2018. 3. 11. 05:06ㆍ0x03 Reversing Theory
victim
#include <iostream>
#ifdef _WIN32
#include <windows.h>
#define sleep(x) Sleep(x);
#else
#include <unistd.h>
#define sleep(x) usleep(x * 1000);
#endif
using namespace std;
int main(int argc, char* argv[], char *envp[]) {
int i = 0;
while (!i) {
cout << "Modify memory to break this loop" << endl;
sleep(1000);
}
cout << "Memory Violation Success" << endl;
system("pause");
return 0;
}
attacker
// codeinjection practice
#include <iostream>
#include <conio.h>
#include <windows.h>
#define SIZE 1
//LPCWSTR *VICTIM = (LPCWSTR*)"E:\\오픈시큐어랩연구회\\ANTI_CHEAT\\[HW]CodeInjection\\Release\\[HW]CodeInjection_VICTIM.exe";
template <class T>
// modulation value
class attacker
{
int value;
public:
int control(T val);
};
template <class T>
int attacker<T>::control(T value)
{
value += 1;
return value;
}
int main(int argc, char *argv[])
{
int newData = 0xDEAC;
attacker<INT>modulation;
newData = modulation.control(newData);
HWND f_VICTIM; // find victim
LPVOID TARGET_ADDR = (LPVOID)0x19FF34;
LPVOID lpBuffer[SIZE];
// 매개변수 2개 아닐 때는 열려있는지 찾고
if (argc != 2)
{
std::cout << "Finding....victim.." << std::endl;
f_VICTIM = FindWindow(0, TEXT("E:\\오픈시큐어랩연구회\\ANTI_CHEAT\\[HW]CodeInjection\\Release\\[HW]CodeInjection_VICTIM.exe"));
if (!f_VICTIM) {
std::cerr << "Not Found" << std::endl;
return -1;
}
std::cout << "Find " << std::endl;
Sleep(1000);
system("cls");
DWORD pid;
// must be use codeinjection
// HWND 값 이용하여 pid 알려줌
GetWindowThreadProcessId(f_VICTIM, &pid);
// victim이 프로세스로 구동중인지 확인
// PROCESS_ALL_ACCESS = READ + WRITE
HANDLE pVictim = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
if (!pVictim) {
std::cerr << "Process Error" << std::endl;
return -1;
}
else
{
// 조작해야하는 주소 : 0x0019FF34 (STACK)
int result = WriteProcessMemory(pVictim, TARGET_ADDR, &newData, (DWORD)sizeof(newData), NULL);
ReadProcessMemory(pVictim, (LPVOID)TARGET_ADDR, (LPVOID)lpBuffer, (SIZE_T)SIZE, NULL);
if (result>0)
{
std::clog << "Result : Success " << std::endl;
std::cout << "address :" << TARGET_ADDR << std::endl;
std::cout << "modulation : " << *lpBuffer << std::endl;
system("pause");
}
else {
std::cerr << "Result : Fail" << std::endl;
return -1;
}
CloseHandle(pVictim);
}
return 0;
}
// 매개변수에 타깃명을 적게 되면 ShellExecuteExA를 이용하자.
// 아직 미 진행
return 0;
}
result :
'0x03 Reversing Theory' 카테고리의 다른 글
| Hookcing API Practice..[1]NtOpenProcess (0) | 2018.03.11 |
|---|---|
| my first memory modulation (0) | 2018.03.11 |
| Windows API Hooking _ ReadProcessMemory (0) | 2018.03.11 |
| ptrace Anti_Debugging (0) | 2018.03.10 |
| WinDBG 사용법에 대해 공부 (0) | 2018.02.24 |