E1M1 Posted August 30, 2010 Share Posted August 30, 2010 byte szCode[] = { 0x60, //pushad 0x68, 0x00, 0x00, 0x00, 0x00, //push 0h 0x68, 0x00, 0x00, 0x00, 0x00, //push 0h 0x68, 0x00, 0x00, 0x00, 0x00, //push 0h 0xB8, 0x00, 0x00, 0x00, 0x00, //mov eax, 0h 0xFF, 0xD0, //call eax 0x61, //popad 0xC3 //ret }; *(DWORD*)&szCode[2] = (DWORD)pRemotePacket; *(DWORD*)&szCode[7] = 0; *(DWORD*)&szCode[12] = aLen; *(DWORD*)&szCode[17] = dwOffset; I have converter szCode like follows: dim $szCode[25] = [ 0x60, 0x68, 0x00, 0x00, 0x00, 0x00, 0x68, 0x00, 0x00, 0x00, 0x00, 0x68, 0x00, 0x00, 0x00, 0x00, 0xB8, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xD0, 0x61, 0xC3 ] But how to convert *(DWORD*)&szCode[2] = (DWORD)pRemotePacket; I guess it's not just $szCode[2] = $pRemotePacket edited Link to comment Share on other sites More sharing options...
Ascend4nt Posted August 30, 2010 Share Posted August 30, 2010 You can't combine array elements to 'cast' to a wider type. In AutoIt, the only way to do what you want is to use a DLLStruct or a Hex string ("0x6068000000006800000000B800000000FFD061C3"). The latter is easiest in replacing values. You just need to make sure the values are hexadecimal (strip the '0x' with StringTrimLeft() or Hex() if you need to), then do a StringReplace() on the main hex string. You might even replace the 00's you want to replace with special characters so you can do a replace much easier. Afterwards, the whole thing can be written as binary to a DLLStruct (of type 'byte[xx]'). My contributions: Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery Wrappers/Modifications of others' contributions: _DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity) UDF's added support/programming to: _ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne) (All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Link to comment Share on other sites More sharing options...
E1M1 Posted August 30, 2010 Author Share Posted August 30, 2010 but why $szCode[2] = $pRemotePacket $szCode[7] = 0 $szCode[12] = $dwALen $szCode[17] = $dwOffset wouldn't work? With strings it would be bit hard because I would have to convert something to hex and variables might have diferent size so I would have to recalculate offsets. but replacing array elements would be with out calculating. Then I could use for loop to put it back to string. edited Link to comment Share on other sites More sharing options...
Ascend4nt Posted August 30, 2010 Share Posted August 30, 2010 Each array element is a separate entity in AutoIt. They aren't connected in a long sequence in memory. If you are that determined to keep it like the C code, then by all means, use an array - but you will need to go through those array elements one-by-one when putting them in a DLLStruct. If you are worried about width, there is such a thing as padding. [$sPaddedNumber=StringRight('00000000'&$iNumber,8)] But it seems like you don't really know C, AutoIt, or Assembly at all from your posts. I'd say it looks like you are copying and pasting bits of code from others and kludging it together to try and make it work for you. One other thing: endianness is important. You'll need to rearrange pointers if adding them in a binary sequence. My contributions: Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery Wrappers/Modifications of others' contributions: _DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity) UDF's added support/programming to: _ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne) (All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Link to comment Share on other sites More sharing options...
E1M1 Posted August 30, 2010 Author Share Posted August 30, 2010 What I don't know is asm and C. What do you think of $string = "" for $i = 0 to 24 $string &= $szCode[$i] Next wouldn't that work. Sorry if I asked stupid thing. edited Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now