Welcome on MasterOf13FPS! MasterOf13FPS

Register today or sign up if you are already a member and never miss any cool content again :)

Source Linux - Read and write process memory easily

kernelmode

New member
Joined
Jan 29, 2021
Messages
1
Reaction score
0
Points
0
Originally that isn't my code, I just changed a few things.
Credits: https://www.unknowncheats.me/forum/...rs/402740-read-write-processmemory-linux.html
Happy coding!

C++:
#include <iostream>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <sys/ptrace.h>
#include <errno.h>
#include <string.h>
#include <fcntl.h>
#include <stdlib.h>

struct Process {
    pid_t pid;
    char buff[512];
    FILE *pid_pipe;
} process;

void find_process(const char *process_target) {
    process.pid_pipe = popen(process_target, "r");
    fgets(process.buff, 512, process.pid_pipe);
    process.pid = strtoul(process.buff, NULL, 10);

    if (process.pid == 0) {
        printf("App Var is not launch ! \n");
        pclose(process.pid_pipe);
        exit(-1);
    } else {
        printf("App Var is running - PID NUMBER -> {%d} \n", process.pid);
        pclose(process.pid_pipe);
    }
}

void ReadProcessMemory(unsigned long address, int pid) {

    int buf = 0;

    int err_code = ptrace(PTRACE_ATTACH, process.pid, NULL, NULL);

    if (err_code == -1) {
        printf("%s\n", "error 1");
        exit(-1);
    }
    wait(NULL);

    printf("Read the adress of the process \n");
    for (int i = 0; i < 1; i++) {
       buf = ptrace(PTRACE_PEEKDATA, process.pid, address + i * sizeof(int), NULL);
        if (buf == -1) {
            printf("%s\n", "error 2");
            exit(-1);
        }

        printf("%d\n", buf);

    }
    err_code = ptrace(PTRACE_DETACH, process.pid, NULL, NULL);
    if (err_code == -1) {
        printf("%s\n", "error 3");
        exit(-1);
    }
}

void WriteProcessMemory(unsigned long address, int new_value, int pid) {
    int buf = 0;

    int err_code = ptrace(PTRACE_ATTACH, process.pid, NULL, NULL);
    if (err_code == -1) {
        printf("%s\n", "error 1");
        exit(-1);
    }

    wait(NULL);
    printf("Write the new value ! \n");
    for(int i = 0; i < 1; i++) {
        buf = ptrace(PTRACE_POKEDATA, process.pid, address + i * sizeof(int), new_value);
        if (buf == -1) {
            printf("%s\n", "error 2");
            exit(-1);
        }
        printf("The new value has just been added! \n");
    }
    err_code = ptrace(PTRACE_DETACH, process.pid, NULL, NULL);
    if (err_code == -1) {
        printf("%s\n", "error 3");
        exit(-1);
    }
}


int main()
{
    find_process("pidof -s AppVar");

    constexpr unsigned long target_address {0x000000000000};
    constexpr int target_value {1337};
    ReadProcessMemory(target_address, process.pid);
    WriteProcessMemory(target_address, target_value, process.pid);
    return 0;
}
 
Last edited:
shape1
shape2
shape3
shape4
shape5
shape6
Top