Jump to content

Memory Reallocation


Recommended Posts

Hi Everyone,

I am looking for some help. I need to reallocate the memory of a program during runtime. My goal is to open up some free space at the end of the process to create a code cave to work in. I'm not sure where to begin with this.

Any help would be greatly appreciated.

~Felanor

Link to comment
Share on other sites

Certifications: A+, Network+, Security+, Linux+, LPIC-1, MCSA | Languages: AutoIt, C, SQL, .NETBooks: AutoIt v3: Your Quick Guide - $7.99 - O'Reilly Media - September 2007-------->[u]AutoIt v3 Development - newbie to g33k[/u] - Coming Soon - Fate Publishing - Spring 2013UDF Libraries: SkypeCOM UDF Library | ADUC Computers OU Cleanup | Find PixelChecksumExamples: Skype COM Examples - Skype4COMLib Examples converted from VBS to AutoIt
Link to comment
Share on other sites

Felanor is already using this UDF, however it does not have an allocate memory function.

I have taken this function from Wouters memory UDF which may point us in the right direction:

Func _MemAlloc($ah_Mem, $i_Size, $i_Address = 0, $i_AT = 4096, $i_Protect = 0x40)
    Switch @OSVersion
        Case "WIN_ME", "WIN_98", "WIN_95"
            $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAlloc', 'int', $i_Address, 'int', $i_Size, 'int', BitOR($i_AT, 0x8000000), 'int', $i_Protect)
        Case Else
            $av_Alloc = DllCall($ah_Mem[0], 'int', 'VirtualAllocEx', 'int', $ah_Mem[1], 'int', $i_Address, 'int', $i_Size, 'int', $i_AT, 'int', $i_Protect)
    EndSwitch
    Return $av_Alloc[0]
EndFunc  ;==>_MemAlloc
Link to comment
Share on other sites

Or he could use the UDF's that comes with autoit:

#Include <Memory.au3>
#include <WinAPI.au3>
#include <Constants.au3>

$iPID = Run("notepad.exe")
ProcessWait($iPID)

$hProcess = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS, False, $iPID, False)
$iAddrPtr = _MemVirtualAllocEx($hProcess, 0, 1000, $MEM_COMMIT, $PAGE_EXECUTE_READWRITE)

ConsoleWrite($iAddrPtr & @LF)

Allocates 1000 bytes(or close to it, as the system rounds the value down). Tested on notepad, check with a memory editor, and works fine, and $iAddrPtr contains the address where the memory has been located. muttley

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...