5

How do programs that edit memory of other processes work, such as Cheat Engine and iHaxGamez? My understanding is that a process reading from (let alone writing to) another process' memory is immediate grounds for a segmentation fault.

Andrew Edgecombe
  • 39,594
  • 3
  • 35
  • 61
Delan Azabani
  • 79,602
  • 28
  • 170
  • 210

4 Answers4

6

Gaining access to another processes memory under linux is fairly straightforward (assuming you have sufficient user privileges).

For example the file /dev/mem will provide access to the entire memory space of cpu. Details of the mappings for an individual process can be found in /proc/<pid>/maps.

Another example has been given here.

Delan Azabani
  • 79,602
  • 28
  • 170
  • 210
Andrew Edgecombe
  • 39,594
  • 3
  • 35
  • 61
  • 1
    /dev/mem isn't going to be very useful, even when examining /proc/pid/maps or /proc/pid/pagemap to find out where to access. What you probably want is /proc/pid/mem instead, which is the process's virtual memory rather than the physical memory. – MarkR Nov 03 '10 at 09:49
2

The operation system's hardware abstraction layer usually offers functions to manipulate the memory of other processes. In Windows, the corresponding functions are ReadProcessMemory and WriteProcessMemory.

Jim Brissom
  • 31,821
  • 4
  • 39
  • 33
2

It has no reason to segfault; OS (kernel, ...) API is used to write. Segfault occurs (get signalled) from OS when a process attempts to access it's own memory in a bad way (char[] overflow).

About the games: well, if a value is stored at an address, and gets read sometimes, then it could be modified before next reading occurs.

kagali-san
  • 2,964
  • 7
  • 48
  • 87
0

You can use WinAPI WriteProcessMemory to write to memory space of other process.

Also read some PE/COFF documentation and use VirtualQueryEx and ReadProcessMemory to know what and where to write.

ruslik
  • 14,714
  • 1
  • 39
  • 40