Logging WriteProcessMemory calls
-
-
I've been asked to write a program that will start another program up and then log all calls it makes to WriteProcessMemory() and any changes it makes to its variables. Is this even possible and if so where would be a good place to start looking? Thanks
Intercepting WriteProcessMemory() is possible using API hooking techniques. (There are articles about this here at Codeproject.) However, WriteProcessMemory() is usually used only to modify memory in foreign processes. If you need to monitor what the process does on its own address space you are nearly out of luck. This means that you have to write a debugger that connects to the target process, halts all threads and single steps them to monitor the changes. Really, really hard work! -- Daniel Lohmann http://www.losoft.de (Hey, this page is worth looking! You can find some free and handy NT tools there :-D )
-
Intercepting WriteProcessMemory() is possible using API hooking techniques. (There are articles about this here at Codeproject.) However, WriteProcessMemory() is usually used only to modify memory in foreign processes. If you need to monitor what the process does on its own address space you are nearly out of luck. This means that you have to write a debugger that connects to the target process, halts all threads and single steps them to monitor the changes. Really, really hard work! -- Daniel Lohmann http://www.losoft.de (Hey, this page is worth looking! You can find some free and handy NT tools there :-D )
Thanks for the reply, sounds nasty. Might have to tell the guy that its going to take a while if it'll be done at all. I wasn't expecting it to be easy to check the variables of another process but that sounds a little out of my league just now, maybe in a couple of years :) Thanks again
-
I've been asked to write a program that will start another program up and then log all calls it makes to WriteProcessMemory() and any changes it makes to its variables. Is this even possible and if so where would be a good place to start looking? Thanks
carrie wrote: I've been asked to write a program that will start another program up and then log all calls it makes to WriteProcessMemory() and any changes it makes to its variables. What value can you get out of this output, seriously curious here. Is the idea to detect memory flaws in a programs process? How do you analize this? Nick Parker
-
I've been asked to write a program that will start another program up and then log all calls it makes to WriteProcessMemory() and any changes it makes to its variables. Is this even possible and if so where would be a good place to start looking? Thanks
Maybe something like BoundsChecker would work for you. When someone asks you for the impossible maybe it's time to ask them what they really want. :) Todd Smith
-
Thanks for the reply, sounds nasty. Might have to tell the guy that its going to take a while if it'll be done at all. I wasn't expecting it to be easy to check the variables of another process but that sounds a little out of my league just now, maybe in a couple of years :) Thanks again
carrie wrote: Thanks for the reply, sounds nasty. Might have to tell the guy that its going to take a while if it'll be done at all. I wasn't expecting it to be easy to check the variables of another process I think he miss-read your question. It is nasty to do that to the program's own process, but your program is going to start another program with the CreateProcess function, right? If that's the case then it won't be as hard as because you your program can intercept all the other programs messages amd can easily log it. Look for windows hooks at msdn.microsoft.com.
-
Maybe something like BoundsChecker would work for you. When someone asks you for the impossible maybe it's time to ask them what they really want. :) Todd Smith
hehe, thanks for all the help guys, more pointers are always welcome :) My program would be starting the other process up so I'll take a good look at hooks(thanks). The main reason for doing it is because there is a group of us working on a set of programs. We're all students and bored doing the usual 2nd year programming stuff so we're writing some other games and apps and taking requests from local businesses for fun. Just now the way we work it is that we have everyone send in the executables once they're finished their programs but we're trying to get this program and the ftp site-to-site program up and running to make life easier. Because we don't send the sources around we like to be able to check that our programs are working on others machines as well so we can then pass them on. Anyway, thanks for the tips and keep them coming :) if anyone knows the solution to my CFtpConnection::Command problems feel free to help :)