Oldschool Posted March 17, 2008 Share Posted March 17, 2008 If I wanted to erase a block of process memory (4096 bytes in this case), would this do it? $pBuffer = DllStructCreate('byte[4096]') _WinAPI_WriteProcessMemory($hProcess, $pBaseAddress, DllStructGetPtr($pBuffer), $iSize, $iWritten, $sBuffer = "ptr") If not, what's the best way for me to do this? Link to comment Share on other sites More sharing options...
Emiel Wieldraaijer Posted March 17, 2008 Share Posted March 17, 2008 I don't know the anwser but maybe Memory Fusion will give you a hint http://www.autoitscript.com/forum/index.ph...amp;showfile=65 Best regards,Emiel Wieldraaijer Link to comment Share on other sites More sharing options...
FreeFry Posted March 18, 2008 Share Posted March 18, 2008 If I wanted to erase a block of process memory (4096 bytes in this case), would this do it? $pBuffer = DllStructCreate('byte[4096]') _WinAPI_WriteProcessMemory($hProcess, $pBaseAddress, DllStructGetPtr($pBuffer), $iSize, $iWritten, $sBuffer = "ptr") If not, what's the best way for me to do this?Why not try it first? You could use a memory viewer/editor to see if it worked... Link to comment Share on other sites More sharing options...
The Kandie Man Posted March 18, 2008 Share Posted March 18, 2008 If I wanted to erase a block of process memory (4096 bytes in this case), would this do it? $pBuffer = DllStructCreate('byte[4096]') _WinAPI_WriteProcessMemory($hProcess, $pBaseAddress, DllStructGetPtr($pBuffer), $iSize, $iWritten, $sBuffer = "ptr")oÝ÷ Øç¢Ü!jÝý²Ø^më-Á¬¢¹¶h¶¬þ«¨µàå+k¹ËBæz)íè^âë§uêëzf«Ê®¢×¢·¥y«jYhq«^vg¦¢¼£ºËlzÛaz·º¹Þvö«¦åzÚ4þ«¨µæ®¶sbb33c·'VffW"ÒFÆÅ7G'V7D7&VFRb33¶'FU³CeÒb33²¥õväõw&FU&ö6W74ÖVÖ÷'b33c¶&ö6W72Âb33c·&6TFG&W72ÂFÆÅ7G'V7DvWEG"b33c·'VffW"Âb33c¶6¦RÂb33c¶w&GFVâÂb33c·4'VffW"ÒgV÷C·G"gV÷C²¢b33c·'VffW"Ò¶g&VRÆÆö6FVBÖVÖ÷' -The Kandie Man ;-) "So man has sown the wind and reaped the world. Perhaps in the next few hours there will no remembrance of the past and no hope for the future that might have been." & _"All the works of man will be consumed in the great fire after which he was created." & _"And if there is a future for man, insensitive as he is, proud and defiant in his pursuit of power, let him resolve to live it lovingly, for he knows well how to do so." & _"Then he may say once more, 'Truly the light is sweet, and what a pleasant thing it is for the eyes to see the sun.'" - The Day the Earth Caught Fire Link to comment Share on other sites More sharing options...
FreeFry Posted March 18, 2008 Share Posted March 18, 2008 I think what he's meaning is that he wants to zero-out an area in another applications memory, not deleting a struct.. Link to comment Share on other sites More sharing options...
Oldschool Posted March 18, 2008 Author Share Posted March 18, 2008 I think what he's meaning is that he wants to zero-out an area in another applications memory, not deleting a struct.. You are correct there... I guess if it doesn't work plain, I could always do something like this, which will definitely work: local $data For $i = 1 To 4096 $data &= $i-$i Next DllStructSetData($pBuffer, 1, $data) My head works a lot better in the first part of the day @Emiel That's a useful link, thanks. Link to comment Share on other sites More sharing options...
FreeFry Posted March 18, 2008 Share Posted March 18, 2008 The struct is already filled with zeros when it's created. You can check it with this code: $myStruct = DllStructCreate("byte[4096]") ConsoleWrite("$myStruct size: " & DllStructGetSize($myStruct) & @LF & "$myStruct Data: " & DllStructGetData($myStruct, 1) & @LF) Link to comment Share on other sites More sharing options...
Oldschool Posted March 19, 2008 Author Share Posted March 19, 2008 The struct is already filled with zeros when it's created. You can check it with this code: $myStruct = DllStructCreate("byte[4096]") ConsoleWrite("$myStruct size: " & DllStructGetSize($myStruct) & @LF & "$myStruct Data: " & DllStructGetData($myStruct, 1) & @LF) I get no crash, but it does not exactly erase it. Looks like that when I read it: Link to comment Share on other sites More sharing options...
FreeFry Posted March 21, 2008 Share Posted March 21, 2008 You're probably writing over memory that the application reads/executes, and that causes the crash. I did a little test on the calculator, and it doesn't crash(mainly because the "code cave" is huge.): #Include <WinAPI.au3> Run("calc.exe") ProcessWait("calc.exe") Dim $ProcessID = ProcessExists("calc.exe") Dim $ProcesshWnd = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS, False, $ProcessID, False) Dim $dataStruct = DllStructCreate("byte[4096]"), $dataWritten = 0 _WinAPI_WriteProcessMemory($ProcesshWnd, 0x01015018, DllStructGetPtr($dataStruct), DllStructGetSize($dataStruct), $dataWritten) ConsoleWrite("Data written: " & $DataWritten & " bytes. Error: " & @error & @LF) _WinAPI_CloseHandle($ProcesshWnd) $dataStruct = 0 And it does write 0 to the memory in the range, no need to fill the struct with zeros first. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now