How to modify a string in memory?

Posted on 2005-05-09
Last Modified: 2010-04-05
There are two strings with the same value "mystring" in target.exe and I want to modify them to "urstring" while target.exe is running. So I wrote a dll and injected it into target.exe so that I can modify the memory more conveniently.

Can anyone tell me how to modify the string in memory  (in the same process, maybe different thread)?
Question by:klemperer
    LVL 33

    Accepted Solution

    if you have access to the memory address you can use the API CopyMemory or system string functions like lstrcpy, however you might be limited to the current memory byte allocation for the current array of charaters  , , "mystring" in this case, which has 8 bytes, and I can not tell if this is a null terminated array of charaters or not which will make a difference in some types of array of charter access. . .
    Here is a button click event, it has 2 pointers, p1 and p2 which would be the memory addresses in your target.exe for the charater arrays (not sure about calling them strings), I have to get and free memory in this code, but you would not need that for memory in the target.exe

    procedure TForm1.sbut_CopyMemoryClick(Sender: TObject);
    pStr: PChar;
    p1, p2: Pointer; // p1 and p1 would be your memory addresses in the other program
    Str1: String;
    Str1 := 'Str1 here';
    pStr := 'pStr here';

    // you will not need to get the Memory for your's, but I need to assign memory here
    GetMem(p1, 9);
    GetMem(p2, 10);// has room for null #0

    // I would probally use the CopyMemory for any memory access in another program
    CopyMemory(p1, pStr, 9); // p1 has only 9 bytes of memory, no room for null #0
    // you will need to consider the null #0 end for charater arrays in other programs

    // you should be able to use the null term string function like StrLCopy
    StrLCopy(p2,p1,9);// adds #0 Null to end, must have 10 bytes of memory
    ShowMessage(PChar(p2)); // be sure there is a Null for a PChar read

    CopyMemory(p2, @Str1[1], 10);

    FreeMem(p1); // you will not need to free you memory

     - - - - - - - - - - - - - - - - - - - --

    the memory allocation in another application is different that the GetMem and FreeMem in the injected Delphi DLL

    Author Comment

    I wrote a function according to your suggestion, which change a string (or char array) "mystring" into "urstring" in the memory.

    function ModifyDirection:boolean;
    pStr: PChar;
    p1, p2: Pointer;
    Str1: String;
      CopyMemory(p1, pStr, 8);

      CopyMemory(p2, @Str1[1], 9);

    I called this function in dll entry point (DLL_PROCESS_ATTACH) and the application raised an error "Memory can't write". Then I call it again when the application is fully loaded; it raises no error but doesn't work. How can I know that the string has been changed or not?
    LVL 33

    Expert Comment

    you do not seem to understand much of what I tried to tell you, the variables I used for my example

    p1, p2: Pointer;

    do not exist, and when you use them in your  ModifyDirection function, you do NOT assign any meory location to them, they are UNDEFINED, useless

     I tried to tell you that you need to use the memory locations in the target.exe for whatever you want to change. . .

    do not use my  p1  or p2, use the pointer location for the memory block in the target.exe program that has the text in it

    I hope you do not say that you do not know the memory locations of the text you want to change, and ask how to get those mem locations
    LVL 33

    Expert Comment


    in my example I showed 2 ways to change a memory location, but you should not use both like you did in your function

    function ModifyDirection: Boolean;
    pStr: PChar;
    pt: Pointer
    result := False;
      pt := GetMemLocation; // your function to get the memory location of the text in the target.exe
      CopyMemory(pt, pStr, 8);
    if (PChar(pt)[0] = pStr[0]) and (PChar(pt)[7] = pStr[7]) then
      result := True;


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Suggested Solutions

    A lot of questions regard threads in Delphi.   One of the more specific questions is how to show progress of the thread.   Updating a progressbar from inside a thread is a mistake. A solution to this would be to send a synchronized message to the…
    The uses clause is one of those things that just tends to grow and grow. Most of the time this is in the main form, as it's from this form that all others are called. If you have a big application (including many forms), the uses clause in the in…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now