darkjohn20 Posted December 7, 2009 Share Posted December 7, 2009 (edited) Hi, I have a static address, and I want to know how I can change the bytes at the address.In particular, I am using NomadMemory, so if I can use this that would be great. If not, is there another way I could do it?I have an address, say 0x00567123The bytes are 83 0c 30 00 00 (Made up)How could I change these bytes with AutoIt through a DllCall/Function/whatever to say90 90 90 90 90?Thanks!Edit: I want you to know that the reason this is rewritten and says "removed any reference to hacking" is because this is not my intent. My other post contained references that one person thought would be considered hacking, and so I wanted to get rid of the idea. I simply want to know if this is possible/how for learning purposes, since in NomadMemory I know how to do everything else.Thanks again, John. Edited December 7, 2009 by darkjohn20 Link to comment Share on other sites More sharing options...
skyboy Posted December 8, 2009 Share Posted December 8, 2009 check out _WinAPI_WriteProcessMemory a user function under the includes directory in the file WinAPI.au3 Link to comment Share on other sites More sharing options...
darkjohn20 Posted December 8, 2009 Author Share Posted December 8, 2009 Skyboy, I know how to write data, I am just not sure what is required to change all of the bytes, or even what bytes need to be changed. An example would be nopping (no operation). How would I nop the 83 0c 30 00 00? I know I need to replace it with 90 90 90 (90 90)? Could I simply write Dec("0x90") to the address? or do I have to write to the address for each byte...? Thanks Link to comment Share on other sites More sharing options...
darkjohn20 Posted December 8, 2009 Author Share Posted December 8, 2009 (edited) From somewhere else, as a reply to me: If you are doing direct memory access then you can write the dword at [address] to 0x90909090 and then the word at [address] to 0x9090 If you are using WPM then make an array of 6 bytes which are 0x90 for each byte. then write that whole array to [address] My question is simply.....Which one of these should I use/Is used by NomadMemory/WriteProcessMemory? And...is this the correct thing to do? Thanks! So skyboy, would I just use this array in that function to send to the address? _WinAPI_WriteProcessMemory($hProcess, $pBaseAddress, $pBuffer, $iSize, ByRef $iWritten[, $sBuffer = "ptr"]) Where $pBuffer would be the array of bytes? Also what would I fill in for the ones after $pBuffer? Edited December 9, 2009 by darkjohn20 Link to comment Share on other sites More sharing options...
darkjohn20 Posted December 9, 2009 Author Share Posted December 9, 2009 (edited) Problem solved. Thank you to everyone that contributed. Skyboy, I skipped that and used NomadMemory, because it is the same thing if you look at both functions in their files. OpenMemory() _MemoryWrite("0x0045AECB", $MemoryOpen, $NOP, "byte") _MemoryWrite("0x0045AECC", $MemoryOpen, $NOP, "byte") _MemoryClose($MemoryOpen) Is the code I used. I cannot believe it was so easy. I was just forgetting that there was a last parameter, which is TYPE. The default was dword so I got an error. By the way, OpenMemory() just does: Func OpenMemory() $PID = ProcessExists("NAME.exe") $MemoryOpen = _MemoryOpen($PID) If $MemoryOpen = 0 Then Select Case @error = 1 MsgBox(0, "Error", "Error opening process: " & @CRLF & "Process ID is invalid") Case @error = 2 MsgBox(0, "Error", "Error opening process: " & @CRLF & "Failed to open Kernel32.dll") Case @error = 3 MsgBox(0, "Error", "Error opening the specified process") EndSelect EndIf EndFunc Edited December 10, 2009 by darkjohn20 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now