An interesting news brief: apps can actually access other apps memory...
326 views
Skip to first unread message
mathieu...@gmail.com
Aug 22, 2014, 5:49:27 PM8/22/14
to mooltipass
Will definitely add some credibility to our animation video:
Cheers!
Stefan Giroux
Oct 13, 2014, 6:32:03 PM10/13/14
to moolt...@googlegroups.com
http://msdn.microsoft.com/en-us/library/windows/desktop/ms680553%28v=vs.85%29.aspx
If that fails, inject a dll (various methods) and read it from inside that process.
There should also be a way to get around NtProtectVirtualMemory
http://undocumented.ntinternals.net/source/usermode/undocumented%20functions/memory%20management/virtual%20memory/ntprotectvirtualmemory.html
Either way, if you're running arbitrary code on a computer then you can get at a LOT of data.
ReadProcessMemory
If that fails, inject a dll (various methods) and read it from inside that process.
There should also be a way to get around NtProtectVirtualMemory
http://undocumented.ntinternals.net/source/usermode/undocumented%20functions/memory%20management/virtual%20memory/ntprotectvirtualmemory.html
Either way, if you're running arbitrary code on a computer then you can get at a LOT of data.
mathieu...@gmail.com
Oct 14, 2014, 2:16:11 AM10/14/14
to Stefan Giroux, mooltipass
Hey Stefan,
Thanks for the link!
Wouldn't this:
- hProcess [in]
A handle to the process with memory that is being read. The handle must have PROCESS_VM_READ access to the process.
be the tricky part though?
--
You received this message because you are subscribed to the Google Groups "mooltipass" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mooltipass+...@googlegroups.com.
To post to this group, send email to moolt...@googlegroups.com.
Visit this group at http://groups.google.com/group/mooltipass.
For more options, visit https://groups.google.com/d/optout.
Stefan Giroux
Oct 15, 2014, 10:07:43 PM10/15/14
to mathieu...@gmail.com, mooltipass
Assuming I can post via reply like a mailing list:
That's not so tricky actually. In fact, I made a Left 4 dead 2 "external" cheat that resides entirely in a separate process and only passively reads the video game's memory. It was done in C# and amounts to the following:ReadProcessMemory(Process.GetProcesses().SelectOne().Handle, addressToReadFrom, bufferToFill, sizeof(bufferToFill), &bytesRead);
Best of luck w/ your funding campaign!
mathieu...@gmail.com
Oct 16, 2014, 3:50:29 AM10/16/14
to Stefan Giroux, mooltipass
Very interesting... Have you tried your technique on keypass/lastpass?
Thanks!
Reply all
Reply to author
Forward
0 new messages