++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+This is a little Disclaimer for if you havn't read the one on our site. +
+The tools and tutorials KD-Team develops and publishes are only ment for +
+educational purpose only.WE DO NOT encourage the use of this tools and +
+tutorials for mailicious purpose.We learned a lot during the development of them +
+so we hope you also learn and don't just use it without any brains. +
+We take completly NO responsability for any damage caused by them nor +
+are we or our isp responsible for what you do with them. +
+Greetz: KD-Team +
+http://www.kd-team.com +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Tutorial On How To Read Memory In C
Written By: kd-team
Turn wordwrapping one, in some editors it reads better.
1) Intro
2) Why Read Memory?
3) Reading Memory
4) Last Words
1) Intro
Well here is another tutorial of me :) This time it will be lotsa concentrated on coding instead of just entering commands in some app to let it do what you want. Hope that with this little tut more people get interested to code things and step of the batch idea ( I am NOT saying batch is bad but only that coding with a programming language give you more power/control of the machine).
This is my first tutorial on a somewhat more advanced topic so if I make big mistakes regarding the topic bitchslap me :D else uhm just warn me then bitchslap me.
Well think that I have bullshitted enough now :D so let's get on with the next section.
2) Why Read Memory?
Hmm that is a good question but luckily this question has got a answer.
Like you know all application use memory so it has to have some proper used wouldn't you think?
Well they do but we are not gonna discuss all of them uses in here. What I want to make clear here is that some programs store the password unencrypted in the memory* cause they think it won't be read since it's there such a short period of time(other cases it may be a long period). So this could be one of the purposes to write a memory dumper.
3) Reading Memory
Well to read memory you need a few different things but I am trying to walk you through and explain everything as good as possible.
#include//for input output of things.
#include//So we can use windows functions
Well first we need a proccess id we can do this by code but this time we will just get it with the help of some program or in xp with tasklist just pick a proccess id of which you would like to read the memory. Why you need a proccess id you ask? well cause some of the function we are gonna use require it.
Also take note that some processes protect themselves by making parts of memory not readable so then you
just get error.
void main(int argc,char *argv[])
{
//first let's declare some vars
char buf[24000]; //this is the buffer where the read memory is stored
DWORD bufsize = sizeof(buf); //here defina how much bytes we are gonna read
DWORD hPID=0; //just defining a standard pid
HANDLE hReadp; //handle that will hold the return of the openprocess funtion
//since we don't use code to get the process pid we will just ask the user for it here.
printf("Enter Process Id: ");
scanf("%d",&hPID);
//here we use the OpenProcess funtion to open the desired process with the necessary rights.
hReadp = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,FALSE, hPID);
if(NULL != hReadp)
{
/*
The actual reading of the memory adres
first var is the handle that OpenProcess returned
the 0x400000 is the base adres (almost)all .exe in win32 use that.
the next 2 vars we already discussed them when declaring them.
last var returns into a buffer how many bytes where read so if not interested
you can leave it NULL
if I am correct all processes have memory from 0x000000 till 0xffffff so that would be the whole space you have to read and find possible interesting things in it.
*/
int ret = ReadProcessMemory(hReadp,(LPCVOID)0x400000, &buf, bufsize,NULL);
if(ret<=0)
{
printf("failed %d\n",GetLastError());
}
if(ret>0)
{
//Here we will be printing the buffer that holds the memory info
for(int e=0;e<=sizeof(buf);e++)
printf("%c",buf[e]);
}
}
//close the handle that we got from OpenProcess
CloseHandle(hReadp);
}
4) Last Words
Well this was my first tut concerning code.
Hope you all liked it and it was usefull and answered some of your questions.
I kinda just started with C only been with it like 3 month with some pauses in between so my code ain't the prettiest one out there or the best optimised. Suggestions are always welcome I just won't be updating this document since this is just a little tut for simple memreading nothing fancy. Cause there are more things to automated some things in here like the baseadres and the pid etc.
Well enjoy and have fun with it.
Oh and plz excuse my english.
Greetz:
KD-Team
* a good paper on passwords and memory is the pdf written by: Abhishek Kumar Titled: Discovering passwords in the memory
Informatii utile pentru securitatea ta si al computerului tau!
How to Read Memory in C
Abonați-vă la:
Postare comentarii (Atom)
Niciun comentariu:
Trimiteți un comentariu