views:

131

answers:

4

in Windows, lets say I have used DLL Injection to get into another process. I have also done some screencaptures of the memory on the process I have injected into and know the location of the data I want to pull out. Lets say there is data in the other process at 0xaaaaaaaa that contains a certain value. How do I grab this value from that process so I can use it in my injecting app? Since I am injected into the process, can I just use something like memcpy?

memcpy(value, 0xaaaaaaaa, 10);

I'm assuming it's probably more involved than this?

EDIT: To the responses below, I don't see how WM_COPYDATA helps me as it is for sending data to another application, not for retrieving data FROM an existing application.

+3  A: 

In Windows every process addresses its own memory. That means you cannot do something like memcpy having two pointers that point to memory of two different processes.

You can consider any option of interprocess communication: memory mapped files, sockets, named pipes, event window messages.

Here is more information about IPC

Vadmyst
+1  A: 

Try out WM_COPYDATA and take the help from MSDN pertaining to it.

Ashish
+1  A: 

The following IPC mechanisms are supported by Windows:

Clipboard
COM
Data Copy
DDE
File Mapping
Mailslots
Pipes
RPC
Windows Sockets

more details here Interprocess Communications

in your case I would use WM_COPYDATA Message

serge_gubenko
+2  A: 

You should be able to use the ReadProcessMemory function.

See also How to write a Perl, Python, or Ruby program to change the memory of another process on Windows?

Sinan Ünür