mov IPbufferADDR,ADDR Ipbuffer
I get error message on assemble. "invalid value ADDR"
IPbufferADDR is defined in .data? as dd ? Ipbuffer is a 8292 byte buffer containing data read from another process
I need the address of the first byte of the buffer, to start a search,
lol At least i think I think I need it lol im designing the search by mysef. And I don't know how its "supposed" to be done
I get error message on assemble. "invalid value ADDR"
IPbufferADDR is defined in .data? as dd ? Ipbuffer is a 8292 byte buffer containing data read from another process
I need the address of the first byte of the buffer, to start a search,
lol At least i think I think I need it lol im designing the search by mysef. And I don't know how its "supposed" to be done
try:
mov eax, ADDR Ipbuffer
mov IPbufferADDR, eax
or
lea eax, Ipbuffer
mov IPbufferADDR, eax
or even
mov eax, OFFSET Ipbuffer
mov IPbufferADDR, eax
:)
mov eax, ADDR Ipbuffer
mov IPbufferADDR, eax
or
lea eax, Ipbuffer
mov IPbufferADDR, eax
or even
mov eax, OFFSET Ipbuffer
mov IPbufferADDR, eax
:)
If you define the location at compile time (in either .data or .data?) then you don't need a register to load the address
That should work fine.
OFFSET if for variable addresses in simple statements. ADDR is a macro used along with the INVOKE macro, with ADDR being the smarter of the two (since OFFSET wouldn't load the address of a LOCAL).
MyVar DWORD ?
pMyVar DWORD OFFSET MyVar
That should work fine.
OFFSET if for variable addresses in simple statements. ADDR is a macro used along with the INVOKE macro, with ADDR being the smarter of the two (since OFFSET wouldn't load the address of a LOCAL).
I wanted to say thanks, the last 2 of strykers meathods work, and so did Ernie's. (I played with them all to see) and thanks Ernie for explaining why ADDR wouldn't work. I truly apreciate you're help. While Researching LEA to find out what it did/why it worked. I rediscovered something that I never knew I missed so much. Opcodes.HLP :)
After Getting the Pointer I needed. I wrote this;
mov ecx,0
mov eax,OFFSET Ipbuffer
mov IPbufferADDR,eax
mov eax,IPbufferADDR
mov IPbufferADDRtmp,eax
Search:
mov eax,
inc ecx
.IF ecx>=3000
jmp EndSearch
.ENDIF
.IF eax==0ffffffffh ;StartBlockIndicator
add IPbufferADDRtmp,10h
mov eax,
.IF eax==0ffffffffh ;Verification of Start block
mov eax,IPbufferADDRtmp
mov StartBlockADDR,eax
invoke wsprintf,ADDR StartBlockADDRString,ADDR DecimalFormat,StartBlockADDR
invoke MessageBox,0,addr StartBlockADDRString,ADDR StartBlockADDRString,MB_OK
.ELSE
sub IPbufferADDRtmp,10h
.ENDIF
.ELSE
add IPbufferADDRtmp,01h
jmp Search
.ENDIF
EndSearch:
ret
SearchBuffer endp
Is that how a Search should be done?
After Getting the Pointer I needed. I wrote this;
mov ecx,0
mov eax,OFFSET Ipbuffer
mov IPbufferADDR,eax
mov eax,IPbufferADDR
mov IPbufferADDRtmp,eax
Search:
mov eax,
inc ecx
.IF ecx>=3000
jmp EndSearch
.ENDIF
.IF eax==0ffffffffh ;StartBlockIndicator
add IPbufferADDRtmp,10h
mov eax,
.IF eax==0ffffffffh ;Verification of Start block
mov eax,IPbufferADDRtmp
mov StartBlockADDR,eax
invoke wsprintf,ADDR StartBlockADDRString,ADDR DecimalFormat,StartBlockADDR
invoke MessageBox,0,addr StartBlockADDRString,ADDR StartBlockADDRString,MB_OK
.ELSE
sub IPbufferADDRtmp,10h
.ENDIF
.ELSE
add IPbufferADDRtmp,01h
jmp Search
.ENDIF
EndSearch:
ret
SearchBuffer endp
Is that how a Search should be done?
ok mebey I spoke to soon.
They all return addresses. it would appear that they are bad addresses.
After trying to figure out what was wrong with my search routine ALL day yesterday. LOL I decided to do the search myself. so I got a ram viewer and looked in my process after I had loaded the block in question. and I find the block I am looking for at address 406800 which means that the start address for the buffer HAS to be ABOVE this. Except those all return 4219771 which is WAAYYYYY down below wher i actually found the info. What am I missing here?
They all return addresses. it would appear that they are bad addresses.
After trying to figure out what was wrong with my search routine ALL day yesterday. LOL I decided to do the search myself. so I got a ram viewer and looked in my process after I had loaded the block in question. and I find the block I am looking for at address 406800 which means that the start address for the buffer HAS to be ABOVE this. Except those all return 4219771 which is WAAYYYYY down below wher i actually found the info. What am I missing here?
Uhh! But if your going to search something in a byte stream, you have to do something like this:
For example:
lea esi, str
then scan until you hit a null pointer
For example:
string - zvvvvvvvahhh
letter to find - a
lea esi, str
then scan until you hit a null pointer
xor ecx, ecx
@@:
mov al, BYTE PTR [esi+ecx]
or al, al
jz @F
cmp al, 'S'
je @F
inc ecx
jmp @B
@@:
alright. here is the source. the problem is (I believe) in SearchBuffer proc
A.) I get an Incorrect address for my pointer.
B.) Even If I Force in a good address manually. The searsh proc dosen't find the String I'm looking for
A.) I get an Incorrect address for my pointer.
B.) Even If I Force in a good address manually. The searsh proc dosen't find the String I'm looking for
Hmm! I retraced your code and everythings fine except I don't have that game you specified to read the memory from. Too bad, I don't have any experience on reading other processes memory :(. Maybe someone can help you who has experience this. As far as I can go this is where I'll stop. :(
Maybe these guidelines will help:
1. Since you said your searching for a string. Are you sure your string search algorithm works fine.
2. Maybe the memory you specified to read in, is located on other parts in memory.
Maybe these guidelines will help:
1. Since you said your searching for a string. Are you sure your string search algorithm works fine.
2. Maybe the memory you specified to read in, is located on other parts in memory.
thanks for your help stryker. I edited my search proc to
and it apears to work now. now Im working on getting it displayed
SearchBuffer proc
mov eax,OFFSET Ipbuffer
mov IPbufferADDR,eax
mov ebx,0ffffffffh
xor ecx,ecx
mov edi,IPbufferADDR
Search:
mov eax,DWORD PTR [edi]
inc ecx
.IF ecx>=9000
jmp EndSearch
.ENDIF
.If eax==ebx
add edi,10h
mov eax,DWORD PTR [edi]
.IF eax==ebx
sub edi,10h
mov StartBlockADDR,edi
jmp EndSearch
.ELSE
sub edi,10h
.ENDIF
.ELSE
inc edi
jmp Search
.ENDIF
EndSearch:
ret
SearchBuffer endp
and it apears to work now. now Im working on getting it displayed