Read the structure of another EXE

Kwai chang caine · Post by **Kwai chang caine** » Fri Jan 13, 2012 11:08 am

Hello at all

I believe it's impossible, but i prefer put when even this question for be sure i have good understand the behaviour of memory

Each EXE have his personal space memory, so an EXE can't read a structure of another application..it's that ???

So it's normal this code don't works

Program.exe

Code: Select all

Structure Kcc
 a.l
 b.s
EndStructure

Global Variable.Kcc

Variable\a = 123456
Variable\b = "Hello, I'm KCC"

OpenConsole()

PrintN(Trim(Str(@Variable)))
FlushFileBuffers_(GetStdHandle_(#STD_OUTPUT_HANDLE))

MessageRequester("", Trim(Str(@Variable)))
CloseConsole()
End

TestProgram.pb

Code: Select all

Structure Kcc
 a.l
 b.s
EndStructure

Global Variable.Kcc

Compilateur = RunProgram("Program.exe", "", "", #PB_Program_Hide|#PB_Program_Open|#PB_Program_Read)
Delay(100)
Sortie$ = ""

If Compilateur
 
 While ProgramRunning(Compilateur)
           
  If AvailableProgramOutput(Compilateur)
   Sortie$ + ReadProgramString(Compilateur) + Chr(13)
  Else
   Break
  EndIf
  
  Debug Sortie$
  
 Wend
 
 *PointeurTablo = Val(Sortie$)
 
 If *PointeurTablo
  CopyMemory(*PointeurTablo, @Variable, SizeOf(Kcc))
 EndIf
 
 Debug Variable\a
 Debug Variable\b
 
 KillProgram(Compilateur)
 CloseProgram(Compilateur)
    
EndIf

Thanks and good day

Didelphodon · Post by **Didelphodon** » Fri Jan 13, 2012 11:25 am

It's possible! Reading and writing to another process is definitely possible. But not the way you tried it, though.
You need to use the special API functions ReadProcessMemory and WriteProcessMemory (in case you want to write).

Here are some links to the MSDN with detailed descriptions ...
http://msdn.microsoft.com/en-us/library ... p/ms680553
http://msdn.microsoft.com/en-us/library ... p/ms681674

Before you can use these functions you need to open the regarding process, though:
http://msdn.microsoft.com/en-us/library ... p/ms684320

Cheers,
Didel.

Kwai chang caine · Post by **Kwai chang caine** » Fri Jan 13, 2012 12:31 pm

Thanks i look at this links

Have a good day

Kwai chang caine · Post by **Kwai chang caine** » Fri Jan 13, 2012 1:01 pm

Thanks to DIDELPHODON i move

I receive the Long of the structure, but not the string

Adresse of pointer return by the EXE : 4211448

Number of bit received : 8
Size of structure KCC :8
123456
#Ð©bØƒÜñÐˆbØ„ÜgÂ"bØ…ÜüÑ…bØ†ÜYÌ7bØ‡ÜðÇabØˆÜøÄFbØ‰Ü¿ÎFbØŠÜÃÈbØ‹ÜWÅ”bØŒÜ‹ÇbØÜíÌybØŽÜ×È.bØÜBÑ:bØÜgÀmbØ‘ÜäÅ7bØ’ÜüÏ"bØ“Ü£Æ.bØ”ÜsÄbØ•ÜóÁbØ–ÜÆ+bØ—ÜçÄ:bØ˜ÜóÎ‘bØ™ÜªÊgbØšÜ’ÂCbØ›ÜñÐbØœÜµËîbØÜÏjbØžÜÊÅ:bØŸÜèÐbØ ÜÃÈbØ¡Ü×È+bØ¢Ü4É1bØ£Ü@Å+bØ¤Ü_ÅbØ¥ÜÏÈâbØ¦Ü‘ÌbØ§ÜñÐ bØ¨ÜRÂbØ©Ü¢ÌmbØªÜ”Á7bØ«ÜßÁÓbØ¬Ü¼ÑybØÜcÍFbØ®ÜLÑˆbØ¯Ü´ÉCbØ°ÜLÑ‹bØ±Ü)ÃybØ²ÜmÍîbØ³ÜˆË©bØ´Ü¿Ï
bØµÜÊÅ[bØ¶Ü’ÊbØ·Ü€Ç÷bØ¸Ü¦ÆñbØ¹ÜBÑLbØºÜ}Ï”bØ»ÜCÅ^bØ¼ÜYÁÍbØ½ÜqÍ+bØ¾ÜÌÄbØ¿Ü·ÂîbØÀÜ¶ÇCbØÁÜ Ñ¯bØÂÜvÄvbØÃÜSÇÁbØÄÜbÅ[bØÅÜÂ"bØÆÜLÐ÷bØÇÜäÅˆbØÈÜÇÜbØÉÜäÅ…bØÊÜàÁbØËÜpÂ¬bØÌÜ»ÍîbØÍÜºÌ4bØÎÜÃÏ‹bØÏÜ²ÍbØÐÜÆbØÑÜÆýbØÒÜbÆÜbØÓÜôÎ=bØÔÜªÁ=bØÕÜ¿ÍybØÖÜÜÇdbØ×ÜWÅúbØØÜÃÈˆbØÙÜwÊgbØÚÜ Ñ¸bØÛÜ‚Á¸bØÜÜñÐ¦bØÝÜ2Ä”bØÞÜÐýbØßÜµÑbØàÜÐIbØáÜnÍIbØâÜ„ÍvbØãÜ’Â^bØäÜÁÁLbØåÜÅXbØæÜ‚ÏbØçÜÊÅâbØèÜ>ÇRbØéÜ•ÂvbØêÜqÍ.bØëÜHÑ¦bØìÜÐ@bØíÜRÂ@bØîÜñÐ©bØïÜ×ÈˆbØðÜŒÇ¸bØñÜøÈÄbØòÜyÁ"bØóÜ8Â£bØôÜÉ(bØõÜvÂ(bØöÜ8Â©bØ÷ÜÇbØøÜ;Ç‹bØùÜ·ÐCbØúÜcÍvbØûÜ¿Ï4bØüÜRÂFbØýÜMÆbØþÜÐÈ…bØÿÜÐÈ‚bØ

Program.exe

Code: Select all

Structure Kcc
 a.l
 b.s
EndStructure

Global Variable.Kcc

Variable\a = 123456
Variable\b = "Hello, I'm KCC"

OpenConsole()

PrintN(Trim(Str(@Variable)))
FlushFileBuffers_(GetStdHandle_(#STD_OUTPUT_HANDLE))

CloseConsole()
Delay(2000)
End

TestProgram.pb

Code: Select all

Structure Kcc
 a.l
 b.s
EndStructure

Global Variable.Kcc

hProcess = RunProgram("Program.exe", "", "", #PB_Program_Hide|#PB_Program_Open|#PB_Program_Read)
ProcessID=ProgramID(hProcess)
ProcessHandle = OpenProcess_(#PROCESS_ALL_ACCESS, #False, ProcessID)

Delay(100)
Sortie$ = ""

If hProcess
 
 While ProgramRunning(hProcess)
           
  If AvailableProgramOutput(hProcess)
   Sortie$ + ReadProgramString(hProcess) + Chr(13)
  Else
   Break
  EndIf
  
  Debug "Adresse of pointer return by the EXE : " + Sortie$
  
 Wend
 
 *PointeurTablo = Val(Sortie$)
 ReadProcessMemory_(ProcessHandle, *PointeurTablo, @Variable.Kcc, SizeOf(Kcc), @NbBit)
 
 Debug "Number of bit received : " + Str(NbBit)
 Debug "Size of structure KCC :" + Str(SizeOf(Kcc))
 Debug Variable\a
 Debug Variable\b
 
 KillProgram(hProcess)
 CloseProgram(hProcess)
    
EndIf

ultralazor · Post by **ultralazor** » Fri Jan 13, 2012 2:13 pm

Outside of of MSIL, MSVRT, MSVCRT PEs it's as simple as some structs and endian sorting. Also resource and reloc structures have to be handled.

PE, even fully documented, is extremely time consuming to work with, this is why software protections are a easy market once you have a stable product. You can do updates every few months and still keep clients..

Just use the existing structs and build from there, the relocation and resource sections are also documented.

EDIT: Also at runtime you have to handle stack frames and heap allocations which are surprisingly simple thanks to API..

Kwai chang caine · Post by **Kwai chang caine** » Fri Jan 13, 2012 2:27 pm

Also at runtime you have to handle stack frames and heap allocations which are surprisingly simple thanks to API..

Since i programming in PB, there are several years, i have lost the word "Simple" in my vocabulary

Apparently, the alone thing i have understand is, i'm not at the end of my problem

Thanks when even to your answer

breeze4me · Post by **breeze4me** » Sat Jan 14, 2012 10:20 am

If a structure includes a string field, then reading the string is somewhat complicated.
And if both Program.exe and TestProgram.pb are not the same compilation(both ascii or both unicode), it cannot read the string properly.
See the code below.

Code: Select all

Structure Kcc
  a.l
  b.s
EndStructure

Global Variable.Kcc

hProcess = RunProgram("Program.exe", "", "", #PB_Program_Hide|#PB_Program_Open|#PB_Program_Read)
ProcessID=ProgramID(hProcess)
ProcessHandle = OpenProcess_(#PROCESS_ALL_ACCESS, #False, ProcessID)

Delay(100)
Sortie$ = ""

If hProcess
  
  While ProgramRunning(hProcess)
    
    If AvailableProgramOutput(hProcess)
      Sortie$ + ReadProgramString(hProcess) + Chr(13)
    Else
      Break
    EndIf
    
    Debug "Adresse of pointer return by the EXE : " + Sortie$
    
  Wend
  
  *PointeurTablo = Val(Sortie$)
  ;get the long type value of the structure.
  ReadProcessMemory_(ProcessHandle, *PointeurTablo, @Variable\a, SizeOf(Long), @NbBit)
  
  ;get the real string address.
  ReadProcessMemory_(ProcessHandle, *PointeurTablo + SizeOf(Long), @*String, SizeOf(Integer), @NbBit)
  
  ;get the string.
  If *String
    tmp$ = ""
    ;read the characters one by one.
    For i = 0 To 1024 Step SizeOf(Character)
      ReadProcessMemory_(ProcessHandle, *String + i, @Char, SizeOf(Character), @NbBit)
      If Char  ;if not null
        tmp$ + Chr(Char)
      Else
        Variable\b = tmp$
        Break
      EndIf
    Next
  EndIf
  
  Debug "Number of bit received : " + Str(NbBit)
  Debug "Size of structure KCC :" + Str(SizeOf(Kcc))
  Debug Variable\a
  Debug Variable\b
  
  CloseHandle_(ProcessHandle)
  KillProgram(hProcess)
  CloseProgram(hProcess)
  
EndIf

- chris - · Post by **- chris -** » Sat Jan 14, 2012 10:53 am

The b.s is a pointer, but with a fixed string it works.

Code: Select all


Structure Kcc
  a.l
  b.s{20}
EndStructure

Global Variable.Kcc

Variable\a = 123456
Variable\b = "Hello, I'm KCC"

OpenConsole()

PrintN(Trim(Str(@Variable)))
FlushFileBuffers_(GetStdHandle_(#STD_OUTPUT_HANDLE))

CloseConsole()
Delay(2000)

End

Code: Select all



Structure Kcc
  a.l
  b.s{20}
EndStructure

Global Variable.Kcc

hProcess      = RunProgram("Program.exe", "", "", #PB_Program_Hide | #PB_Program_Open | #PB_Program_Read)
ProcessID     = ProgramID(hProcess)
ProcessHandle = OpenProcess_(#PROCESS_ALL_ACCESS, #False, ProcessID)

Delay(100)
Sortie$ = ""

If hProcess

  While ProgramRunning(hProcess)

    If AvailableProgramOutput(hProcess)
      Sortie$ + ReadProgramString(hProcess) + Chr(13)
    Else
      Break
    EndIf

    Debug "Adresse of pointer return by the EXE : " + Sortie$

  Wend

  *PointeurTablo = Val(Sortie$)
  ReadProcessMemory_(ProcessHandle, *PointeurTablo, @Variable.Kcc, SizeOf(Kcc), @NbBit)

  Debug "Number of bit received : " + Str(NbBit)
  Debug "Size of structure KCC :" + Str(SizeOf(Kcc))
  Debug Variable\a
  Debug Variable\b

  KillProgram(hProcess)
  CloseProgram(hProcess)

EndIf

Code: Select all


Adresse of pointer return by the EXE : 4211624

Number of bit received : 24
Size of structure KCC :24
123456
Hello, I'm KCC

Kwai chang caine · Post by **Kwai chang caine** » Sat Jan 14, 2012 8:51 pm

@CHRIS
It's strange because here that don't works

Code: Select all

Adresse of pointer return by the EXE : 4211448

Number of bit received : 24
Size of structure KCC :24
123456
¨

So thanks to have try to help me

@breeze4me
Wouuuaaahh !!! great !!!

You are my saver...that works perfectly

I was not ready to find myself

It's very precious code
Thanks a lot for your precious help

I wish at all a very very good day

PureBasic Forums - English

Read the structure of another EXE

Read the structure of another EXE

Re: Read the structure of another EXE

Re: Read the structure of another EXE

Re: Read the structure of another EXE

Re: Read the structure of another EXE

Re: Read the structure of another EXE

Re: Read the structure of another EXE

Re: Read the structure of another EXE

Re: Read the structure of another EXE