Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Reading and writing Memory on Windows is not working #182

Open
Hypnootika opened this issue Jan 11, 2024 · 10 comments
Open

Bug: Reading and writing Memory on Windows is not working #182

Hypnootika opened this issue Jan 11, 2024 · 10 comments

Comments

@Hypnootika
Copy link
Contributor

Consider below snippet:

from libmem import *

print(LM_GetProcess())
print(LM_FindModule(LM_GetProcess().name))
print(hex(LM_FindModule(LM_GetProcess().name).base))
print(LM_ReadMemoryEx(LM_GetProcess(), LM_FindModule(LM_GetProcess().name).base, 8))

and the result:

  1. lm_process_t(pid = 2144, ppid = 10420, bits = 64, start_time = 18446743597197879188, path = "C:\Programs\Python311\python.exe", name = "python.exe")

  2. lm_module_t(base = 0x00007FF60E240000, end = 0x00007FF60E25A000, size = 0x000000000001A000, path = "C:\Programs\Python311\python.exe", name = "python.exe")

  3. 0x7ff60e240000

  4. None
@Hypnootika Hypnootika changed the title Bug: Reading Memory on Windows is not working Bug: Reading and writing Memory on Windows is not working Jan 11, 2024
@Hypnootika
Copy link
Contributor Author

Writing:

from libmem import *

for p in LM_EnumProcesses():
    if p.name == "notepad.exe":
        print(LM_FindModuleEx(p, p.name))
        print(LM_ReadMemoryEx(p, LM_FindModuleEx(p, p.name).base, 8))
        print(LM_WriteMemoryEx(p, LM_FindModuleEx(p, p.name).base, bytearray(b"Hello!")))

  1. lm_module_t(base = 0x00007FF75D090000, end = 0x00007FF75D0C8000, size = 0x0000000000038000, path = "C:\Windows\system32\notepad.exe", name = "notepad.exe")

  2. None

  3. False

@rdbo
Copy link
Owner

rdbo commented Jan 11, 2024

You need admin access to write memory to other processes
And you're supposed to use LM_ReadMemory and LM_WriteMemory to write in the current process, instead of LM_ReadMemoryEx and LM_WriteMemoryEx

@Hypnootika
Copy link
Contributor Author

I just tested that, still not working, continued tests and Alloc doesnt work either

@Hypnootika
Copy link
Contributor Author

Hypnootika commented Jan 11, 2024
edited
Loading

You need admin access to write memory to other processes
And you're supposed to use LM_ReadMemory and LM_WriteMemory to write in the current process, instead of LM_ReadMemoryEx and LM_WriteMemoryEx

Ok, let me check

@Hypnootika
Copy link
Contributor Author

I made triple sure that im using an elevated executor.
image

i also used "LM_ReadMemory"

@Hypnootika
Copy link
Contributor Author

Hypnootika commented Jan 11, 2024
edited
Loading

Ok, so i cleaned up the code to avoid mistakes and its behaving the same now as with the problem we had with the base address.

from libmem import *

print(LM_GetProcess())
print(LM_FindModule(LM_GetProcess().name))
print(LM_ReadMemory(LM_FindModule(LM_GetProcess().name).base, 4))

This will crash with Process finished with exit code -1073741819 (0xC0000005)

In Powershell it will freeze the shell

@Hypnootika
Copy link
Contributor Author

Ive added error output to the C Code:

py_LM_ReadMemory(PyObject *self, PyObject *args)
{
    lm_address_t src;
    lm_size_t size;
    lm_byte_t *dst;
    PyObject *pybuf;

    if (!PyArg_ParseTuple(args, "kk", &src, &size))
        return NULL;

    dst = LM_MALLOC(size);
    if (!dst) {
        PyErr_NoMemory();
        return NULL;
    }

    if (LM_ReadMemory(src, dst, size) != size) {
        LM_FREE(dst);
        PyErr_SetString(PyExc_RuntimeError, "Failed to read memory");
        return NULL;
    }

    pybuf = PyByteArray_FromStringAndSize((const char *)dst, size);
    LM_FREE(dst);

    return pybuf;
}

and the result:

Traceback (most recent call last):
File "D:\Dev\libmemutil\libmemutil\read.py", line 5, in
print(LM_ReadMemory(LM_FindModule(LM_GetProcess().name).base, 4))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Programs\Python311\Lib\site-packages\libmem_init_.py", line 575, in LM_ReadMemory
return _libmem.LM_ReadMemory(src, size)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
MemoryError

@Hypnootika
Copy link
Contributor Author

@rdbo , i found the issue.

@Hypnootika
Copy link
Contributor Author

Hypnootika commented Jan 11, 2024
edited
Loading

Ok, turns out that "k" isnt getting evaluated correctly on Windows 64bit. I think you found that out already.

Changing the Code to :

py_LM_ReadMemory(PyObject *self, PyObject *args)
{
    lm_address_t src;
    lm_size_t size;
    lm_byte_t *dst;
    PyObject *pybuf;

    if (!PyArg_ParseTuple(args, "KK", &src, &size))
        return NULL;

    dst = LM_MALLOC(size);
    if (!dst) {
        PyErr_NoMemory();
        return NULL;
    }

    if (LM_ReadMemory(src, dst, size) != size) {
        LM_FREE(dst);
        PyErr_SetString(PyExc_RuntimeError, "Failed to read memory");
        return NULL;
    }

    pybuf = PyByteArray_FromStringAndSize((const char *)dst, size);
    LM_FREE(dst);

    return pybuf;
}

Worked and is giving me correct output.

Unfortunately i have no clue if that impacts other OSes. I will prepare a PR and you can decide if we can implement it like that.

@Hypnootika
Copy link
Contributor Author

#184

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Hypnootika @rdbo