Sign in to follow this  
Followers 0
darkjohn20

Allocating Memory

3 posts in this topic

#1 ·  Posted (edited)

$MemoryOpen = _MemoryOpen(ProcessExists("process.exe"))
$Allocated = DllCall("kernel32.dll", "ptr", "VirtualAllocEx", "int", $MemoryOpen[1], "ptr", "0040001B", "int", 12, "int", $MEM_COMMIT, "int", $PAGE_EXECUTE_READWRITE)
MsgBox(0, "", $Allocated & @CRLF & @error)
_MemoryWrite("0x0040001B", $MemoryOpen, 0x03108383)
_MemoryWrite("0x0040001F", $MemoryOpen, 0xE9020000)
_MemoryWrite("0x00400023", $MemoryOpen, 0x0005A042)

So this is the code that wont work. The MsgBox has absolutely no data in it, so I can't figure out what's wrong. I took the VirtualAllocEx line from another script that seemed to work, but I guess it could be a wrong parameter/type?

Without allocating, the _MemoryWrite's don't write anything. The value of the bytes in the code cave is still 00.

Is there something obvious I'm doing wrong?

Edit: I've tried allocating where the value was 00, and I've tried allocation where there was nothing. Neither worked.

Edited by darkjohn20

Share this post


Link to post
Share on other sites



#3 ·  Posted (edited)

Alright, I changed it and now it shows an address, and an error of 0. But why can't I write to certain addresses? On top of that, if I try then the program throws errors with access violation...

Access Violation at address ..... in module ... Write of 00000000. This isn't trying to write it, this is after it fails and I press a button.

I wonder if there's a command line opcode <-> instruction converter somewhere... If this allocated address is different, I need to turn jmp address into the correct bytes...

Edited by darkjohn20

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0