From 7e8bd04389875d8569463f42923792557edc2908 Mon Sep 17 00:00:00 2001 From: Orfeas <38209077+0xfea5@users.noreply.github.com> Date: Tue, 16 Apr 2024 22:14:29 +0300 Subject: Write other process' memory --- src/vm.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) (limited to 'src/vm.c') diff --git a/src/vm.c b/src/vm.c index 82f67fd..b33a7bf 100644 --- a/src/vm.c +++ b/src/vm.c @@ -1,3 +1,4 @@ +#include #include #include #include @@ -63,15 +64,6 @@ VMMapping* parse_vmmap (int pid) } else { head = cur = new_mapping; } - - LOG("%p-%p %c%c%c%c %s\n", - cur->begin, - cur->end, - cur->r ? 'r' : '-', - cur->w ? 'w' : '-', - cur->x ? 'x' : '-', - cur->s ? 's' : 'p', - cur->name); } return head; @@ -91,7 +83,7 @@ MemscanResult* memscan(int pid, uint8_t *byte_seq, uint64_t byte_seq_len) { char fmem_path[1024] = {0}; sprintf(fmem_path, "/proc/%d/mem", pid); - FILE *fmem = fopen(fmem_path, "rb+"); + FILE *fmem = fopen(fmem_path, "rb"); VMMapping *vmmaps_head = parse_vmmap(pid); VMMapping *cur_vmmap = vmmaps_head; MemscanResult *cur = NULL, *head = NULL; @@ -101,7 +93,6 @@ MemscanResult* memscan(int pid, uint8_t *byte_seq, uint64_t byte_seq_len) cur_vmmap = cur_vmmap->next; continue; } - LOG("Scanning [%p]\n", cur_vmmap->begin); size_t region_size = cur_vmmap->end - cur_vmmap->begin; uint8_t region_data[region_size]; @@ -135,6 +126,20 @@ MemscanResult* memscan(int pid, uint8_t *byte_seq, uint64_t byte_seq_len) cur_vmmap = cur_vmmap->next; } + fclose(fmem); return head; } + +void memwrite(int pid, void *address, uint8_t *data, size_t data_len) +{ + char fmem_path[1024] = {0}; + sprintf(fmem_path, "/proc/%d/mem", pid); + FILE *fmem = fopen(fmem_path, "rb+"); + + fseek(fmem, (off_t)address, SEEK_SET); + fwrite(data, 1, data_len, fmem); + fclose(fmem); + + LOG("Data written successfully at address %p\n", address); +} -- cgit v1.2.3