Closed rlewkowicz closed 2 years ago
I don't do cheats, but this is a general question.
Important to know when doing DMA writes is that writes takes place to underlying physical memory. This means that if there are other processes sharing the same module (exe or dll) they'll be affected of the write at the same time. This is unlike writing to a process using normal tools. Usually this isn't a problem if writing to a process with just one instance loaded or if writing to heaps/stacks and such.
To write simply do:
DWORD dwPID = <process_pid>;
QWORD vaModuleBase = 0x0000000140000000;
DWORD dwModuleOffset = 0x1C4A258;
BYTE pbwrite[] = {0x90, 0x90, 0x90, 0x90, 0x90, 0x90};
BOOL fResult = VMMDLL_MemWrite(dwPID, vaModuleBase + dwModuleOffset, pbwrite, 6);
I'm getting:
Severity Code Description Project File Line Suppression State
Error LNK2001 unresolved external symbol VmmWrite vmm_example C:\Repos\leech\MemProcFS\vmm_example\vmmdll_example.obj 1
I added the vmm folder as an additional include in the project settings and included vmm header. to no avail.
Is it supposed to be as simple as calling this function?
sorry, my bad, I posted the internal function, correct function is: VMMDLL_MemWrite
That worked! This is so darn cool. Thanks for everything!
This isn't stack overflow, so in advance if this is out of scope, we can close it and I apologize for the noise.
In an attempt to correlate my understanding of local tools, to that of pci leech I want to modify a memory value in the same way.
I have a memory value that has an instruction of decrement, that I targeted through cheat engine (I know you don't necessarily support game cheating, this is not competitive and I'm not out here ruining anyone's fun)
Process.exe+0x1C4A258 - FF 8B E0050000
I want to nop this via pcileech ( FF 8B E0050000 -> 90 ) . I have used your vmm example to target what I think is the equivalent base address.
Given this information, how can I find and write to 0x1C4A258?