Editing Process Memory on Windows

Do any of you guys have experience editing another program/processes memory? This is a murky area for me right now but definitely one I find fascinating (anything with direct memory manip I love) and I am looking to get some answers on this particular question:

How do you make a program which controls the UI or other programs? For example, I want to make a chatbot for fun, but the thing is, there is no API available (from the chat program) and/or I don't want to use an API. I want to be able to open up, for example, a chat program and my program will be able to read the chatbox and type into the input and send messages for me. The key here is that this would be good for an application that has no API for this. I know this is possible, I just have no clue how to go about it. Another example would be to have a program surf the web live for me on the screen.

One way I've been researching is via reading/writing to another program's memory space in C# and C using the Windows API. I figure I could write a program that scans my chat application's memory space (or I can provide it the proper address if I can grab it from a debugger and it does not change) and locates the messages as well as the input field and then I can manipulate it like that. Does anyone have experience with this?

To be honest, I have limited experience with "debugging" in the raw sense of looking at the memory/registers outside of debugging my own programs with gdb and Visual Studio, however, I did watch Casey's primer and I do remember fiddling with GameShark as a kid. However, there doesn't seem to be a whole ton of info/resources, especially with x64. I've heard of this thing called OllyDbg but apparently it has little x64 support, I also downloaded and tried out something called x64dbg (open source) which seems to work pretty well but it apparently is new and in Alpha right now. Another issue I've had is x64 x86 confusion. For example, I tried doing a ReadProcessMemory using the kernel32.dll API and it crashed when I had the Visual Studio set in x86 mode but then when I switched to x64 and switched the int memory value to the uint, it worked fine. This is the little intro tutorial I found on this. But when I did a WriteProcessMemory, the program didn't crash but it also didn't change the text either for some unknown reason (I gotta debug this some more and try to figure it out).

Last but not least, nearly every (limited) resource out there that has to do with memory editing/reading seems to involve "game hacking"/cheating, however, there must be a lot more usages of this than that right? For example, I keep hearing about a program called CheatEngine which helps you to detect data in memory in a process and then change/track it. I'd like to use this for just regular programs/not games but not sure on how all of this works, because all of these programs seem to be specifically for games but they are general-purpose memory tools, no? Thanks.

Preferred languages for this: C# or C and please note that I am using x64 Windows 10.

TL;DR - Any resources/advice on editing another Windows process' memory space to make a chatbot or just for fun would be useful.

Edited by Todd on
If you have used debugger then you have modified memory of another process. For example, putting breakpoint means that you need to write byte with value 0xCC in the location you specify (before that read what was there before to restore it later).

If you want to only interact with window controls - read text, write text, push button, then there is much easier way than directly writing/read process memory. You should use FindWindow[Ex], EnumWindows or EnumChildWindows and SetWindowText/GetWindowText/SendMessage functions instead. No need to manipulate memory directly - depending on application reading/writing memory directly can be pretty hard.

First use FindWindow/EnumWindows/EnumChildWindows to find window by its title or class name or find children whose parent are window with specific title and after that start sending messages to it. After that call
1
SetWindowTextA(wnd, "LOL");
to set text in edit area.
To press button it similar - find a handle and do this:
1
SendMessageA(wnd, BM_CLICK, 0, 0);


There is a tool WinSpy++ that ships with Windows SDK (part of VS installation) that can get you information about some window (what's it title, what's its class name, what are its children). So you first use this tool to figure out class names of the target window, it's children names, etc... And after use the functions above.

If you want program to surf live for you, then better choice would be to emulate whole browser. There are few frameworks that do that - they basically embed whole Chromium or Firefox and gives you callbacks for some events. That means it loads whole page, does the layout, runs JS and gives you ability to access page DOM. When you find something interesting in DOM, like a link or image, you can do whatever you want - click a link, open new url, save image, etc... Whatever user can do for normal browser, you can do that in script. Doing it this way it will be much easier that trying to figure out where to click on screen, or how to move mouse to trigger some javascript action to be able click on some link or smth.

Here are few frameworks that do this:
http://phantomjs.org/
https://slimerjs.org/
Probably some libs from this list also do the same: https://github.com/dhamaniasad/HeadlessBrowsers

Edited by Mārtiņš Možeiko on
Wow, thank you so much!!! I never knew I'd get this done today but it's looking like a possibility! Doing some further research on those commands, I found this site which is also a great resource.

It's quite amazing watching the window messages fly in Spy++ in real time! Makes you realize really what's going on!

Edit: Hmmm this particular program seems to be masking the controls a bit. Its handles are all called "Chrome Legacy Window Chrome_RenderWidgetHostHWND" and the controls don't appear, it's just a handle with a bunch of sub windows all under the name same. I'm sure one of these is probably able to accept the text though.

Edited by Todd on