Okay what I want to do is this:
1. Store a memory address into a buffer (lets say the address I want to store is 00C72134h. the name of the buffer is address)
2. Add a hex value to that address in the buffer (lets say I want to add 14h to 00C72134h)
3. Print out the result.
How can I do this? I cannot just do:
invoke MessageBox,0,offset address+14h,0,MB_OK
because that will not add it correctly. Does anyone know how I could accomplish this? Thx very much in advance.
RIF
1. Store a memory address into a buffer (lets say the address I want to store is 00C72134h. the name of the buffer is address)
2. Add a hex value to that address in the buffer (lets say I want to add 14h to 00C72134h)
3. Print out the result.
How can I do this? I cannot just do:
invoke MessageBox,0,offset address+14h,0,MB_OK
because that will not add it correctly. Does anyone know how I could accomplish this? Thx very much in advance.
RIF
Do you want to read whats at address (offset + 14h) or read what is new value at offset after adding 14h to that value?
resistance_is_futile,
Here you go. Short 'n sweet. Ratch
Here you go. Short 'n sweet. Ratch
@ EQU OFFSET
.DATA?
SPIEL DB 80 DUP (?)
.DATA
FORMAT DB 'The number is 0%-XH',0
DISP DB 'DISPLAY NUMBER',0
ALIGN 4
BUFFER DD $
.CODE
START:
XOR EBP,EBP
INVOKE wsprintf,@ SPIEL,@ FORMAT,[BUFFER]
INVOKE MessageBox,EBP,@ SPIEL,@ DISP,MB_OK
ADD [BUFFER],014H
INVOKE wsprintf,@ SPIEL,@ FORMAT,[BUFFER]
INVOKE MessageBox,EBP,@ SPIEL,@ DISP,MB_OK
INVOKE ExitProcess,EBP
END STARTwell i wanna add to it then read from it then write to it as well..
Ill try using that see what it does...
ADD [BUFFER],014H
Ill try using that see what it does...
this is what I tried but it didnt work:
I also tried a lot of variations with the writeprocessmemory api including this:
Neither of these worked...Any help is greatly appreciated..
if wParam == 1056
ADD [myname],014H
invoke WriteProcessMemory,proggieprocess,offset myname,offset tagger,1,NULL
.endif
I also tried a lot of variations with the writeprocessmemory api including this:
if wParam == 1056
invoke WriteProcessMemory,proggieprocess,offset myname+014h,offset tagger,1,NULL
.endif
Neither of these worked...Any help is greatly appreciated..
resistance_is_futile,
You need to become friends with a good debugger. Procrastination is not productive. Ratch
You need to become friends with a good debugger. Procrastination is not productive. Ratch
this is more like what i wanna do:
Okay I edited my post... It was just a stupid question. Okay this code should compile. If you try it out, it works except one thing. It adds a 1 to the end of the hex string in JUMP. I dont know why..Any help is appreciated..
NM I got it.. Ill post the new working code above...Thx for all the help..
.386
.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\gdi32.inc
include \masm32\include\shell32.inc
include \masm32\include\Comctl32.inc
include \masm32\include\comdlg32.inc
include \masm32\include\advapi32.inc
include \MASM32\INCLUDE\oleaut32.inc
include \masm32\include\winmm.inc
include \MASM32\INCLUDE\MASM32.INC
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\gdi32.lib
includelib \masm32\lib\shell32.lib
includelib \masm32\lib\Comctl32.lib
includelib \masm32\lib\comdlg32.lib
includelib \masm32\lib\advapi32.lib
includelib \MASM32\LIB\oleaut32.lib
includelib \masm32\lib\winmm.lib
includelib \masm32\lib\MASM32.LIB
.const
@ EQU OFFSET
.DATA?
SPIEL DB 80 DUP (?)
HELLO DB 80 DUP (?)
.DATA
FORMAT DB 'The number is 00%-Xh',0
DISP DB 'DISPLAY NUMBER',0
ALIGN 4
BUFFER DD ?
JUMP DB 'C72134',0
.CODE
START:
XOR EBP,EBP
invoke htodw, offset JUMP
mov [BUFFER], eax
invoke MessageBox,EBP,@ BUFFER,@ DISP,MB_OK
INVOKE wsprintf,@ SPIEL,@ FORMAT,[BUFFER]
INVOKE MessageBox,EBP,@ SPIEL,@ DISP,MB_OK
ADD [BUFFER],014h
INVOKE wsprintf,@ SPIEL,@ FORMAT,[BUFFER]
INVOKE MessageBox,EBP,@ SPIEL,@ DISP,MB_OK
INVOKE ExitProcess,EBP
END START
Okay I edited my post... It was just a stupid question. Okay this code should compile. If you try it out, it works except one thing. It adds a 1 to the end of the hex string in JUMP. I dont know why..Any help is appreciated..
NM I got it.. Ill post the new working code above...Thx for all the help..
resistance_is_futile,
Looks to me like you are adding 014C to the first byte of a eight byte ASCII string, and then expect it to display the number increased by 014c. It doesn't happen that way. All you are doing is changing the first ASCII character into something wildly different. If you want to show a increase in display, you should use an ASCII string addition routine. Otherwise you must first convert the string into a binary number, do the addition, and then convert it back to ASCII for display. Ratch
Looks to me like you are adding 014C to the first byte of a eight byte ASCII string, and then expect it to display the number increased by 014c. It doesn't happen that way. All you are doing is changing the first ASCII character into something wildly different. If you want to show a increase in display, you should use an ASCII string addition routine. Otherwise you must first convert the string into a binary number, do the addition, and then convert it back to ASCII for display. Ratch
resistance_is_futile,
Actually, it is a ASCII string that represents a number in HEX format. I checked out what you said with a debugger called OllyDbg, and it shows no change in the ASCII string beginning at address JUMP during the entire run of the program. Ratch
Actually, it is a ASCII string that represents a number in HEX format. I checked out what you said with a debugger called OllyDbg, and it shows no change in the ASCII string beginning at address JUMP during the entire run of the program. Ratch
Thats the thing I dont want to display it. I want to take that address at jump, at 14h to it, then with the new address, use WriteProcessMemory to write a value to a different program. I dont want to display anything..But the way u were saying was to use dwtoa or something of the sort? just curious...Maybe you could fix my code to where it would actually work because it works in the visual sense, but when I go to write something to that end address, it does not work...
This is what Im trying:
For some reason that does not work even though I get the address I am looking for and everything. Does not seem to work..
This is what Im trying:
BUFFER DD ?
FORMAT DB '00%-Xh',0
.if wParam == 1056 ;If button is pushed
invoke htodw, offset mynameaddie ;Convert the address stored in the buffer into dword instd of hex
mov [BUFFER], eax ; Move the result into BUFFER
INVOKE wsprintf,offset SPIEL,offset FORMAT,[BUFFER]
ADD [BUFFER],014h ; Add 014H to BUFFER
INVOKE wsprintf,offset SPIEL,offset FORMAT,[BUFFER]
invoke SetDlgItemText,hWin,IDC_STC104,offset SPIEL ; Set the text of a dlg item to the finished product
invoke WriteProcessMemory,theprocess,offset SPIEL,addr abc,2,NULL ; write abc to the address SPIEL in theprocess..
For some reason that does not work even though I get the address I am looking for and everything. Does not seem to work..
resistance_is_futile,
Your code is incomplete. I would like to know what format the data is at mynameaddie. I think your best bet is to get a good debugger. Then you can see what is really happening. Ratch
Your code is incomplete. I would like to know what format the data is at mynameaddie. I think your best bet is to get a good debugger. Then you can see what is really happening. Ratch
invoke htodw, offset mynameaddie ;Convert the address stored in the buffer into dword instd of hexI know it is...The complete project is too big to be posted. I will post everything I can though.. That is if you still want to help..I will try my best to give you all the info you need..The format of the data in mynameaddie is a memory address (for example C72664. The format adds the two zeros in front that are needed and the h on the back). 'mynameaddie' is found by going through about 50 different addresses, checking to see if the hex string (15 bytes will be read from each individual address) matches one that is specified and if it does, the address that the hex string is it is stored in 'mynameaddie'. If there is anything else u need to know just let me know and I will provide it.
resistance_is_futile,
You need to get a debugger, or waste a lot of time trying to explain what you are doing and sending examples. Ratch
You need to get a debugger, or waste a lot of time trying to explain what you are doing and sending examples. Ratch
well I know this seem like a dumb question but how do I debug my program? I have ollydbg so I already have that part. I am also familiar with it. I never really had to debug any of my programs before or never used one for that purpose. Thx
RIF
RIF
RIF,
Start OllyDbg. Press F3. Load in your program. Hit F8 to single step, F2 to set breakpoints, F4 to go to a designated point, and F9 to go until program finishes or hits a breakpoint, and Control_F2 to reload. Different windows show the CPU, registers, stack, and the DATA area. Look at the menu items, it almost explains itself. Use with your program listing so you know where you are in your program. Experiment a little. It's a good thing to become familiar with. Ratch
Start OllyDbg. Press F3. Load in your program. Hit F8 to single step, F2 to set breakpoints, F4 to go to a designated point, and F9 to go until program finishes or hits a breakpoint, and Control_F2 to reload. Different windows show the CPU, registers, stack, and the DATA area. Look at the menu items, it almost explains itself. Use with your program listing so you know where you are in your program. Experiment a little. It's a good thing to become familiar with. Ratch
In that last bit of code you posted (comments removed for clarity)
>.if wParam == 1056
>invoke htodw, offset mynameaddie
>mov , eax
>INVOKE wsprintf,offset SPIEL,offset FORMAT,
>ADD ,014h
>INVOKE wsprintf,offset SPIEL,offset FORMAT,
>invoke SetDlgItemText,hWin,IDC_STC104,offset SPIEL ; >Set the text of a dlg item to the finished product
After the first "INVOKE wsprintf", where you transfer a string to SPIEL, you immediately follow it with another "INVOKE wsprintf" transferring some other string to the same SPIEL overwriting the first string without having used it. Thus, only the second string sent to SPIEL would be used by the SetDlgItemText function.
Also, your format-control string ['00%-Xh',0] may not be used as you think (or may not be used at all) since it does not start with the "%" sign.
Raymond
>.if wParam == 1056
>invoke htodw, offset mynameaddie
>mov , eax
>INVOKE wsprintf,offset SPIEL,offset FORMAT,
>ADD ,014h
>INVOKE wsprintf,offset SPIEL,offset FORMAT,
>invoke SetDlgItemText,hWin,IDC_STC104,offset SPIEL ; >Set the text of a dlg item to the finished product
After the first "INVOKE wsprintf", where you transfer a string to SPIEL, you immediately follow it with another "INVOKE wsprintf" transferring some other string to the same SPIEL overwriting the first string without having used it. Thus, only the second string sent to SPIEL would be used by the SetDlgItemText function.
Also, your format-control string ['00%-Xh',0] may not be used as you think (or may not be used at all) since it does not start with the "%" sign.
Raymond
okay well it is displayed right in the dialog item just how I want it but when I try to WriteProcessMemory to the address, it does not work. What it does is this: converts my hex value to ascii (a regular decimal number) because wsprintf needs it that way. Then it moves that number into BUFFER. then it uses the format to change it to look right (00 in front of it and h in back so I can use WriteProcessMemory). After that, I add 14 to it. Then format it again. You think I should add 14 to SPIEL instead of BUFFER??? I think that may be the problem.
Forgive me if im wrong here, i gave up reading it half way thru (its the booze ;) )
However, im still sober enough to give you a solution..
If i understood the problem, your getting an address as a string (00C74231h) and want to use is quantitiatively in an application.
The quick and dirty solution is to use the VARIANT api's...
I will admit, i didnt test this, but from my experinence with Variants lately, this should work..
:alright:
NaN
However, im still sober enough to give you a solution..
If i understood the problem, your getting an address as a string (00C74231h) and want to use is quantitiatively in an application.
The quick and dirty solution is to use the VARIANT api's...
LOCAL buff[512] :BTYE
.data
srcdata db "00401234",0 ; a moch address
tst VARIANT <VT_ERROR, 0,0,0, <0>>
.code
invoke StrLen, addr srcdata
mov edx, eax
invoke MultiByteToWideChar, CP_ACP, 0, addr srcdata, -1, addr buff, edx
mov tst.vt, VT_BSTR
mov tst.lVar, offset buff
invoke VariantChangeType, addr tst, addr tst, NULL, VT_UI4
mov eax, tst.lVal
; eax == 8 char string converted to DWORD
I will admit, i didnt test this, but from my experinence with Variants lately, this should work..
:alright:
NaN