can use madCodeHook's "InjectLibrary(processHandleOfNewlyStartedProcess, 'YourHook.dll')" API to inject the newly started process with your hook dll. In this case you don't need the kernel mode driver, and you don't need the certificate. Signing your exe + hoo...
- Thu Mar 23, 2017 7:54 am
- Forum: fun talk
- Topic: Question about WriteProcessMemory
- Replies: 17
- Views: 29187
Re: Question about WriteProcessMemory
If you already have code for that, you might not need the madCodeHook driver. However, if you wait for the new opened processes to start before you hook them it might already be too late, they might already have called WriteProcessMemory before you hooked them. The madCodeHook driver automatically ...
- Thu Mar 23, 2017 7:42 am
- Forum: fun talk
- Topic: Question about WriteProcessMemory
- Replies: 17
- Views: 29187
Re: Question about WriteProcessMemory
You don't have to kill the hook at all. You can run it at all times. Whether doing that is in the interest of the end user is another question, though. Anti-virus software tends to be relaxed if you properly sign your exe, dll and driver files. There's no guarantee that there will never be a false ...
- Wed Mar 22, 2017 6:08 pm
- Forum: fun talk
- Topic: Question about WriteProcessMemory
- Replies: 17
- Views: 29187
Re: Question about WriteProcessMemory
I've never even heard of WriteDMALong/Integer yet, to be honest. After a google search it seems to me that "WriteDMALong/Integer" are not APIs offered by Microsoft, but they seem to be functions in some demo source code. They seem to be based on calling WriteProcessMemory internally, but ...
- Wed Mar 22, 2017 2:39 pm
- Forum: fun talk
- Topic: Question about WriteProcessMemory
- Replies: 17
- Views: 29187
Re: Question about WriteProcessMemory
Using madCodeHook, your hook dll would be called whenever any user mode process calls WriteProcessMemory. Your hook dll gets called *instead* of the real WriteProcessMemory API. You can then decide if you want to allow that specific WriteProcessMemory call (e.g. you would probably allow it if it do...
- Wed Mar 22, 2017 6:06 am
- Forum: fun talk
- Topic: Question about WriteProcessMemory
- Replies: 17
- Views: 29187
Re: Question about WriteProcessMemory
Are cheats not usually loaded right into the game process? If so, they will not use WriteProcessMemory, but simply directly write to the RAM, with no APIs called at all. But if there are cheats which operate by calling WriteProcessMemory, you should be able to hook those, but you'll probably need a...
- Tue Mar 21, 2017 9:11 pm
- Forum: fun talk
- Topic: Question about WriteProcessMemory
- Replies: 17
- Views: 29187
Question about WriteProcessMemory
Hello and sorry if i'm posting at a wrong category of this forum. I have a ".dll" that is injecting into a game (an anti-cheat) and i want to monitor all the external "WriteProcessMemory" that interacts with this game, so then i can monitor all the shitty cheats that are changing...