Jump to content
Sign in to follow this  
Followers 0
buzz44

Converting code from...

By buzz44, in AutoIt Technical Discussion

Recommended Posts

buzz44    1

buzz44
Posted (edited) 

#include <windows.h>
#include <iostream.h>
int main()
{
   DWORD pid;
   DWORD bytes;
   HANDLE _handle;
   DWORD off1=0x6FC11024;
   BYTE  ofw1[9]={0x66,0x83,0xF9,0x2D,0x90,0x74,0x2F,0xEB,0xDB};

   DWORD off2=0x6FC11008;
   BYTE  ofw2[8]={0x66,0x89,0x0E,0xE9,0x9E,0x04,0,0};

   DWORD off3=0x6FC1105A;
   BYTE  ofw3[8]={0xE9,0xC5,0x09,0,0};

   DWORD off4=0x6FC11A24;
   BYTE  ofw4[12]={0x66,0xB9,0xFF,0,0x66,0x89,0x0E,0xE9,0x7E,0xFA,0xFF,0xFF};

   DWORD off5=0x6FC114AB;
   BYTE  ofw5[3]={0xEB,0x2B,0x90};

   DWORD off6=0x6FC114D8;
   BYTE  ofw6[5]={0xE9,0x47,0xFB,0xFF,0xFF};

   HWND window=FindWindow("class",NULL);

   GetWindowThreadProcessId(window,&pid);

   _handle=OpenProcess(PROCESS_ALL_ACCESS, 0, pid);

   WriteProcessMemory(_handle,(void*)off1,(void*)&ofw1,9,&bytes);
   WriteProcessMemory(_handle,(void*)off2,(void*)&ofw2,8,&bytes);
   WriteProcessMemory(_handle,(void*)off3,(void*)&ofw3,8,&bytes);
   WriteProcessMemory(_handle,(void*)off4,(void*)&ofw4,12,&bytes);
   WriteProcessMemory(_handle,(void*)off5,(void*)&ofw5,3,&bytes);
   WriteProcessMemory(_handle,(void*)off6,(void*)&ofw6,5,&bytes);
   return 0;
}

I think it's C or C++? I really have no idea lol. But could someone please get me started or point me to the correct functions in AutoIt.

Thanks.

Edited by Burrup

qq

Share this post

Link to post
Share on other sites

buzz44    1

buzz44
Posted (edited)

Thanks w0uter, I figured I would need to use some kind of memory function's such as your's :). Would you happen to know what language it is?

Edited by Burrup

qq

Share this post

Link to post
Share on other sites

MSLx Fanboy    0

MSLx Fanboy
Posted

C uses stdio.h, C++ uses iostream.h

I'm going to put 100 on C++ :)

Writing AutoIt scripts since 
_DateAdd("d", -2, _NowCalcDate())

Share this post

Link to post
Share on other sites

buzz44    1

buzz44
Posted

Thanks, I still have no idea how to convert it to AutoIt though.

qq

Share this post

Link to post
Share on other sites

w0uter    1

w0uter
Posted (edited)

what does it do ?

if i like the awnser ill try to do it :evil:

cuz im not running commands that might mess up windows.

nor can i ever check if it was correct :)

EDIT:

got this far but i am scared to continue without me knowing what it will do.

Dim $pid;
Dim $bytes;
Dim $_handle;

Dim $off1 = 0x6FC11024;
Dim $ofw1[9] = [0x66, 0x83, 0xF9, 0x2D, 0x90, 0x74, 0x2F, 0xEB, 0xDB];

Dim $off2 = 0x6FC11008;
Dim $ofw2[8] = [0x66, 0x89, 0x0E, 0xE9, 0x9E, 0x04, 0, 0];

Dim $off3 = 0x6FC1105A;
Dim $ofw3[8] = [0xE9, 0xC5, 0x09, 0, 0];

Dim $off4 = 0x6FC11A24;
Dim $ofw4[12] = [0x66, 0xB9, 0xFF, 0, 0x66, 0x89, 0x0E, 0xE9, 0x7E, 0xFA, 0xFF, 0xFF];

Dim $off5 = 0x6FC114AB;
Dim $ofw5[3] = [0xEB, 0x2B, 0x90];

Dim $off6 = 0x6FC114D8;
Dim $ofw6[5] = [0xE9, 0x47, 0xFB, 0xFF, 0xFF];

Dim $v_Struct1 = DllStructCreate ('str')
DllStructSetData($v_Struct1, 1, "class")
Dim $window = DllCall('user32.dll', 'hwnd', 'FindWindow', 'ptr', DllStructGetPtr ($v_Struct1, 1), 'str', '')
$window = $window[0]
DllStructDelete ($v_Struct1)

Dim $v_Struct2 = DllStructCreate ('dword')
DllCall('user32.dll', 'int', 'GetWindowThreadProcessId', 'hwnd', $window, 'ptr', DllStructGetPtr ($v_Struct2, 1))
$pid = DllStructGetData ($v_Struct2, 1)
DllStructDelete ($v_Struct2)

$_handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', 0x20 + 0x8, 'int', 0, 'int', $pid)
$_handle = $_handle[0]
Edited by w0uter
My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Share this post

Link to post
Share on other sites

buzz44    1

buzz44
Posted (edited)

Thanks. Well I don't know the specific details about what it does but it change's the "-" character (hyphen/dash) to be interpreted as "ÿ" (Alt + 0255) for a certain window specified by it's class name.

Edited by Burrup

qq

Share this post

Link to post
Share on other sites

w0uter    1

w0uter
Posted (edited)

on writing i get:

ERROR_INVALID_ADDRESS

487

Attempt to access invalid address.

Dim $pid;
Dim $bytes;
Dim $_handle;

Dim $off1 = 0x6FC11024;
Dim $ofw1[9] = [0x66, 0x83, 0xF9, 0x2D, 0x90, 0x74, 0x2F, 0xEB, 0xDB];

Dim $off2 = 0x6FC11008;
Dim $ofw2[8] = [0x66, 0x89, 0x0E, 0xE9, 0x9E, 0x04, 0, 0];

Dim $off3 = 0x6FC1105A;
Dim $ofw3[8] = [0xE9, 0xC5, 0x09, 0, 0];

Dim $off4 = 0x6FC11A24;
Dim $ofw4[12] = [0x66, 0xB9, 0xFF, 0, 0x66, 0x89, 0x0E, 0xE9, 0x7E, 0xFA, 0xFF, 0xFF];

Dim $off5 = 0x6FC114AB;
Dim $ofw5[3] = [0xEB, 0x2B, 0x90];

Dim $off6 = 0x6FC114D8;
Dim $ofw6[5] = [0xE9, 0x47, 0xFB, 0xFF, 0xFF];

Dim $v_Struct1 = DllStructCreate ('str')
DllStructSetData($v_Struct1, 1, "Notepad")
Dim $window = DllCall('user32.dll', 'hwnd', 'FindWindow', 'ptr', DllStructGetPtr ($v_Struct1, 1), 'str', '')
$window = $window[0]
DllStructDelete ($v_Struct1)

Dim $v_Struct2 = DllStructCreate ('dword')
DllCall('user32.dll', 'int', 'GetWindowThreadProcessId', 'hwnd', $window, 'ptr', DllStructGetPtr ($v_Struct2, 1))
$pid = DllStructGetData ($v_Struct2, 1)
$pid = 2664
DllStructDelete ($v_Struct2)

$_handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', 0x20 + 0x8, 'int', 0, 'int', $pid)
$_handle = $_handle[0]

$v_callStruct = DllStructCreate('byte[9]')

For $i = 0 to 8
    DllStructSetData($v_callStruct, 1, $ofw1[$i], $i)
Next

DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $_handle, 'int', $off1, 'ptr', DllStructGetPtr($v_callStruct, 1), 'int', 9, 'int', '');
$var = DllCall('kernel32.dll', 'int', 'GetLastError')
ConsoleWrite($var[0] & @LF)

#cs
    WriteProcessMemory (_handle, (void *) off2, (void *) & ofw2, 8, &bytes);
    WriteProcessMemory (_handle, (void *) off3, (void *) & ofw3, 8, &bytes);
    WriteProcessMemory (_handle, (void *) off4, (void *) & ofw4, 12, &bytes);
    WriteProcessMemory (_handle, (void *) off5, (void *) & ofw5, 3, &bytes);
    WriteProcessMemory (_handle, (void *) off6, (void *) & ofw6, 5, &bytes);
    Return 0;
    }

its verry ugly; inefficent; getting the PID doesnt work.

but could you test it with the app you want.

(just look up the pid in taskmngr.exe and enter it at line 32)

Edited by w0uter
My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Share this post

Link to post
Share on other sites

buzz44    1

buzz44
Posted

Thanks w0uter but still not working, I don't get any error's but nothing appear's to change.

$Pid now work's and I use 0xFFF instead of 0x20 + 0x8 for the OpenProcess call, 0xFFF meaning PROCESS_ALL_ACCESS. I also finished/added the last WriteProcessMemory call's. Does it look correct?

Thanks again.

CODE
Dim $pid;

Dim $bytes;

Dim $_handle;

Dim $off1 = 0x6FC11024;

Dim $ofw1[9] = [0x66, 0x83, 0xF9, 0x2D, 0x90, 0x74, 0x2F, 0xEB, 0xDB];

Dim $off2 = 0x6FC11008;

Dim $ofw2[8] = [0x66, 0x89, 0x0E, 0xE9, 0x9E, 0x04, 0, 0];

Dim $off3 = 0x6FC1105A;

Dim $ofw3[8] = [0xE9, 0xC5, 0x09, 0, 0];

Dim $off4 = 0x6FC11A24;

Dim $ofw4[12] = [0x66, 0xB9, 0xFF, 0, 0x66, 0x89, 0x0E, 0xE9, 0x7E, 0xFA, 0xFF, 0xFF];

Dim $off5 = 0x6FC114AB;

Dim $ofw5[3] = [0xEB, 0x2B, 0x90];

Dim $off6 = 0x6FC114D8;

Dim $ofw6[5] = [0xE9, 0x47, 0xFB, 0xFF, 0xFF];

Dim $v_Struct1 = DllStructCreate ('str')

DllStructSetData($v_Struct1, 1, "class")

Dim $window = DllCall('user32.dll', 'hwnd', 'FindWindow', 'ptr', DllStructGetPtr ($v_Struct1,

1), 'str', '')

$window = $window[0]

DllStructDelete ($v_Struct1)

Dim $v_Struct2 = DllStructCreate ('dword')

DllCall('user32.dll', 'int', 'GetWindowThreadProcessId', 'hwnd', $window, 'ptr', DllStructGetPtr

($v_Struct2, 1))

$pid = DllStructGetData ($v_Struct2, 1)

DllStructDelete ($v_Struct2)

$_handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', 0xFFF, 'int', 0, 'int', $pid)

$_handle = $_handle[0]

$v_callStruct1 = DllStructCreate('byte[9]')

$v_callStruct2 = DllStructCreate('byte[8]')

$v_callStruct3 = DllStructCreate('byte[8]')

$v_callStruct4 = DllStructCreate('byte[12]')

$v_callStruct5 = DllStructCreate('byte[3]')

$v_callStruct6 = DllStructCreate('byte[5]')

For $i = 0 to 8

DllStructSetData($v_callStruct1, 1, $ofw1[$i], $i)

Next

For $i = 0 to 7

DllStructSetData($v_callStruct2, 1, $ofw2[$i], $i)

DllStructSetData($v_callStruct3, 1, $ofw3[$i], $i)

Next

For $i = 0 to 11

DllStructSetData($v_callStruct4, 1, $ofw4[$i], $i)

Next

For $i = 0 to 2

DllStructSetData($v_callStruct5, 1, $ofw5[$i], $i)

Next

For $i = 0 to 4

DllStructSetData($v_callStruct6, 1, $ofw6[$i], $i)

Next

DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $_handle, 'int', $off1, 'ptr',

DllStructGetPtr($v_callStruct1, 1), 'int', 9, 'int', '');

DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $_handle, 'int', $off2, 'ptr',

DllStructGetPtr($v_callStruct2, 1), 'int', 8, 'int', '');

DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $_handle, 'int', $off3, 'ptr',

DllStructGetPtr($v_callStruct3, 1), 'int', 8, 'int', '');

DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $_handle, 'int', $off4, 'ptr',

DllStructGetPtr($v_callStruct4, 1), 'int', 12, 'int', '');

DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $_handle, 'int', $off5, 'ptr',

DllStructGetPtr($v_callStruct5, 1), 'int', 3, 'int', '');

DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $_handle, 'int', $off6, 'ptr',

DllStructGetPtr($v_callStruct6, 1), 'int', 5, 'int', '');

qq

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing AutoIt Technical Discussion
×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept