Sign in to follow this  
Followers 0
felanor

Memory Reallocation

7 posts in this topic

Hi Everyone,

I am looking for some help. I need to reallocate the memory of a program during runtime. My goal is to open up some free space at the end of the process to create a code cave to work in. I'm not sure where to begin with this.

Any help would be greatly appreciated.

~Felanor

Share this post


Link to post
Share on other sites




Certifications: A+, Network+, Security+, Linux+, LPIC-1, MCSA | Languages: AutoIt, C, SQL, .NETBooks: AutoIt v3: Your Quick Guide - $7.99 - O'Reilly Media - September 2007-------->[u]AutoIt v3 Development - newbie to g33k[/u] - Coming Soon - Fate Publishing - Spring 2013UDF Libraries: SkypeCOM UDF Library | ADUC Computers OU Cleanup | Find PixelChecksumExamples: Skype COM Examples - Skype4COMLib Examples converted from VBS to AutoIt

Share this post


Link to post
Share on other sites

Felanor is already using this UDF, however it does not have an allocate memory function.

I have taken this function from Wouters memory UDF which may point us in the right direction:

Func _MemAlloc($ah_Mem, $i_Size, $i_Address = 0, $i_AT = 4096, $i_Protect = 0x40)
    Switch @OSVersion
        Case "WIN_ME", "WIN_98", "WIN_95"
            $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAlloc', 'int', $i_Address, 'int', $i_Size, 'int', BitOR($i_AT, 0x8000000), 'int', $i_Protect)
        Case Else
            $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAllocEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect)
    EndSwitch
    Return $av_Alloc[0]
EndFunc  ;==>_MemAlloc

Share this post


Link to post
Share on other sites

Or he could use the UDF's that comes with autoit:

#Include <Memory.au3>
#include <WinAPI.au3>
#include <Constants.au3>

$iPID = Run("notepad.exe")
ProcessWait($iPID)

$hProcess = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS, False, $iPID, False)
$iAddrPtr = _MemVirtualAllocEx($hProcess, 0, 1000, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE)

ConsoleWrite($iAddrPtr & @LF)

Allocates 1000 bytes(or close to it, as the system rounds the value down). Tested on notepad, check with a memory editor, and works fine, and $iAddrPtr contains the address where the memory has been located. muttley

Share this post


Link to post
Share on other sites

Awesome, thanks FreeFry. This is what Felanor and myself have both been looking for muttley

Share this post


Link to post
Share on other sites

No problem, I just recollected that there was something similar that was available in the default UDFs, and I had a look, and I found it. muttley

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0