Access to dll memory

delphi package - easy access to kernel objects etc.
Post Reply
Melmock
Posts: 4
Joined: Fri Jun 17, 2005 9:24 am

Access to dll memory

Post by Melmock »

I try to create an anti cheat for a game. I am able to list every process and dll. I want to make a crc on dll (partial crc, full crc and string search)

I can see:
- Application.exe
>module1.dll
>module2.dll
>module3.dll
-Application2.exe
...

I need access to module1.dll. How work process.module.memory and process.module.data ?

How can i find string ? How can i find the size of the dll in memory ?

Thank's a lot

Ps: Madshi your project is wonderfull !!!
Melmock
Posts: 4
Joined: Fri Jun 17, 2005 9:24 am

Post by Melmock »

I fund some information:

Code: Select all

loadmodule('mydll.dll',false);
 memo1.Lines.Add('Import:');
 for i:=0 to Module('mydll.dll').importList.ItemCount do
  memo1.Lines.Add(Module('mydll.dll').importList.Items[i].Name ) ;
 memo1.Lines.Add('Export:');
 for i:=0 to Module('mydll.dll').exportList.ItemCount do
  memo1.Lines.Add( Module('mydll.dll').exportList.Items[i].Name ) ;

  pt:=Module('mydll.dll').Memory;
  AssignFile(F, 'Fichier.bin');
  rewrite(F, 1);                           
  Blockwrite(F, pt^, 20000);            
  CloseFile(F);

This is working, but i need to read the dll with loadmodule

Now i try:

Code: Select all

  pt:=process('myexe.exe').Module('mydll.dll').Memory;
  AssignFile(F, 'Fichier.bin');
  rewrite(F, 1);                           
  Blockwrite(F, pt^, 20000);            
  CloseFile(F);
This is not working why ? I can read import/export procedure with process('myexe.exe').Module('mydll.dll').importList this is working fine. The file fichier.bin is random data...
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

When using madKernel please use "with" as often as possible. This way you avoid unnecessary actions, which can speed up performance quite a lot.

Code: Select all

  with loadmodule('mydll.dll',false) do begin
    memo1.Lines.Add('Import:');
    with ImportList do
      for i:=0 to ItemCount do
        memo1.Lines.Add(Items[i].Name);
    memo1.Lines.Add('Export:');
    with ExportList do
      for i:=0 to ItemCount do
        memo1.Lines.Add(Items[i].Name);
    ...
This is not working why ? I can read import/export procedure with process('myexe.exe').Module('mydll.dll').importList this is working fine. The file fichier.bin is random data...
We're talking about a pointer here. And pointers are only valid in their own process and memory contexts. AnotherProcess.Module.Memory is a pointer which is only valid in the other process, but not in yours! You have to use ReadProcessMemory to read out the context of that pointer from the other process.
Melmock
Posts: 4
Joined: Fri Jun 17, 2005 9:24 am

Post by Melmock »

Hi, thanks for your help Madshi !

Could you help me How to use ReadProcessMemory, i try to use this since one month ago !!! I can not read memory of one dll from another process :(
I try openprocess, VirtualQueryEX... Please help me !!!
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Sorry, no time to do all the work for you. OpenProcess + ReadProcessMemory. No VirtualAllocEx needed. ReadProcessMemory must read into a buffer in your process. So normal GetMem for the buffer in your own process.
Melmock
Posts: 4
Joined: Fri Jun 17, 2005 9:24 am

Post by Melmock »

Thank you for your help, this work fine

Code: Select all

address:=process('myexe.exe').Module('mydll.dll').memory;
getmem(buffer,size);
m_hProcess := OpenProcess(PROCESS_ALL_ACCESS, FALSE, process('myexe.exe').ID );
ReadProcessMemory( m_hProcess,address ,Buffer,size,read);
I need to know the size of the dll in memory...
madshi
Site Admin
Posts: 10753
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Ah well, load the dll in your own process, then do this:

Code: Select all

uses madTools;

var nh : PImageNtHeaders;
begin
  nh := GetImageNtHeaders(yourDllHandle);
  dllSize := nh^.OptionalHeader.SizeOfImage;
Post Reply