Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

DLL Talk / PEEK function in the matrix1 dll pack

Author
Message
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 6th Nov 2008 21:45
Link
I have tried everything but can't seem to get it to return a value

example: myval=PEEK DWORD (400000) also tryed this in DEC format

i've also tried word, INT, STRING ETC..

does this function only apply to the current DBP exe with a mem block created with the create memblock?

my goal is to write a firewall prog and another one that runs in the background monitering the memory like spybots SD resident does

if someone could help it would be great I have also tried using the user32.dll and kernl.dll to read memory but could not get that to work eather

Back to top
Profile PM Website
IanM
Retired Moderator
22
Years of Service
User Offline
Joined: 11th Sep 2002
Location: In my moon base
Posted: 6th Nov 2008 22:14
Link
The peek functions will look at any memory available to the current process. They'll probably cause an immediate crash if you peek memory that it doesn't own.

You do understand that memory from other processes needs to be mapped into the current process by the OS, but I'm pretty sure that the call you have to ReadProcessMemory is not correct - According to MSDN, it returns a BOOL indicator of success/failure, not a memory address.

[b]Utility plug-ins collection (updated 27/09/08) and
http://www.matrix1.demon.co.uk
Back to top
Profile PM Email Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 6th Nov 2008 22:44
Link
Ok I figured it would have to be mapped to current process is there anyway to map app1(firewall prog) to app2(moniter prog) maybe you could explain it better to me I have searched on MSDN but its a little confusing

http://msdn.microsoft.com/en-us/library/ms680553.aspx

I tried this also
http://msdn.microsoft.com/en-us/library/ms681956(VS.85).aspx

and thnks for the fast reply
Back to top
Profile PM Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 6th Nov 2008 22:52
Link
I just found this on MSDN do I need to call this after the openprocess? DebugActiveProcess
Back to top
Profile PM Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 6th Nov 2008 22:59
Link
http://msdn.microsoft.com/en-us/library/ms679295(VS.85).aspx

here is the link don't know why it didn't post above
Back to top
Profile PM Website
IanM
Retired Moderator
22
Years of Service
User Offline
Joined: 11th Sep 2002
Location: In my moon base
Posted: 7th Nov 2008 00:05
Link
Sorry, but I've never done what you are attempting to do - I've got quite a full list myself ATM, so you're pretty much on your own.

[b]Utility plug-ins collection (updated 27/09/08) and
http://www.matrix1.demon.co.uk
Back to top
Profile PM Email Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 7th Nov 2008 00:16
Link
well I wasn't asking you to write the code for me just point me in the right direction for a good tutorial or a quick explanation

and yes I googled it already but coudn't find anything that was usefull just bit and pices and everyone was diferent
Back to top
Profile PM Website
Diggsey
19
Years of Service
User Offline
Joined: 24th Apr 2006
Location: On this web page.
Posted: 7th Nov 2008 20:12
Link
You need to use ReadProcessMemory to read memory from another process

[b]Yuor signutare was aresed by a deslyxic mud...
BOX2D V2 HAS HELP FILES! AND A WIKI!
Back to top
Profile PM Email Website
IanM
Retired Moderator
22
Years of Service
User Offline
Joined: 11th Sep 2002
Location: In my moon base
Posted: 7th Nov 2008 23:41
Link
Yup, he has that - it looks like he's passing the wrong arguments to it and using the return code for the wrong thing too.

[b]Utility plug-ins collection (updated 27/09/08) and
http://www.matrix1.demon.co.uk
Back to top
Profile PM Email Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 8th Nov 2008 02:05
Link
what do you mean I am passing the wrong argument?
Back to top
Profile PM Website
IanM
Retired Moderator
22
Years of Service
User Offline
Joined: 11th Sep 2002
Location: In my moon base
Posted: 8th Nov 2008 10:54
Link
The MSDN function signature:
BOOL WINAPI ReadProcessMemory(
__in HANDLE hProcess,
__in LPCVOID lpBaseAddress,
__out LPVOID lpBuffer,
__in SIZE_T nSize,
__out SIZE_T *lpNumberOfBytesRead
);

Your usage:
memloc=CALL DLL(2, "ReadProcessMemory",LINK_APP1,400000,0,4,0)

- You specify an lpBuffer of 0, which is where you are asking the function to copy the other processes data into.
- You are assuming that the function returns an address, when it actually returns a flag of 'this call worked' or 'this call failed'.
- You've also made no attempt to check that the memory address you are reading from (lpBaseAddress = 400000) is valid in the other process.

[b]Utility plug-ins collection (updated 27/09/08) and
http://www.matrix1.demon.co.uk
Back to top
Profile PM Email Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 8th Nov 2008 13:08
Link
I know it looks wrong but when I make the buffer 0 the memloc returns 1 indacating it succeeds. I am going to be honest this is my first attempt at using the CALL DLL function in darkbasic pro but I do know I have the correct ammout of pram for the dll function.

so your saying I need to

returnval as integer : rem or dword, bool or float

memloc=CALL DLL(2, "ReadProcessMemory",LINK_APP1,400000,returnval,4,0)

ohh another question my exe has to have the debug privlage inorder to read from another process right? but I thought dbp by default has it enabled apon compile

as for checking mem I was going to use this

VirtualQueryEx(
__in HANDLE hProcess,
__in_opt LPCVOID lpAddress,
__out PMEMORY_BASIC_INFORMATION lpBuffer,
__in SIZE_T dwLength
);

I have done this in C before just not DBP
Back to top
Profile PM Website
IanM
Retired Moderator
22
Years of Service
User Offline
Joined: 11th Sep 2002
Location: In my moon base
Posted: 8th Nov 2008 13:24
Link
You've still not got it right - that parameter needs the address of some place to copy the data to. Make a memblock of the size you require, and then pass the address of that memblock to the function.

[b]Utility plug-ins collection (updated 27/09/08) and
http://www.matrix1.demon.co.uk
Back to top
Profile PM Email Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 8th Nov 2008 13:25
Link
so your saying CALL DLL works like this then

memloc = 0 or 1

indacating failed or succeed unless it only has one var then memloc would = the return val of of the Call

__in = input va1 from myapp

_out = return var from the dll call (IE memory address)
Back to top
Profile PM Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 8th Nov 2008 13:27
Link
I ment mem block not mem address
Back to top
Profile PM Website
IanM
Retired Moderator
22
Years of Service
User Offline
Joined: 11th Sep 2002
Location: In my moon base
Posted: 8th Nov 2008 13:36
Link


[b]Utility plug-ins collection (updated 27/09/08) and
http://www.matrix1.demon.co.uk
Back to top
Profile PM Email Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 8th Nov 2008 21:11
Link
well it dosen't return 0 when I look for addresses it just don't return values and I've tried everything I could think of I don't think its possable in dbp how ever I may just download dark GDK
and use VS
Back to top
Profile PM Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 13th Nov 2008 02:27
Link
ok I figuredout DLL CALLS however no matter what I do I allways get error 1314 "A required privilege is not held by the client." when I try and open a token






any ideas I used this same idea in VS and it worked made my app debug enabled.

the AdjustTokenPrivileges needs to look like this I know but until I can't get it past the open token


(3, "AdjustTokenPrivileges",Token,0,"SE_PRIVILEGE_ENABLED
",null,null,null)
Back to top
Profile PM Website
IanM
Retired Moderator
22
Years of Service
User Offline
Joined: 11th Sep 2002
Location: In my moon base
Posted: 13th Nov 2008 18:46
Link
You've given it a string: "TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY"

Instead, look up the values of those tokens in the header find, OR them together, and use that value instead.

"SE_PRIVILEGE_ENABLED" in your last line of posting is wrong in exactly the same way.

[b]Utility plug-ins collection (updated 27/09/08) and
http://www.matrix1.demon.co.uk
Back to top
Profile PM Email Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 13th Nov 2008 22:44
Link
well if I remember right SeDebugPrivilege = 20 gonna give that a try was messing with C++ thinking about porting over my code to use dark GDK
Back to top
Profile PM Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 13th Nov 2008 22:56
Link
lol that didn't work it just crashes now for some odd reason its needs to be in this format "TOKEN_ADJUST_PRIVILEGES"
Back to top
Profile PM Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 13th Nov 2008 23:05
Link
just so you know if you use number or even 0x10 it will return Error: 87 The parameter is incorrect.
Back to top
Profile PM Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 15th Nov 2008 15:36
Link
alright I need to make an array that looks like the code below I have searched online and even dusted off my DBP Game Programming SE book and I can't seem to replacate the array below I need the [0] I've tried making 2 type /endtype arrays but no luck



here is a link from the MSDN I am going off of
http://msdn.microsoft.com/en-us/library/aa446619(VS.85).aspx
Back to top
Profile PM Website
IanM
Retired Moderator
22
Years of Service
User Offline
Joined: 11th Sep 2002
Location: In my moon base
Posted: 15th Nov 2008 16:27
Link
When it comes to snooping into other process's memory or escalating your programs privileges, I know nothing, so I can't help.

My advice to you: If you know C, like you say you do, write it in C and make it into a plug-in.

[b]Utility plug-ins collection (updated 27/09/08) and
http://www.matrix1.demon.co.uk
Back to top
Profile PM Email Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 15th Nov 2008 18:10
Link
I know I was trying to avoid that I don't want any external dlls and I really hate programming in C++ thats why I perfer DBP it's way better to follow your code when debugging well anyways thx I will keep trying and if all else fails I will slap togher a dll and post it maybe
Back to top
Profile PM Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 16th Nov 2008 20:44 Edited at: 18th Nov 2008 06:45
Link
alright sense I am a nice guy I will post the C++ scource so ppl can make the dll say like if you want to enable another privlage or something i'll even post the dll for you lazy ppl




by the way there is no error code ( IE get last error ) it eather works or it don't

to call this function in dark basic dowload the dll or compile it using C++ 2008 express eddition NOTE: you MUST compile it as a DLL not an EXE
call should be ?EnableDebug@@YAXXZ



once you fire up C++ and create a dll project look for the play button looking icon click the dropdown to the right of it and selece release and build it

NOTE: if you try and build this dll with the debug on it will fail

usefull tool to see if your proggram is in fact debug enabled
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

if anyopne is intersted here is the link for the other Privilege Constants use the text versions
http://msdn.microsoft.com/en-us/library/bb530716(VS.85).aspx

just replace "SeDebugPrivilege"
with "NewPrivlageName"

just uploaded the new dll should work now

Attachments

Login to view attachments
Back to top
Profile PM Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 16th Nov 2008 20:48
Link
to use that prog that I put a link up just right click on MYAPP.exe > properites > Security tab
Back to top
Profile PM Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 16th Nov 2008 20:55
Link
Ohh btw IanM your Matrix1Util_20 LOAD DLL dose not work no matter what I do it will not load/return a dll handle

DLL LOAD COUNT ( Dll Handle )

= 0

everytime

and yes I tried it with and without enabling debug
Back to top
Profile PM Website
IanM
Retired Moderator
22
Years of Service
User Offline
Joined: 11th Sep 2002
Location: In my moon base
Posted: 16th Nov 2008 22:04
Link
Works for me:


What are you doing differently?

[b]Utility plug-ins collection (updated 27/09/08) and
http://www.matrix1.demon.co.uk
Back to top
Profile PM Email Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 16th Nov 2008 22:30
Link
I don't know lol I have same code :/

well... I think my OS is narfed cause I created that exe and stuck it on my test box and its keeps saying MSVCR71.dll missing blah ..blah... then it says matrix_24.dll not found then it crashes lol but it works fine on my dev box and vista beleave it or not gonna figure this out now
Back to top
Profile PM Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 17th Nov 2008 03:59
Link
well my OS is ok my exe crashes when I call the dll function on a system other then my dev box is trere something I need to do when exporting from C++ ?
Back to top
Profile PM Website
IanM
Retired Moderator
22
Years of Service
User Offline
Joined: 11th Sep 2002
Location: In my moon base
Posted: 17th Nov 2008 04:45 Edited at: 17th Nov 2008 04:45
Link
It sounds like you haven't got the 7.1 C++ runtime installed on your system.

Go to the utils thread and download them from there - it's the link labelled 'VC++ redistributables'. Make your choice of where to install them - details here: http://support.microsoft.com/kb/326922 - basically either your system32 folder, or the application folder.

[b]Utility plug-ins collection (updated 27/09/08) and
http://www.matrix1.demon.co.uk
Back to top
Profile PM Email Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 17th Nov 2008 06:13 Edited at: 17th Nov 2008 06:21
Link
that didn't work I even installed the .net redistributables I think my compiller is messed up I had Delphi before I installed the VS stuff and then I uninstalled Delphi then I got the weird problems.
I also noticed MS did a security update for windows that may have something to do with it(who knows). going to uninstall everything then reinstall because if I compile my exe on my vista setup witch never had Delphi I don't get the MSVCR71.dll error my exe just won't load my dll it loads user32 just fine though I even set the working dir to the current exe path.

sometimes I hate codeing cause you spend 60% of the time debugging lol

and thank you for your help btw I know your busy
Back to top
Profile PM Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 17th Nov 2008 22:41 Edited at: 17th Nov 2008 22:50
Link
OMFG! I HATE WINDOWS... ok its all out now lol

can someone tell me why this code fails to load the second dll?



its crazy cause it loads on my Dev box witch I did a complete reload on IE reinstaled the OS Visual Studio DBP Etc.. witch fixed the crazy MSVCR71.dll error witch indacated a compiler problem :/ now it won't load the second dll even if I just have DBP installed and compile the exe

btw the second dll is in the same folder as the exe

it won't load on my other test box nor the 3 other comps I tested it on :/

why did the insert code thing take out the slashies?
"\system32\User32.dll"
"\EnableDebug.dll"
Back to top
Profile PM Website
EDGECOM
18
Years of Service
User Offline
Joined: 7th Sep 2006
Location: US
Posted: 18th Nov 2008 07:01
Link
well I finaly figured this out o.0

I had older version of C++ pre SP1 I uninstalled it and downloaded the VS 2008 SP1 dvd.iso from MS.

Note to self C++ don't play well with others
Back to top
Profile PM Website
Back to top

Login to post a reply

Server time is: 2025-05-08 07:57:47
Your offset time is: 2025-05-08 07:57:47