Jump to content
Sign in to follow this  
Danyfirex

CopyMemory API Not work?

Recommended Posts

Danyfirex

Hi mates, today I have this problem I can't understand why my script doesn't work correctly I think it's correct way.

Can someone tell me what's wrong?

$st1=DllStructCreate("char uno[128]") ;create structure 1
$st2=DllStructCreate("char dos[128]") ;create structure 2

DllStructSetData($st1,1,"Hola Mundo") ;set data into structure 1


;here use copymemory to put the structure 1 datas into my structure 2
$dll=DllCall("kernel32.dll","none","CopyMemory","ptr",DllStructGetptr($st2,1),"ptr",DllStructGetptr($st1,1),"int",128)

;here show datas strucutures
msgbox(0,"",DllStructGetData($st1,1))
msgbox(0,"",DllStructGetdata($st2,1)) ; but my structure2 doesn't have datas. it's empty
Edited by Danyfirex

Share this post


Link to post
Share on other sites
Danyfirex

It's customary to say what exactly went wrong and give any errors.

I think my structure 2 should be have the same string than strutcure 1.

Edited by Danyfirex

Share this post


Link to post
Share on other sites
trancexx

What went wrong is non-existing function. CopyMemory function does not exist. That function is defined as macro and usually it's wrapper around RtlCopyMemory. Still you shouldn't be using Rtl function in your code.

You could do this, considering the language you use:

$st1 = DllStructCreate("char uno[128]") ;create structure 1
$st2 = DllStructCreate("char dos[128]") ;create structure 2

DllStructSetData($st1, 1, "Hola Mundo") ;set data into structure 1

CopyMemory($st2, $st1)


MsgBox(0, "", DllStructGetData($st2, 1))


Func CopyMemory($tStruct_Dest, $tStruct_Src)
    DllStructSetData(DllStructCreate("byte[" & DllStructGetSize($tStruct_Dest) & "]", DllStructGetPtr($tStruct_Dest)), 1, DllStructGetData(DllStructCreate("byte[" & DllStructGetSize($tStruct_Src) & "]", DllStructGetPtr($tStruct_Src)), 1))
EndFunc
Edited by trancexx

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites
Danyfirex

@trancexx I know the way that you say, but I would want to know if is this possible using RtlCopyMemory?

Share this post


Link to post
Share on other sites
Danyfirex

only for knowledge.

also.

I make this fuction. but I would like make it using rltcopymemory to copy into the strucuture.

msgbox(0,"",MyPathEx())

Func MyPathEx()

Local $OP = "0x64A1300000008B40108B403CC3"

Local $OPBuffer = DllStructCreate("byte[" & BinaryLen($OP) & "]")
DllStructSetData($OPBuffer, 1, $OP)

Local $retorno = DllCall("user32.dll", "int", "CallWindowProcW", _
"ptr", DllStructGetPtr($OPBuffer), _
"int", 0, _
"int", 0, _
"int", 0, _
"int", 0)


$RutaStruct = DllStructCreate("WCHAR[256]",$retorno[0])
$Ruta = DllStructGetData($RutaStruct, 1)

Return $Ruta

EndFunc

Share this post


Link to post
Share on other sites
trancexx

You are doing plenty of things wrong. But hey, I can read some opcode and mnemonics. Study this:

MsgBox(0, "", MyPathEx())



Func MyPathEx()

    ; Opcode is 32 bit only
    If @AutoItX64 Then Return

    ; OPCODE:
    ; 64A130000000   mov eax, dword fs:[0x30]
    ; 8B4010         mov eax, [eax+0x10]
    ; 8B403C         mov eax, [eax+0x3C]
    ; C3             ret
    Local $OP = "0x64A1300000008B40108B403CC3"

    ; Bynary len
    Local $iCodeSize = BinaryLen($OP)

    ; Allocate memory
    Local $pCodeBuffer = VirtualAlloc(0, $iCodeSize)

    ; Byte struct at that address
    Local $tCodeBuffer = DllStructCreate("byte[" & $iCodeSize & "]", $pCodeBuffer)

    ; Copy opcode
    DllStructSetData($tCodeBuffer, 1, $OP)

    ; Mark as executable code
    Local Const $PAGE_EXECUTE = 16
    VirtualProtect($pCodeBuffer, $iCodeSize, $PAGE_EXECUTE)

    ; Execute the code
    Local $aCall = DllCallAddress("wstr", $pCodeBuffer)

    ; Free allocated
    VirtualFree($pCodeBuffer)

    ; Rerturn the result
    Return $aCall[0]

EndFunc



Func VirtualProtect($pAddress, $iSize, $iProtection)
    Local $aCall = DllCall("kernel32.dll", "bool", "VirtualProtect", "ptr", $pAddress, "dword_ptr", $iSize, "dword", $iProtection, "dword*", 0)
    If @error Or Not $aCall[0] Then Return SetError(1, 0, 0)
    Return 1
EndFunc

Func VirtualAlloc($pAddress, $iSize, $iAllocationType = 0x1000, $iProtect = 4) ; default is MEM_COMMIT and PAGE_READWRITE
    Local $aCall = DllCall("kernel32.dll", "ptr", "VirtualAlloc", "ptr", $pAddress, "dword_ptr", $iSize, "dword", $iAllocationType, "dword", $iProtect)
    If @error Or Not $aCall[0] Then Return SetError(1, 0, 0)
    Return $aCall[0]
EndFunc

Func VirtualFree($pAddress, $iSize = 0, $iFreeType = 0x8000) ; MEM_RELEASE default
    Local $aCall = DllCall("kernel32.dll", "bool", "VirtualFree", "ptr", $pAddress, "dword_ptr", $iSize, "dword", $iFreeType)
    If @error Or Not $aCall[0] Then Return SetError(1, 0, 0)
    Return $aCall[0]
EndFunc

...You will see how to do that, almost correctly.

Edited by trancexx
  • Like 1

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites
Danyfirex

Thank you so much @trancexx, I admire you so much. maybe some day I could be as good as you.

thank you again. I will study a lot.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×