[Offtopic] Is it possible to get the state of the registers from another application context?

Post your topics and discussions here that you can't find a good section for.
Post Reply
Julien
Cheater
Cheater
Posts: 34
Joined: Fri Mar 03, 2017 5:52 am
Reputation: 3

[Offtopic] Is it possible to get the state of the registers from another application context?

Post by Julien »

Of course, when my app runs, it won't have the same context of the other one, unless I didn't want an app but some sort of code injection in the hacked app. What I want to know is, is there a way to obtain the other app's context data, specially the content of its register via another app? That would of course be a MAJOR security flaw, but considering the user wants this to happen, and they would turn some security stuff off somehow (since I am the user and I want to hack another app), is it possible to do it? For clarity, I'm talking about windows 10, 64 architecture, but the app I want to hack runs on x86.

Eric
Hall of Famer
Hall of Famer
Posts: 174
Joined: Thu Mar 02, 2017 11:01 pm
Reputation: 90

Re: [Offtopic] Is it possible to get the state of the registers from another application context?

Post by Eric »

openthread
suspendthread
getthreadcontext
resumethread
closehandle

Julien
Cheater
Cheater
Posts: 34
Joined: Fri Mar 03, 2017 5:52 am
Reputation: 3

Re: [Offtopic] Is it possible to get the state of the registers from another application context?

Post by Julien »

Eric wrote:
Fri Mar 03, 2017 8:53 pm
openthread
suspendthread
getthreadcontext
resumethread
closehandle
Thank you very much for the answer!

I'm sorry. I'm not very much experienced. I'm trying my best to keep up with you guys, but it's not easy. Let me see if I understand you:

openthread I open the Process I want to hack into from inside mine, as a thread? Can I do this do a running process?
suspendthread I suspend the hacked process' thread, thus saving its context. Two questions: What if the process is separate from mine, as I mentioned above, and what if it is multithreaded. For the multhreaded case, is there a risk of me suspending the wrong thread?

the other 3 steps (specially the last one) lead me strongly to believe that, in the case you're imagining, I start the process from inside mine. Is that the only way it can be done. Can I do that by literally hacking into an independent process context, who's not programmed to share anything with my process?

Eric
Hall of Famer
Hall of Famer
Posts: 174
Joined: Thu Mar 02, 2017 11:01 pm
Reputation: 90

Re: [Offtopic] Is it possible to get the state of the registers from another application context?

Post by Eric »

OpenThread works on threads your process hasn't opened as well. Just give it the processID, and be an administrator
it returns a handle you can use with the other 4 api's

Julien
Cheater
Cheater
Posts: 34
Joined: Fri Mar 03, 2017 5:52 am
Reputation: 3

Re: [Offtopic] Is it possible to get the state of the registers from another application context?

Post by Julien »

This is awesome, thank you! There's no upvote thingy. You really gave me hope.

Post Reply

Who is online

Users browsing this forum: No registered users