Jump to content
Au3Builder

How to do a simple code cave injection with AutoIt?

Recommended Posts

Au3Builder

Are there any working and free UDFs available to accomplish this sort of tasks?

Edited by Au3Builder

Share this post


Link to post
Share on other sites
Au3Builder
1 hour ago, Jos said:

What could be a good example why one would want to do code cave injections?

Jos

Why not gain another ability or do something new out of boredom? I find it useful to enchance functionality/fix a bug of an application if source code is lost or not available.It's 100% legal because modifications take place in process memory, not in the application itself. I would like to do the same in Autoit. Could you provide me with examples of implementing caves? Did my answer satisfy you Jos?

Edited by Au3Builder

Share this post


Link to post
Share on other sites
Jos
57 minutes ago, Au3Builder said:

Did my answer satisfy you Jos?

Not really as there is not one single use case in that answer and this technique is often used for more dodgy purposes or game modifications and you are aware how we feel about that in these forums. :)
I haven't see any example as yet where this technique is used for:

1 hour ago, Au3Builder said:

enchance functionality/fix a bug of an application if source code is lost

.. and when the source is not available I highly doubt it is desirable to discuss modifying running code in memory in these forums.

Jos


SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites
JLogan3o13

Beyond hacking, there is not a single legitimate use for code cave. Code cave tools such as PE and Cheat Engine are only used by script kiddies; not something we are going to support here. 


√-1 2^3 ∑ π, and it was delicious!

How to get your question answered on this forum!

Share this post


Link to post
Share on other sites
rudi

Hi.

Just to be sure, that I get the meaning of the term "code caving": That means to modify code that's already running in memory?

Then this question is quite similar to my intention to run a EXE without having to use fileinstall() isn't it?

 

For that one I still do not have a good solution, ... hm ...

 

Regards, Rudi.


Earth is flat, pigs can fly, and Nuclear Power is SAFE!

Share this post


Link to post
Share on other sites
Jos

Not really...  The OP wants to modify the memory of an already running process, which is quit different from the intent of the thread you linked. :)

Jos


SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites
HankHell

well...first you would need to get the PID and handle of the program you're trying to edit... which should look something like this...

$pid = run("C:\LOCATION")

Func HWndProc($iPid, $iOption = 1, $sTitle = "", $iTimeout = 2000)
    Local $aReturn[1][1] = [[0]], $aWin, $hTimer = TimerInit()
    While 1
        $aWin = WinList($sTitle)
        For $i = 1 To $aWin[0][0]
            If $iPid = WinGetProcess($aWin[$i][1]) Then
                If $iOption = 1 OR ($iOption = 0 And $aWin[$i][0] <> "") Then
                    Return $aWin[$i][1]
                ElseIf $iOption = 2 Then
                    ReDim $aReturn[UBound($aReturn) + 1][2]
                    $aReturn[0][0] += 1
                    $aReturn[$aReturn[0][0]][0] = $aWin[$i][0]
                    $aReturn[$aReturn[0][0]][1] = $aWin[$i][1]
                EndIf
            EndIf
        Next
        If $iOption = 2 And $aReturn[0][0] > 0 Then Return $aReturn
        If TimerDiff($hTimer) > $iTimeout Then ExitLoop
        Sleep(Opt("WinWaitDelay"))
    WEnd
EndFunc

then you'd need to search that program's memory somehow, and show the addresses of data that matches for your integers

Edited by HankHell

Share this post


Link to post
Share on other sites
Jos

@HankHell,

Have you bothered to read the thread before posting this?
If Yes: What were you thinking?
If No: Do so now please and then tell me whether it was smart to post that answer.

Jos


SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource        Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×