If someone know how these programs work, help me, please.
The problem is:
I choose a process, open it by "OpenProcess" with "PROCESS_ALL_ACCESS (1F0FFFh)". Then I use "VirtualQueryEx" for scan process' memory. But when the adress is 0 (and not only for 0-adress), it returns 0 (I mean there isn't any written data in transferred buffer). But when "O'Matic" does similar operations, it's O.K. (1Ch bytes with right data). :(
What's wrong and what should I do?
Posted on 2003-12-12 11:23:40 by nskSem
Hi nskSem. :)
I haven't used this particular APIs much, but IMHO the call is failing because no valid address has a value <= 0xFFFF (65535 in decimal). That is, 0 is a NULL pointer. IMHO you should use a pointer to the target process address space. Programs like ArtMoney and the such only show you the relative address, so in that case an address of 0 really means "the first byte in the process memory space". (Please correct me if I'm wrong)
Posted on 2003-12-12 12:33:11 by QvasiModo
erm virtualqueryex will only tell you about the memory 'pages'
to get the data contained in a valid memory block you must use
writeprocessmemory or similar code to actually retrieve the data
contained at the memory address
Posted on 2003-12-12 13:43:24 by evlncrn8
Close to the edge with such an subject....
Posted on 2003-12-12 14:29:11 by BogdanOntanu
but still reasonable, I'd say.

Virtual Offsets vs. relative offests... ie, 0x1000 vs 0x401000. Read/WriteProcessMemory. OpenProcess or CreateProcess with the correct flags.

VirtualQuery is if you want to search the process memory space (including heap, etc) for values. Injecting code in the process + GetProcessHeap should also get you a far way.
Posted on 2003-12-12 18:44:09 by f0dder
Afternoon, nskSem.

From the board rules:
There will be no crackz (i.e. programs that alter another program with the sole purpose to defeat its protection scheme allowing for unauthorized usage) or reverse engineering allowed. Reason: see warez. This rule goes for public posts as well as private messages. Reverse engineering is allowed in certain countries for interoperability purposes but it is forbidden in others. Due to the multi-nationality of this board and the fact that its server is in the United States, discussion on reverse engineering is not allowed. This for your protection as well as the forum.


You're wanting to RE a game so that you can modify its data?

Not in here, thanks.

Cheers,
Scronty
Posted on 2003-12-12 20:30:21 by Scronty