views:

676

answers:

6

Hi all, If you could help me with this dilemma I have. Now, I know C \ C++, I know asm, I know about dll injection, I know about virtual memory addressing, but I just can't figure out how software like CheatEngine, and others, manage to change a variable's value in another process.

For those who don't know, 3rd party cheat engine tools can scan for values in the memory space of a program and identify the location of a variable with a given value and change it.

My question is, how do they do it?

Given an address, if I were to write C code, how could I change the value at that address belonging to another process without getting an invalid addressing error?

Thanks.

+4  A: 

I'm fairly certain those programs are pretending to be debuggers. On Windows, I would start with DebugActiveProcess() and go from there.

Oh, and the very useful looking ReadProcessMemory() function (and WriteProcessMemory()).

jeffamaphone
Thanks this is what i was looking for, works great. (For others reading this solution be sure to use DebugActiveProcessStop when done)
theBlinker
Be sure to call DebugSetProcessKillOnExit() if you don't want the process you're debugging to die after you're done debugging it.
mrduclaw
+1  A: 

You can't do this with Standard C or C++ - you have to use operating system specific features. So you need to tell us which OS you are interested in.

anon
Sorry i did not specify, i am interested in Windows, but Linux would be great to, i am curious to try it there also
theBlinker
+4  A: 

For Windows, here's an amazingly detailed article about code injection techniques, which can be used as a starting point.

Daniel Earwicker
I was looking for a none intrusive solution, but great resource nonetheless, definitely on my toread list
theBlinker
+2  A: 

On unix: ptrace()

Thomas
Thanks will mess around with it after i'm done with this, good to know
theBlinker
+1  A: 

You may also be interested in Detours:

Software packaged for detouring Win32 and application APIs.

none
Thanks read about detouring http://www.codingthewheel.com/archives/how-i-built-a-working-online-poker-bot-7. Fun experiment ASCII \ graffiti bomb. Too bad it's not freely \ easily available for 64 bit
theBlinker
A: 

Hello,

Could you post code that you used that worked for you, I am interested in knowing this answer as well?