Page 1 of 1
Read the structure of another EXE
Posted: Fri Jan 13, 2012 11:08 am
by Kwai chang caine
Hello at all
I believe it's impossible, but i prefer put when even this question for be sure i have good understand the behaviour of memory
Each EXE have his personal space memory, so an EXE can't read a structure of another application..it's that ???
So it's normal this code don't works
Program.exe
Code: Select all
Structure Kcc
a.l
b.s
EndStructure
Global Variable.Kcc
Variable\a = 123456
Variable\b = "Hello, I'm KCC"
OpenConsole()
PrintN(Trim(Str(@Variable)))
FlushFileBuffers_(GetStdHandle_(#STD_OUTPUT_HANDLE))
MessageRequester("", Trim(Str(@Variable)))
CloseConsole()
End
Code: Select all
Structure Kcc
a.l
b.s
EndStructure
Global Variable.Kcc
Compilateur = RunProgram("Program.exe", "", "", #PB_Program_Hide|#PB_Program_Open|#PB_Program_Read)
Delay(100)
Sortie$ = ""
If Compilateur
While ProgramRunning(Compilateur)
If AvailableProgramOutput(Compilateur)
Sortie$ + ReadProgramString(Compilateur) + Chr(13)
Else
Break
EndIf
Debug Sortie$
Wend
*PointeurTablo = Val(Sortie$)
If *PointeurTablo
CopyMemory(*PointeurTablo, @Variable, SizeOf(Kcc))
EndIf
Debug Variable\a
Debug Variable\b
KillProgram(Compilateur)
CloseProgram(Compilateur)
EndIf
Thanks and good day
Re: Read the structure of another EXE
Posted: Fri Jan 13, 2012 11:25 am
by Didelphodon
It's possible! Reading and writing to another process is definitely possible. But not the way you tried it, though.
You need to use the special API functions ReadProcessMemory and WriteProcessMemory (in case you want to write).
Here are some links to the MSDN with detailed descriptions ...
http://msdn.microsoft.com/en-us/library ... p/ms680553
http://msdn.microsoft.com/en-us/library ... p/ms681674
Before you can use these functions you need to open the regarding process, though:
http://msdn.microsoft.com/en-us/library ... p/ms684320
Cheers,
Didel.
Re: Read the structure of another EXE
Posted: Fri Jan 13, 2012 12:31 pm
by Kwai chang caine
Thanks i look at this links
Have a good day
Re: Read the structure of another EXE
Posted: Fri Jan 13, 2012 1:01 pm
by Kwai chang caine
Thanks to DIDELPHODON i move
I receive the Long of the structure, but not the string
Adresse of pointer return by the EXE : 4211448
Number of bit received : 8
Size of structure KCC :8
123456
#Щb؃ÜñЈbØ„ÜgÂ"bØ…ÜüÑ…b؆ÜYÌ7b؇ÜðÇab؈ÜøÄFb؉ܿÎFbØŠÜÃÈbØ‹ÜWÅ”b،܋ÇbØÜíÌybØŽÜ×È.bØÜBÑ:bØÜgÀmbØ‘ÜäÅ7bØ’ÜüÏ"bØ“Ü£Æ.bØ”ÜsÄbØ•ÜóÁbØ–ÜÆ+bØ—ÜçÄ:bؘÜóΑbؙܪÊgbؚܒÂCbØ›ÜñÐb؜ܵËîbØÜÏjbØžÜÊÅ:bØŸÜèÐbØ ÜÃÈbØ¡Ü×È+bØ¢Ü4É1bØ£Ü@Å+bؤÜ_ÅbØ¥ÜÏÈâbئܑÌbاÜñÐ bبÜRÂbØ©Ü¢ÌmbتܔÁ7bØ«ÜßÁÓbجܼÑybØÜcÍFbØ®ÜLшbدܴÉCbØ°ÜLÑ‹bرÜ)ÃybزÜmÍîbس܈˩bØ´Ü¿Ï
bصÜÊÅ[bضܒÊbØ·Ü€Ç÷bظܦÆñbعÜBÑLbغÜ}Ï”bØ»ÜCÅ^bؼÜYÁÍbؽÜqÍ+bؾÜÌÄbØ¿Ü·ÂîbØÀܶÇCbØÁÜ Ñ¯bØÂÜvÄvbØÃÜSÇÁbØÄÜbÅ[bØÅÜÂ"bØÆÜLÐ÷bØÇÜäňbØÈÜÇÜbØÉÜäÅ…bØÊÜàÁbØËÜp¬bØÌÜ»ÍîbØÍܺÌ4bØÎÜÃÏ‹bØÏܲÍbØÐÜÆbØÑÜÆýbØÒÜbÆÜbØÓÜôÎ=bØÔܪÁ=bØÕÜ¿ÍybØÖÜÜÇdbØ×ÜWÅúbØØÜÃȈbØÙÜwÊgbØÚÜ Ñ¸bØÛÜ‚Á¸bØÜÜñЦbØÝÜ2Ä”bØÞÜÐýbØßܵÑbØàÜÐIbØáÜnÍIbØâÜ„ÍvbØãÜ’Â^bØäÜÁÁLbØåÜÅXbØæÜ‚ÏbØçÜÊÅâbØèÜ>ÇRbØéÜ•ÂvbØêÜqÍ.bØëÜHѦbØìÜÐ@bØíÜRÂ@bØîÜñЩbØïÜ×ȈbØð܌ǸbØñÜøÈÄbØòÜyÁ"bØóÜ8£bØôÜÉ(bØõÜvÂ(bØöÜ8©bØ÷ÜÇbØøÜ;Ç‹bØùÜ·ÐCbØúÜcÍvbØûÜ¿Ï4bØüÜRÂFbØýÜMÆbØþÜÐÈ…bØÿÜÐÈ‚bØ
Program.exe
Code: Select all
Structure Kcc
a.l
b.s
EndStructure
Global Variable.Kcc
Variable\a = 123456
Variable\b = "Hello, I'm KCC"
OpenConsole()
PrintN(Trim(Str(@Variable)))
FlushFileBuffers_(GetStdHandle_(#STD_OUTPUT_HANDLE))
CloseConsole()
Delay(2000)
End
Code: Select all
Structure Kcc
a.l
b.s
EndStructure
Global Variable.Kcc
hProcess = RunProgram("Program.exe", "", "", #PB_Program_Hide|#PB_Program_Open|#PB_Program_Read)
ProcessID=ProgramID(hProcess)
ProcessHandle = OpenProcess_(#PROCESS_ALL_ACCESS, #False, ProcessID)
Delay(100)
Sortie$ = ""
If hProcess
While ProgramRunning(hProcess)
If AvailableProgramOutput(hProcess)
Sortie$ + ReadProgramString(hProcess) + Chr(13)
Else
Break
EndIf
Debug "Adresse of pointer return by the EXE : " + Sortie$
Wend
*PointeurTablo = Val(Sortie$)
ReadProcessMemory_(ProcessHandle, *PointeurTablo, @Variable.Kcc, SizeOf(Kcc), @NbBit)
Debug "Number of bit received : " + Str(NbBit)
Debug "Size of structure KCC :" + Str(SizeOf(Kcc))
Debug Variable\a
Debug Variable\b
KillProgram(hProcess)
CloseProgram(hProcess)
EndIf
Re: Read the structure of another EXE
Posted: Fri Jan 13, 2012 2:13 pm
by ultralazor
Outside of of MSIL, MSVRT, MSVCRT PEs it's as simple as some structs and endian sorting. Also resource and reloc structures have to be handled.
PE, even fully documented, is extremely time consuming to work with, this is why software protections are a easy market once you have a stable product. You can do updates every few months and still keep clients..
Just use the existing structs and build from there, the relocation and resource sections are also documented.
EDIT: Also at runtime you have to handle stack frames and heap allocations which are surprisingly simple thanks to API..
Re: Read the structure of another EXE
Posted: Fri Jan 13, 2012 2:27 pm
by Kwai chang caine
Also at runtime you have to handle stack frames and heap allocations which are surprisingly simple thanks to API..
Since i programming in PB, there are several years, i have lost the word "Simple" in my vocabulary
Apparently, the alone thing i have understand is, i'm not at the end of my problem
Thanks when even to your answer
Re: Read the structure of another EXE
Posted: Sat Jan 14, 2012 10:20 am
by breeze4me
If a structure includes a string field, then reading the string is somewhat complicated.
And if both Program.exe and TestProgram.pb are not the same compilation(both ascii or both unicode), it cannot read the string properly.
See the code below.
Code: Select all
Structure Kcc
a.l
b.s
EndStructure
Global Variable.Kcc
hProcess = RunProgram("Program.exe", "", "", #PB_Program_Hide|#PB_Program_Open|#PB_Program_Read)
ProcessID=ProgramID(hProcess)
ProcessHandle = OpenProcess_(#PROCESS_ALL_ACCESS, #False, ProcessID)
Delay(100)
Sortie$ = ""
If hProcess
While ProgramRunning(hProcess)
If AvailableProgramOutput(hProcess)
Sortie$ + ReadProgramString(hProcess) + Chr(13)
Else
Break
EndIf
Debug "Adresse of pointer return by the EXE : " + Sortie$
Wend
*PointeurTablo = Val(Sortie$)
;get the long type value of the structure.
ReadProcessMemory_(ProcessHandle, *PointeurTablo, @Variable\a, SizeOf(Long), @NbBit)
;get the real string address.
ReadProcessMemory_(ProcessHandle, *PointeurTablo + SizeOf(Long), @*String, SizeOf(Integer), @NbBit)
;get the string.
If *String
tmp$ = ""
;read the characters one by one.
For i = 0 To 1024 Step SizeOf(Character)
ReadProcessMemory_(ProcessHandle, *String + i, @Char, SizeOf(Character), @NbBit)
If Char ;if not null
tmp$ + Chr(Char)
Else
Variable\b = tmp$
Break
EndIf
Next
EndIf
Debug "Number of bit received : " + Str(NbBit)
Debug "Size of structure KCC :" + Str(SizeOf(Kcc))
Debug Variable\a
Debug Variable\b
CloseHandle_(ProcessHandle)
KillProgram(hProcess)
CloseProgram(hProcess)
EndIf
Re: Read the structure of another EXE
Posted: Sat Jan 14, 2012 10:53 am
by - chris -
The b.s is a pointer, but with a fixed string it works.
Code: Select all
Structure Kcc
a.l
b.s{20}
EndStructure
Global Variable.Kcc
Variable\a = 123456
Variable\b = "Hello, I'm KCC"
OpenConsole()
PrintN(Trim(Str(@Variable)))
FlushFileBuffers_(GetStdHandle_(#STD_OUTPUT_HANDLE))
CloseConsole()
Delay(2000)
End
Code: Select all
Structure Kcc
a.l
b.s{20}
EndStructure
Global Variable.Kcc
hProcess = RunProgram("Program.exe", "", "", #PB_Program_Hide | #PB_Program_Open | #PB_Program_Read)
ProcessID = ProgramID(hProcess)
ProcessHandle = OpenProcess_(#PROCESS_ALL_ACCESS, #False, ProcessID)
Delay(100)
Sortie$ = ""
If hProcess
While ProgramRunning(hProcess)
If AvailableProgramOutput(hProcess)
Sortie$ + ReadProgramString(hProcess) + Chr(13)
Else
Break
EndIf
Debug "Adresse of pointer return by the EXE : " + Sortie$
Wend
*PointeurTablo = Val(Sortie$)
ReadProcessMemory_(ProcessHandle, *PointeurTablo, @Variable.Kcc, SizeOf(Kcc), @NbBit)
Debug "Number of bit received : " + Str(NbBit)
Debug "Size of structure KCC :" + Str(SizeOf(Kcc))
Debug Variable\a
Debug Variable\b
KillProgram(hProcess)
CloseProgram(hProcess)
EndIf
Code: Select all
Adresse of pointer return by the EXE : 4211624
Number of bit received : 24
Size of structure KCC :24
123456
Hello, I'm KCC
Re: Read the structure of another EXE
Posted: Sat Jan 14, 2012 8:51 pm
by Kwai chang caine
@CHRIS
It's strange because here that don't works
Code: Select all
Adresse of pointer return by the EXE : 4211448
Number of bit received : 24
Size of structure KCC :24
123456
¨
So thanks to have try to help me
@breeze4me
Wouuuaaahh !!! great !!!
You are my saver...that works perfectly
I was not ready to find myself
It's very precious code
Thanks a lot for your precious help
I wish at all a very very good day