View Full Version : VirtualAllocEx equivalent on win9x?
doug
May 28th, 2004, 22:03
in the PSDK, they mention that VirtualAllocEx is included in Windows XP, Windows 2000 Professional, and Windows NT Workstation 4.0
I believe in win98 kernel32 Exports that function, but returns status_not_implemented.
so is there an equivalent to VirtualAllocEx in win9x?
What do you guys do when you want to get memory into another process' space?
Kayaker
May 28th, 2004, 22:37
Hi
I think Elicz's Elirt.dll is the classic way of emulating CreateRemoteThread, VirtualAllocEx, VirtualFreeEx, OpenThread for Win9x.
It used to be at
http://www.anticracking.sk/EliCZ/export.htm
doesn't seem to be listed separately now but may be incorporated into one of the other packages. Ah, I'll just up it here...
Personally what I used to do was a CREATE_SUSPENDED dll injection along the lines of Iczdump, then you have the free access to the process' memory.
K.
doug
May 28th, 2004, 22:53
Thanks kayaker.
Also, I just found the following:
Code:
hFileMapping = CreateFileMapping((HANDLE) 0xFFFFFFFF, NULL,
PAGE_READWRITE|SEC_COMMIT, 0, dwSize, NULL);
if(hFileMapping != NULL)
lpData = MapViewOfFile(hFileMapping, FILE_MAP_ALL_ACCESS, 0, 0, dwSize);
with a note mentionning that under Windows 9x the address above 0x80000000 is shared by all processes and the CreateFileMapping call above allocates a block of mem in that zone. (tested and it works)
evaluator
May 29th, 2004, 00:15
for W9x, instead of VirtualAllocEx you can use VirtualAlloc in upper memory:
if W9x
then
VirtualAlloc(nil,size,MEM_COMMIT+SEC_COMMIT,PAGE_EXECUTE_READWRITE);
if NT vp:=VirtualAllocEx(ph,nil,size,MEM_COMMIT+MEM_TOP_DOWN,PAGE_EXECUTE_READWRITE);
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.