Sign in to follow this  
Followers 0
darkjohn20

Changing bytes at an address

5 posts in this topic

#1 ·  Posted (edited)

Hi, I have a static address, and I want to know how I can change the bytes at the address.

In particular, I am using NomadMemory, so if I can use this that would be great. If not, is there another way I could do it?

I have an address, say 0x00567123

The bytes are 83 0c 30 00 00 (Made up)

How could I change these bytes with AutoIt through a DllCall/Function/whatever to say

90 90 90 90 90?

Thanks!

Edit: I want you to know that the reason this is rewritten and says "removed any reference to hacking" is because this is not my intent. My other post contained references that one person thought would be considered hacking, and so I wanted to get rid of the idea. I simply want to know if this is possible/how for learning purposes, since in NomadMemory I know how to do everything else.

Thanks again, John.

Edited by darkjohn20

Share this post


Link to post
Share on other sites



check out _WinAPI_WriteProcessMemory a user function under the includes directory in the file WinAPI.au3

Share this post


Link to post
Share on other sites

Skyboy, I know how to write data, I am just not sure what is required to change all of the bytes, or even what bytes need to be changed.

An example would be nopping (no operation). How would I nop the 83 0c 30 00 00? I know I need to replace it with 90 90 90 (90 90)?

Could I simply write Dec("0x90") to the address? or do I have to write to the address for each byte...?

Thanks

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

From somewhere else, as a reply to me:

If you are doing direct memory access then you can write the dword at [address] to 0x90909090 and then the word at [address] to 0x9090

If you are using WPM then make an array of 6 bytes which are 0x90 for each byte. then write that whole array to [address]

My question is simply.....Which one of these should I use/Is used by NomadMemory/WriteProcessMemory?

And...is this the correct thing to do?

Thanks!

So skyboy, would I just use this array in that function to send to the address?

_WinAPI_WriteProcessMemory($hProcess, $pBaseAddress, $pBuffer, $iSize, ByRef $iWritten[, $sBuffer = "ptr"])

Where $pBuffer would be the array of bytes?

Also what would I fill in for the ones after $pBuffer?

Edited by darkjohn20

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Problem solved. Thank you to everyone that contributed. Skyboy, I skipped that and used NomadMemory, because it is the same thing if you look at both functions in their files.

OpenMemory()

_MemoryWrite("0x0045AECB", $MemoryOpen, $NOP, "byte")
_MemoryWrite("0x0045AECC", $MemoryOpen, $NOP, "byte")

 _MemoryClose($MemoryOpen)

Is the code I used. I cannot believe it was so easy. I was just forgetting that there was a last parameter, which is TYPE. The default was dword so I got an error.

By the way, OpenMemory() just does:

Func OpenMemory()
    $PID = ProcessExists("NAME.exe")
    $MemoryOpen = _MemoryOpen($PID)
    If $MemoryOpen = 0 Then
        Select
            Case @error = 1
                MsgBox(0, "Error", "Error opening process: " & @CRLF & "Process ID is invalid")
            Case @error = 2
                MsgBox(0, "Error", "Error opening process: " & @CRLF & "Failed to open Kernel32.dll")
            Case @error = 3
                MsgBox(0, "Error", "Error opening the specified process")
        EndSelect
    EndIf
EndFunc
Edited by darkjohn20

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0