[jstar]

Hello everyone,

Great to see a good community like this.

I currently have a school project where I must grab information from another process (3rd party).

I must readmemory of the exe but I cannot use any forum of injection and also no calls to ntreadvirtualmemory are allowed (ie. can't use readprocessmemory).

Thanks in advance,

Jstar

[Vrtule]

What information Do you have to retrieve about the target process?

[jstar]

information inside structs.

I can only see a black console but there is information in the background continuously updating.

Thanks.

[EP_X0FF]

What kind of structs?

What is the "black console"?

And what is the "information"?

[jstar]

The point he is making isn't the data itself its the reading of it.

It's a struct that holds anyone in class and there current grades/student numbers.

[EP_X0FF]

So you want to hack your school DBMS for faking grades and stealing other info and do all this from limited account?

This thread is #1 candidate for locking.

[jstar]

what lol no... sounds cool but no.

In december our final assignment will be going to class. He will give an exe in an email.

We must sit there and retrieve all the information for our student number only in 3.5 hours or less.

So he suggested that we research now.

[EP_X0FF]

What is target OS? Type, version.
Also describe in details - what you can use, and what cannot.

[jstar]

Everyone in class was given windows 7 32 bit.

Were allowed Olly, IDA, WinDbg.

But, we must make a program (not driver) to retrieve the information.

Sounds easy right?

Well the whole point of it is we can't call NtReadVirtualMemory at all. So RPM and Tool32RPM out of the question.

No one in the class understand why the hell we have this project to do. So hard and stupid.

[EP_X0FF]

Call it through sysenter.