Willkommen auf MasterOf13FPS! MasterOf13FPS

Registriere dich noch heute oder melde dich an, falls du bereits Mitglied bist und verpasse keinen coolen Content mehr :)
  • Hi Guest, on 24.09.2021 20:00 UTC the forum software will be updated. Therefore, there may be some outages. After the update our theme will be updated as well. If something happens, information will follow on our guilded server.

    With kind regards MasterOf13FPS
  • Hey Guest, wir haben nun einen Telegram-Channel!
    Klicke hier, um zu joinen: Channel beitreten

Source Linux - Read and write process memory easily

kernelmode

New member
Joined
Jan 29, 2021
Messages
1
Reaction score
0
Points
0
Originally that isn't my code, I just changed a few things.
Credits: https://www.unknowncheats.me/forum/...rs/402740-read-write-processmemory-linux.html
Happy coding!

C++:
#include <iostream>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <sys/ptrace.h>
#include <errno.h>
#include <string.h>
#include <fcntl.h>
#include <stdlib.h>

struct Process {
    pid_t pid;
    char buff[512];
    FILE *pid_pipe;
} process;

void find_process(const char *process_target) {
    process.pid_pipe = popen(process_target, "r");
    fgets(process.buff, 512, process.pid_pipe);
    process.pid = strtoul(process.buff, NULL, 10);

    if (process.pid == 0) {
        printf("App Var is not launch ! \n");
        pclose(process.pid_pipe);
        exit(-1);
    } else {
        printf("App Var is running - PID NUMBER -> {%d} \n", process.pid);
        pclose(process.pid_pipe);
    }
}

void ReadProcessMemory(unsigned long address, int pid) {

    int buf = 0;

    int err_code = ptrace(PTRACE_ATTACH, process.pid, NULL, NULL);

    if (err_code == -1) {
        printf("%s\n", "error 1");
        exit(-1);
    }
    wait(NULL);

    printf("Read the adress of the process \n");
    for (int i = 0; i < 1; i++) {
       buf = ptrace(PTRACE_PEEKDATA, process.pid, address + i * sizeof(int), NULL);
        if (buf == -1) {
            printf("%s\n", "error 2");
            exit(-1);
        }

        printf("%d\n", buf);

    }
    err_code = ptrace(PTRACE_DETACH, process.pid, NULL, NULL);
    if (err_code == -1) {
        printf("%s\n", "error 3");
        exit(-1);
    }
}

void WriteProcessMemory(unsigned long address, int new_value, int pid) {
    int buf = 0;

    int err_code = ptrace(PTRACE_ATTACH, process.pid, NULL, NULL);
    if (err_code == -1) {
        printf("%s\n", "error 1");
        exit(-1);
    }

    wait(NULL);
    printf("Write the new value ! \n");
    for(int i = 0; i < 1; i++) {
        buf = ptrace(PTRACE_POKEDATA, process.pid, address + i * sizeof(int), new_value);
        if (buf == -1) {
            printf("%s\n", "error 2");
            exit(-1);
        }
        printf("The new value has just been added! \n");
    }
    err_code = ptrace(PTRACE_DETACH, process.pid, NULL, NULL);
    if (err_code == -1) {
        printf("%s\n", "error 3");
        exit(-1);
    }
}


int main()
{
    find_process("pidof -s AppVar");

    constexpr unsigned long target_address {0x000000000000};
    constexpr int target_value {1337};
    ReadProcessMemory(target_address, process.pid);
    WriteProcessMemory(target_address, target_value, process.pid);
    return 0;
}
 
Last edited:
shape1
shape2
shape3
shape4
shape5
shape6
Top