E1M1 8 Posted August 30, 2010 byte szCode[] = { 0x60, //pushad 0x68, 0x00, 0x00, 0x00, 0x00, //push 0h 0x68, 0x00, 0x00, 0x00, 0x00, //push 0h 0x68, 0x00, 0x00, 0x00, 0x00, //push 0h 0xB8, 0x00, 0x00, 0x00, 0x00, //mov eax, 0h 0xFF, 0xD0, //call eax 0x61, //popad 0xC3 //ret }; *(DWORD*)&szCode[2] = (DWORD)pRemotePacket; *(DWORD*)&szCode[7] = 0; *(DWORD*)&szCode[12] = aLen; *(DWORD*)&szCode[17] = dwOffset; I have converter szCode like follows: dim $szCode[25] = [ 0x60, 0x68, 0x00, 0x00, 0x00, 0x00, 0x68, 0x00, 0x00, 0x00, 0x00, 0x68, 0x00, 0x00, 0x00, 0x00, 0xB8, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xD0, 0x61, 0xC3 ] But how to convert *(DWORD*)&szCode[2] = (DWORD)pRemotePacket; I guess it's not just $szCode[2] = $pRemotePacket edited Share this post Link to post Share on other sites
Ascend4nt 131 Posted August 30, 2010 You can't combine array elements to 'cast' to a wider type. In AutoIt, the only way to do what you want is to use a DLLStruct or a Hex string ("0x6068000000006800000000B800000000FFD061C3"). The latter is easiest in replacing values. You just need to make sure the values are hexadecimal (strip the '0x' with StringTrimLeft() or Hex() if you need to), then do a StringReplace() on the main hex string. You might even replace the 00's you want to replace with special characters so you can do a replace much easier. Afterwards, the whole thing can be written as binary to a DLLStruct (of type 'byte[xx]'). My contributions:Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash RecoveryWrappers/Modifications of others' contributions:_DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity)UDF's added support/programming to:_ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne)(All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Share this post Link to post Share on other sites
E1M1 8 Posted August 30, 2010 but why $szCode[2] = $pRemotePacket $szCode[7] = 0 $szCode[12] = $dwALen $szCode[17] = $dwOffset wouldn't work? With strings it would be bit hard because I would have to convert something to hex and variables might have diferent size so I would have to recalculate offsets. but replacing array elements would be with out calculating. Then I could use for loop to put it back to string. edited Share this post Link to post Share on other sites
Ascend4nt 131 Posted August 30, 2010 Each array element is a separate entity in AutoIt. They aren't connected in a long sequence in memory. If you are that determined to keep it like the C code, then by all means, use an array - but you will need to go through those array elements one-by-one when putting them in a DLLStruct. If you are worried about width, there is such a thing as padding. [$sPaddedNumber=StringRight('00000000'&$iNumber,8)] But it seems like you don't really know C, AutoIt, or Assembly at all from your posts. I'd say it looks like you are copying and pasting bits of code from others and kludging it together to try and make it work for you. One other thing: endianness is important. You'll need to rearrange pointers if adding them in a binary sequence. My contributions:Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash RecoveryWrappers/Modifications of others' contributions:_DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity)UDF's added support/programming to:_ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne)(All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Share this post Link to post Share on other sites
E1M1 8 Posted August 30, 2010 What I don't know is asm and C. What do you think of $string = "" for $i = 0 to 24 $string &= $szCode[$i] Next wouldn't that work. Sorry if I asked stupid thing. edited Share this post Link to post Share on other sites
