I've been having issues writing process memory, viewing sources online I've tried to compile the way Cheat Engine does it.
BOOLEAN fWriteProcessMemory(ULONG PID, PEPROCESS PEProcess, PVOID Address, ULONG Size, PVOID Buffer)
{
PEPROCESS selectedprocess = PEProcess;
KAPC_STATE apc_state;
NTSTATUS ntStatus = STATUS_UNSUCCESSFUL;
if (selectedprocess == NULL)
{
if (!NT_SUCCESS(PsLookupProcessByProcessId((PVOID)(UINT_PTR)PID, &selectedprocess)))
return FALSE;
}
UINT_PTR temp = (UINT_PTR)Address;
RtlZeroMemory(&apc_state, sizeof(apc_state));
KeAttachProcess((PEPROCESS)selectedprocess);
char* target;
char* source;
unsigned int i;
target = Address;
source = Buffer;
for (i = 0; i<Size; i++)
{
target[i] = source[i];
}
ntStatus = STATUS_SUCCESS;
KeDetachProcess();
return NT_SUCCESS(ntStatus);
}
Though issues were risen upon calling it which was causing a BSOD every time target[i] = source[i];
It may be that I was inputting incorrect 'Address'/'Size'/'Buffer' yet here is my configuration:
fWriteProcessMemory(GlobalProcessID, GlobalProcessPE, (PVOID)(*(ULONG*)pBuf), sizeof(ULDat), (PVOID)ULDat)
Having ULDat as the memory to be written (ULONG), pBuf which is Irp->AssociatedIrp.SystemBuffer as the memory address to be written to.
Any help would be appreciated, thank you.
if ULDat = 6969 then (PVOID)ULDat is a pointer to a memory location address 6969 (or 0x1b39 hexa), then in your loop, source[i] is trying to pick a char from address (0x1b39 + i), which is why it BSODs.
So yes, use &ULDat there, that's the solution.