์๋
ํ์ธ์ ์๋ฐ ์ ๋ฌธ๊ฐ์
๋๋ค! ์ผ๋ฐ์ ์ผ๋ก ๋๋ ๋ค์๊ณผ ๊ฐ์ ์ง๋ฌธ์ ์ค์ค๋ก์๊ฒ ๋์ก์ต๋๋ค: Java Memory Manipulation ๋ผ์ด๋ธ๋ฌ๋ฆฌ ๋๋ถ์ ๋ด๊ฐ ์์ฑํ ํ๋ก์ธ์ค ์ ํ๋ฆฌ์ผ์ด์
์ ์ฝ๊ณ ์ธ ์ ์์ต๋๊น ?์ด ์ง๋ฌธ์ ํ ๊ฒ์ ์ด๋ฒ์ด ์ฒ์์ ์๋์ง๋ง ์ด์ ๋ํ ์ ๋ณด๊ฐ ๊ฑฐ์ ์์ต๋๋ค. ์ด ๋ฌธ์ ๋ ์ธํฐ๋ท์์ ๋ฐ์ํฉ๋๋ค. ๋ชจ๋ ์ฌ๋์ด Java์์๋ ์ด๊ฒ์ด ๋ถ๊ฐ๋ฅํ๋ค๊ณ ์ฐ๊ธฐ ๋๋ฌธ์
๋๋ค. ๋น๋ก ์ด๊ฒ์ด ์ค์ ๋ผ๋ ๊ฒ์๋ฌผ์ ๋ณธ ์ ์ด ์๊ธฐ ๋๋ฌธ์
๋๋ค. ๊ทธ๋์ ๋์์ ์์ฒญํ๊ณ ์ถ์๋ฐ, ์ด ์ ํ์ ์ด๋ป๊ฒ ๊ตฌํํ๋ฉด ๋๋์? :)
public static void main(String args[]) {
//Get ProcessID
long pid = findProcessId("nuclearthrone.exe");
if(pid == 0) {
System.err.println("ProcessId not found.");
System.exit(1);
}
System.out.println(pid);
Pointer readProcess = openProcess(readRight, pid);//opens process with read privileges
Pointer writeProcess = openProcess(writeRight, pid);
int size = 4;//we want to read 4 bytes
int adress = Integer.parseInt("036CB314", 16);
//ReadMemory
read = readMemory(readProcess, adress, size);
System.out.println(read.getInt(0));//value of memory read
//Write Memory
Cheater.writeMemory(4, 1079246848, writeProcess, adress);
}
static long findProcessId(String processName) {
//This Reference will contain the processInfo that will be parsed t recover the ProcessId
Tlhelp32.PROCESSENTRY32.ByReference processInfo = new Tlhelp32.PROCESSENTRY32.ByReference();
//this handle allows us to parse the process map
WinNT.HANDLE processesSnapshot = kernel32.CreateToolhelp32Snapshot(Tlhelp32.TH32CS_SNAPPROCESS, new DWORD(0L));
if(processesSnapshot == kernel32.INVALID_HANDLE_VALUE) {
if(DEBUG) System.err.println("INVALID_HANDLE_VALUE");
return 0L;
}
try {// This will parse all the processes to find the process id corresponding to the process name
kernel32.Process32First(processesSnapshot, processInfo);
if(processName.equals(Native.toString(processInfo.szExeFile))) {
if(DEBUG) if(DEBUG) System.out.println("Process " + processName + " found : " + processInfo.th32ProcessID.longValue());
return processInfo.th32ProcessID.longValue();
}
while(kernel32.Process32Next(processesSnapshot, processInfo)) {
if(processName.equals(Native.toString(processInfo.szExeFile)))
{
if(DEBUG) System.out.println("Process " + processName + " found : " + processInfo.th32ProcessID.longValue());
return processInfo.th32ProcessID.longValue();
}
}
if(DEBUG) System.out.println("Did not find requested Process: " + processName);
return 0L;
} finally {
kernel32.CloseHandle(processesSnapshot);
}
}//findProcessId
static Pointer openProcess( permissions, long pid) {
Pointer process = myKernel32.OpenProcess(permissions, true, (int)pid);
process;
}
static Memory readMemory( process, int adress, int readSize) {
output = new Memory(readSize);
if(!myKernel32.ReadProcessMemory(process, adress, output, readSize, new IntByReference(0))) {
int error =myKernel32.getLastError();
switch(error) {
default:
System.err.println("Failed to read the process: " + error);
break;
case 0x12B:
System.err.println("Failed to read the specified adress");
break;
}
System.exit(1);
}
return output;
}
static void writeMemory(int readSize, int newValue, Pointer process, long adress) {
IntByReference written = new IntByReference(0);
toWrite = new Memory(readSize);
toWrite.setInt(0, newValue);
if(!myKernel32.WriteProcessMemory(process, (int)adress toWrite, , written)) {
int error = myKernel32.getLastError();
switch(error)
{
default:
System.err.println("Failed to write in the process : " + error);
break;
}
System.exit(1);
}
System.out.println("Wrote " + written.getValue() + " times");
}
GO TO FULL VERSION