Search found 9 matches

by Pawn_Fox
Thu Mar 23, 2017 9:26 am
Forum: fun talk
Topic: Question about WriteProcessMemory
Replies: 17
Views: 16484

Re: Question about WriteProcessMemory

madshi wrote:Work for doing what?
For injecting a hook into another process.
by Pawn_Fox
Thu Mar 23, 2017 9:01 am
Forum: fun talk
Topic: Question about WriteProcessMemory
Replies: 17
Views: 16484

Re: Question about WriteProcessMemory

madshi wrote:You need to do the WriteProcessMemory hooking in every running user mode process. In order to do that your hooking code should be in a dll, and that dll needs to be injected into all those processes.
I understand. Would something like this work:
http://pastebin.com/vFTTsdS5 ?

Thanks.
by Pawn_Fox
Thu Mar 23, 2017 8:02 am
Forum: fun talk
Topic: Question about WriteProcessMemory
Replies: 17
Views: 16484

Re: Question about WriteProcessMemory

Ok, if you can wait then you can use madCodeHook's "InjectLibrary(processHandleOfNewlyStartedProcess, 'YourHook.dll')" API to inject the newly started process with your hook dll. In this case you don't need the kernel mode driver, and you don't need the certificate. Signing your exe + hoo...
by Pawn_Fox
Thu Mar 23, 2017 7:54 am
Forum: fun talk
Topic: Question about WriteProcessMemory
Replies: 17
Views: 16484

Re: Question about WriteProcessMemory

If you already have code for that, you might not need the madCodeHook driver. However, if you wait for the new opened processes to start before you hook them it might already be too late, they might already have called WriteProcessMemory before you hooked them. The madCodeHook driver automatically ...
by Pawn_Fox
Thu Mar 23, 2017 7:42 am
Forum: fun talk
Topic: Question about WriteProcessMemory
Replies: 17
Views: 16484

Re: Question about WriteProcessMemory

You don't have to kill the hook at all. You can run it at all times. Whether doing that is in the interest of the end user is another question, though. Anti-virus software tends to be relaxed if you properly sign your exe, dll and driver files. There's no guarantee that there will never be a false ...
by Pawn_Fox
Wed Mar 22, 2017 6:08 pm
Forum: fun talk
Topic: Question about WriteProcessMemory
Replies: 17
Views: 16484

Re: Question about WriteProcessMemory

I've never even heard of WriteDMALong/Integer yet, to be honest. After a google search it seems to me that "WriteDMALong/Integer" are not APIs offered by Microsoft, but they seem to be functions in some demo source code. They seem to be based on calling WriteProcessMemory internally, but ...
by Pawn_Fox
Wed Mar 22, 2017 2:39 pm
Forum: fun talk
Topic: Question about WriteProcessMemory
Replies: 17
Views: 16484

Re: Question about WriteProcessMemory

Using madCodeHook, your hook dll would be called whenever any user mode process calls WriteProcessMemory. Your hook dll gets called *instead* of the real WriteProcessMemory API. You can then decide if you want to allow that specific WriteProcessMemory call (e.g. you would probably allow it if it do...
by Pawn_Fox
Wed Mar 22, 2017 6:06 am
Forum: fun talk
Topic: Question about WriteProcessMemory
Replies: 17
Views: 16484

Re: Question about WriteProcessMemory

Are cheats not usually loaded right into the game process? If so, they will not use WriteProcessMemory, but simply directly write to the RAM, with no APIs called at all. But if there are cheats which operate by calling WriteProcessMemory, you should be able to hook those, but you'll probably need a...
by Pawn_Fox
Tue Mar 21, 2017 9:11 pm
Forum: fun talk
Topic: Question about WriteProcessMemory
Replies: 17
Views: 16484

Question about WriteProcessMemory

Hello and sorry if i'm posting at a wrong category of this forum. I have a ".dll" that is injecting into a game (an anti-cheat) and i want to monitor all the external "WriteProcessMemory" that interacts with this game, so then i can monitor all the shitty cheats that are changing...