0

The first one doesnt work but the second one working good but why?

WriteInt32((IntPtr)0x4EE444, 0); WriteInt32((IntPtr)0x510CE0, 0);

it doesn t give any error message it just doesn t change it

Eren Özkan
  • 59
  • 1
  • 4
  • Who knows. It all depends what memory pages are mapped for those addresses and how the patched program actually operates exactly with regard to the memory content at those addresses. To know why, you will need to have intimate knowledge of the internal workings of the program (and perhaps of the operating system as well) you are trying to patch there. Though luck... –  Jun 21 '19 at 15:34

1 Answers1

0

The 0x4EE444 address probably doesn't have the correct memory protection constant required to write. That is generally the case when you're dealing with executable memory. In which case you must use VirtualProtectEx to gain the correct memory permissions. Typically PAGE_EXECUTE_READWRITE is the best choice because you need write access, but you also want it to retain executable permissions, because if you strip the executable permission of the memory page, it will cause error, should the instruction pointer point to that area of memory and not have executable permissions.

Before overwriting any assembly instructions, you will want to do this. It can also be good practice to restore the original page protections after you have modified it to be more stealthy.

For your problem concerning "no error messages", the return value of most Windows API functions including WriteProcessMemory and VirtualProtect will indicate the success or failure of the function, should that not be the case, you can always call GetLastError() afterwords and check the error code.

GuidedHacking
  • 3,628
  • 1
  • 9
  • 59