Write other process' memory

author: Orfeas <38209077+0xfea5@users.noreply.github.com> 2024-04-16 22:14:29 +0300
committer: Orfeas <38209077+0xfea5@users.noreply.github.com> 2024-04-19 20:20:13 +0300
commit: 7e8bd04389875d8569463f42923792557edc2908 (patch)
tree: aad1922fcfdd0af286531b3b2b58aa6c3da67be8 /src/main.c
parent: Memory scanning to find byte patterns (diff)
download: linux-game-trainer-7e8bd04389875d8569463f42923792557edc2908.tar.gz
linux-game-trainer-7e8bd04389875d8569463f42923792557edc2908.zip
1 files changed, 26 insertions, 1 deletions
diff --git a/src/main.c b/src/main.c
index ee33aac..667ca4c 100644
--- a/src/main.c
+++ b/src/main.c
@@ -8,6 +8,20 @@
 #include "util.h"
 #include "vm.h"
+void hex2bytes(char *hex)
+{
+  size_t len = strlen(hex);
+  char bytes[len + 1];
+  for (size_t i = 0; i < len; ++i) {
+    char hdig[3] = { hex[i*2], hex[i*2+1], '\0' };
+    sscanf(hdig, "%hhx", &bytes[i]);
+  }
+  memcpy(hex, bytes, len);
+  hex[len] = '\0';
+}
 int main(int argc, char *argv[])
 {
  if (argc < 2) {
@@ -23,7 +37,7 @@ int main(int argc, char *argv[])
  waitpid(pid, NULL, __WALL);
  LOG("Attached to process %d\n", pid);
-  char *byte_seq = "secret text";
+  char *byte_seq = "DEADBEEF";
  size_t byte_seq_len = strlen(byte_seq);
  MemscanResult *head = memscan(pid, (uint8_t*)byte_seq, byte_seq_len);
  MemscanResult *cur = head;
@@ -39,7 +53,18 @@ int main(int argc, char *argv[])
           cur->mapping->name);
    cur = cur->next;
  }
  printf("\n\n");
+  char *buf = "CAFEBABE";
+  size_t len = strlen(buf);
+  cur = head;
+  while (cur) {
+    void *address = cur->mapping->begin + cur->offset;
+    memwrite(pid, address, (uint8_t*)buf, len);
+    cur = cur->next;
+  }
  ptrace(PTRACE_DETACH, pid, NULL, NULL);
  LOG("Detached from process %d\n", pid);
author	Orfeas <38209077+0xfea5@users.noreply.github.com>	2024-04-16 22:14:29 +0300
committer	Orfeas <38209077+0xfea5@users.noreply.github.com>	2024-04-19 20:20:13 +0300
commit	7e8bd04389875d8569463f42923792557edc2908 (patch)
tree	aad1922fcfdd0af286531b3b2b58aa6c3da67be8 /src/main.c
parent	Memory scanning to find byte patterns (diff)
download	linux-game-trainer-7e8bd04389875d8569463f42923792557edc2908.tar.gz linux-game-trainer-7e8bd04389875d8569463f42923792557edc2908.zip

diff --git a/src/main.c b/src/main.c index ee33aac..667ca4c 100644 --- a/src/main.c +++ b/src/main.c
@@ -8,6 +8,20 @@
8	#include "util.h"	8	#include "util.h"
9	#include "vm.h"	9	#include "vm.h"
10		10
		11	void hex2bytes(char *hex)
		12	{
		13	size_t len = strlen(hex);
		14	char bytes[len + 1];
		15
		16	for (size_t i = 0; i < len; ++i) {
		17	char hdig[3] = { hex[i2], hex[i2+1], '\0' };
		18	sscanf(hdig, "%hhx", &bytes[i]);
		19	}
		20
		21	memcpy(hex, bytes, len);
		22	hex[len] = '\0';
		23	}
		24
11	int main(int argc, char *argv[])	25	int main(int argc, char *argv[])
12	{	26	{
13	if (argc < 2) {	27	if (argc < 2) {
@@ -23,7 +37,7 @@ int main(int argc, char *argv[])
23	waitpid(pid, NULL, __WALL);	37	waitpid(pid, NULL, __WALL);
24	LOG("Attached to process %d\n", pid);	38	LOG("Attached to process %d\n", pid);
25		39
26	char *byte_seq = "secret text";	40	char *byte_seq = "DEADBEEF";
27	size_t byte_seq_len = strlen(byte_seq);	41	size_t byte_seq_len = strlen(byte_seq);
28	MemscanResult head = memscan(pid, (uint8_t)byte_seq, byte_seq_len);	42	MemscanResult head = memscan(pid, (uint8_t)byte_seq, byte_seq_len);
29	MemscanResult *cur = head;	43	MemscanResult *cur = head;
@@ -39,7 +53,18 @@ int main(int argc, char *argv[])
39	cur->mapping->name);	53	cur->mapping->name);
40	cur = cur->next;	54	cur = cur->next;
41	}	55	}
		56
42	printf("\n\n");	57	printf("\n\n");
		58
		59	char *buf = "CAFEBABE";
		60	size_t len = strlen(buf);
		61	cur = head;
		62	while (cur) {
		63	void *address = cur->mapping->begin + cur->offset;
		64	memwrite(pid, address, (uint8_t*)buf, len);
		65	cur = cur->next;
		66	}
		67
43	ptrace(PTRACE_DETACH, pid, NULL, NULL);	68	ptrace(PTRACE_DETACH, pid, NULL, NULL);
44	LOG("Detached from process %d\n", pid);	69	LOG("Detached from process %d\n", pid);
45		70