How can I find a text string in the memory of my process, without using OpenProcess / ReadProcessMemory? I just can not solve the problem (
- 2And what is the reason for not using such functions? If there is some kind of anti-dumping protection, try to inject your code into csrss.exe, and then after that process, open the necessary and read the memory. Well, if it's really bad - get access to the process memory from the kernel. Write your driver, and through it get access to the original functions of ZwOpenProcess and ZwReadProcessMemory. I recommend reading [Dumping Technologies and Protection Against It] [1] [1]: wasm.ru/article.php?article=dumping - vv2cc am
- oneTry the option to load the dll into csrss.exe, and from there you can find your process and read / write for your process. According to the specifics, the protection should resolve this, otherwise it may have conflicts with OSes. This so as not to bother with the drivers, it can and will be implemented. - vv2cc
- one@ Grigory Ponomarev yes at least like this: [example] [1] [1]: wasm.ru/article.php?article=fwb - vv2cc
- oneIf I were the author of "toys", I would not have stored resources in one place, but in several. And not necessarily explicitly. And when the next stage of updating the data comes (recalculation, output to the screen), I would do the check. Does not match - recalculation. You can do so that the number of resources will be very well smeared from memory. In the extreme case - you can simply make a copy of the resources and encrypt with any encryption algorithm. A driver, hooks, protection - for averting the eyes and the obvious "students." - KoVadim
- one@KoVadim, and code transparency and scalability? and debugging and analysis of bug reports? and reuse code? But the fact that the specialists in the development of the game code in 80% of cases are not experts in the field of information security and lose an order of magnitude to crackers? division of labor also needs to be considered. the option proposed by you is not very effective, especially for games that are really large in terms of code. - vv2cc
|
1 answer
@KoVadim , what prevents you from catching the event and changing the value at the time of updating the record about the amount of gold? The code can be analyzed in a debugger, disassembler, etc. And in a game that consumes an already large number of resources of the system, it may not be patted on the head. In any security system there are bottlenecks, especially if the data is stored and processed on the client side. It is better to transfer such a part to the server, but this is already a flood. PS ended komenty :)
vv2cc vv2cc
1.691 7 eight
- And although I have already solved my problem differently, the question has remained open :-D Well, let's say I have my own application and I want to find a string or value in bytes in its address space. To read from your address space, B: = Byte (Pointer (Address) ^); S: = PAnsiChar (Address); I can do so h: = OpenProcess (PROCESS_VM_READ, False, GetCurrentProcessId); // or GetCurrentProcess ReadProcessMemory (h, Ptr (address), @B, 1, c); Or like this. But what is the point for me in my application to work with memory through ReadProcessMemory, when you can directly? - Grigory Ponomarev
- one@ Grigory Ponomarev, let's start with the approach: how do you know the address where you need the data? if the address is reliably known, then inside the process you can easily refer to it (and it is available based on the context of the problem) the question - how to find the address you need? Solution: determine the process memory blocks and their attributes. for each block of virtual memory that has read and write access, perform a primary scan. later - screening, if necessary. (artmoney is a good example). This is where functions are needed to work with Wirth. memory process. - vv2cc
|