Access to dll memory
Access to dll memory
I try to create an anti cheat for a game. I am able to list every process and dll. I want to make a crc on dll (partial crc, full crc and string search)
I can see:
- Application.exe
>module1.dll
>module2.dll
>module3.dll
-Application2.exe
...
I need access to module1.dll. How work process.module.memory and process.module.data ?
How can i find string ? How can i find the size of the dll in memory ?
Thank's a lot
Ps: Madshi your project is wonderfull !!!
I can see:
- Application.exe
>module1.dll
>module2.dll
>module3.dll
-Application2.exe
...
I need access to module1.dll. How work process.module.memory and process.module.data ?
How can i find string ? How can i find the size of the dll in memory ?
Thank's a lot
Ps: Madshi your project is wonderfull !!!
I fund some information:
This is working, but i need to read the dll with loadmodule
Now i try:
This is not working why ? I can read import/export procedure with process('myexe.exe').Module('mydll.dll').importList this is working fine. The file fichier.bin is random data...
Code: Select all
loadmodule('mydll.dll',false);
memo1.Lines.Add('Import:');
for i:=0 to Module('mydll.dll').importList.ItemCount do
memo1.Lines.Add(Module('mydll.dll').importList.Items[i].Name ) ;
memo1.Lines.Add('Export:');
for i:=0 to Module('mydll.dll').exportList.ItemCount do
memo1.Lines.Add( Module('mydll.dll').exportList.Items[i].Name ) ;
pt:=Module('mydll.dll').Memory;
AssignFile(F, 'Fichier.bin');
rewrite(F, 1);
Blockwrite(F, pt^, 20000);
CloseFile(F);
Now i try:
Code: Select all
pt:=process('myexe.exe').Module('mydll.dll').Memory;
AssignFile(F, 'Fichier.bin');
rewrite(F, 1);
Blockwrite(F, pt^, 20000);
CloseFile(F);
When using madKernel please use "with" as often as possible. This way you avoid unnecessary actions, which can speed up performance quite a lot.
Code: Select all
with loadmodule('mydll.dll',false) do begin
memo1.Lines.Add('Import:');
with ImportList do
for i:=0 to ItemCount do
memo1.Lines.Add(Items[i].Name);
memo1.Lines.Add('Export:');
with ExportList do
for i:=0 to ItemCount do
memo1.Lines.Add(Items[i].Name);
...
We're talking about a pointer here. And pointers are only valid in their own process and memory contexts. AnotherProcess.Module.Memory is a pointer which is only valid in the other process, but not in yours! You have to use ReadProcessMemory to read out the context of that pointer from the other process.This is not working why ? I can read import/export procedure with process('myexe.exe').Module('mydll.dll').importList this is working fine. The file fichier.bin is random data...
Thank you for your help, this work fine
I need to know the size of the dll in memory...
Code: Select all
address:=process('myexe.exe').Module('mydll.dll').memory;
getmem(buffer,size);
m_hProcess := OpenProcess(PROCESS_ALL_ACCESS, FALSE, process('myexe.exe').ID );
ReadProcessMemory( m_hProcess,address ,Buffer,size,read);
Ah well, load the dll in your own process, then do this:
Code: Select all
uses madTools;
var nh : PImageNtHeaders;
begin
nh := GetImageNtHeaders(yourDllHandle);
dllSize := nh^.OptionalHeader.SizeOfImage;