Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Read registers in memory
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #4  
Old 09-26-2014, 14:01
anon_c anon_c is offline
Friend
  
Join Date: Jan 2011
Posts: 27
Rept. Given: 25
Rept. Rcvd 8 Times in 3 Posts
Thanks Given: 12
Thanks Rcvd at 7 Times in 7 Posts
anon_c Reputation: 8
Thanks to this code, I've written my own sniffer unit. I struggled a little bit to retrieve the BaseAddress of the process, but I finally succeeded. Cool to have this knowledge in the arsenal.

One thing I still don't get completely is how to use and manipulate the ' ContextFlags'… In the code from anorganix, we can see:

// resume the program
ResumeThread(PI.hThread);
Context.ContextFlags:= $00010000+15+$10;


Also, to get the BaseAddress of the process, l use (I translated a C++ code from somewhere into Delphi, but there was no explanation on the website):

Context.ContextFlags := CONTEXT_INTEGER;
GetThreadContext(PI.hThread,Context);
ReadProcessMemory(PI.hProcess, pointer(Context.Ebx + 8), @BaseAddress, SizeOf(BaseAddress), BytesRead);

Still reading to figure it out, but if someone have the explanation for the values used here, you are welcome to help!

Thanks
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Olly Registers Recorder n0ital General Discussion 5 04-07-2006 03:35


All times are GMT +8. The time now is 18:18.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )