Jump to content

Recommended Posts

Posted (edited)

#include <windows.h>
#include <iostream.h>
int main()
{
   DWORD pid;
   DWORD bytes;
   HANDLE _handle;
   DWORD off1=0x6FC11024;
   BYTE  ofw1[9]={0x66,0x83,0xF9,0x2D,0x90,0x74,0x2F,0xEB,0xDB};

   DWORD off2=0x6FC11008;
   BYTE  ofw2[8]={0x66,0x89,0x0E,0xE9,0x9E,0x04,0,0};

   DWORD off3=0x6FC1105A;
   BYTE  ofw3[8]={0xE9,0xC5,0x09,0,0};

   DWORD off4=0x6FC11A24;
   BYTE  ofw4[12]={0x66,0xB9,0xFF,0,0x66,0x89,0x0E,0xE9,0x7E,0xFA,0xFF,0xFF};

   DWORD off5=0x6FC114AB;
   BYTE  ofw5[3]={0xEB,0x2B,0x90};

   DWORD off6=0x6FC114D8;
   BYTE  ofw6[5]={0xE9,0x47,0xFB,0xFF,0xFF};

   HWND window=FindWindow("class",NULL);

   GetWindowThreadProcessId(window,&pid);

   _handle=OpenProcess(PROCESS_ALL_ACCESS, 0, pid);

   WriteProcessMemory(_handle,(void*)off1,(void*)&ofw1,9,&bytes);
   WriteProcessMemory(_handle,(void*)off2,(void*)&ofw2,8,&bytes);
   WriteProcessMemory(_handle,(void*)off3,(void*)&ofw3,8,&bytes);
   WriteProcessMemory(_handle,(void*)off4,(void*)&ofw4,12,&bytes);
   WriteProcessMemory(_handle,(void*)off5,(void*)&ofw5,3,&bytes);
   WriteProcessMemory(_handle,(void*)off6,(void*)&ofw6,5,&bytes);
   return 0;
}

I think it's C or C++? I really have no idea lol. But could someone please get me started or point me to the correct functions in AutoIt.

Thanks.

Edited by Burrup

qq

Posted (edited)

Thanks w0uter, I figured I would need to use some kind of memory function's such as your's :). Would you happen to know what language it is?

Edited by Burrup

qq

Posted (edited)

what does it do ?

if i like the awnser ill try to do it :evil:

cuz im not running commands that might mess up windows.

nor can i ever check if it was correct :)

EDIT:

got this far but i am scared to continue without me knowing what it will do.

Dim $pid;
Dim $bytes;
Dim $_handle;

Dim $off1 = 0x6FC11024;
Dim $ofw1[9] = [0x66, 0x83, 0xF9, 0x2D, 0x90, 0x74, 0x2F, 0xEB, 0xDB];

Dim $off2 = 0x6FC11008;
Dim $ofw2[8] = [0x66, 0x89, 0x0E, 0xE9, 0x9E, 0x04, 0, 0];

Dim $off3 = 0x6FC1105A;
Dim $ofw3[8] = [0xE9, 0xC5, 0x09, 0, 0];

Dim $off4 = 0x6FC11A24;
Dim $ofw4[12] = [0x66, 0xB9, 0xFF, 0, 0x66, 0x89, 0x0E, 0xE9, 0x7E, 0xFA, 0xFF, 0xFF];

Dim $off5 = 0x6FC114AB;
Dim $ofw5[3] = [0xEB, 0x2B, 0x90];

Dim $off6 = 0x6FC114D8;
Dim $ofw6[5] = [0xE9, 0x47, 0xFB, 0xFF, 0xFF];

Dim $v_Struct1 = DllStructCreate ('str')
DllStructSetData($v_Struct1, 1, "class")
Dim $window = DllCall('user32.dll', 'hwnd', 'FindWindow', 'ptr', DllStructGetPtr ($v_Struct1, 1), 'str', '')
$window = $window[0]
DllStructDelete ($v_Struct1)

Dim $v_Struct2 = DllStructCreate ('dword')
DllCall('user32.dll', 'int', 'GetWindowThreadProcessId', 'hwnd', $window, 'ptr', DllStructGetPtr ($v_Struct2, 1))
$pid = DllStructGetData ($v_Struct2, 1)
DllStructDelete ($v_Struct2)

$_handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', 0x20 + 0x8, 'int', 0, 'int', $pid)
$_handle = $_handle[0]
Edited by w0uter

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Posted (edited)

Thanks. Well I don't know the specific details about what it does but it change's the "-" character (hyphen/dash) to be interpreted as "ÿ" (Alt + 0255) for a certain window specified by it's class name.

Edited by Burrup

qq

Posted (edited)

on writing i get:

ERROR_INVALID_ADDRESS

487

Attempt to access invalid address.

Dim $pid;
Dim $bytes;
Dim $_handle;

Dim $off1 = 0x6FC11024;
Dim $ofw1[9] = [0x66, 0x83, 0xF9, 0x2D, 0x90, 0x74, 0x2F, 0xEB, 0xDB];

Dim $off2 = 0x6FC11008;
Dim $ofw2[8] = [0x66, 0x89, 0x0E, 0xE9, 0x9E, 0x04, 0, 0];

Dim $off3 = 0x6FC1105A;
Dim $ofw3[8] = [0xE9, 0xC5, 0x09, 0, 0];

Dim $off4 = 0x6FC11A24;
Dim $ofw4[12] = [0x66, 0xB9, 0xFF, 0, 0x66, 0x89, 0x0E, 0xE9, 0x7E, 0xFA, 0xFF, 0xFF];

Dim $off5 = 0x6FC114AB;
Dim $ofw5[3] = [0xEB, 0x2B, 0x90];

Dim $off6 = 0x6FC114D8;
Dim $ofw6[5] = [0xE9, 0x47, 0xFB, 0xFF, 0xFF];

Dim $v_Struct1 = DllStructCreate ('str')
DllStructSetData($v_Struct1, 1, "Notepad")
Dim $window = DllCall('user32.dll', 'hwnd', 'FindWindow', 'ptr', DllStructGetPtr ($v_Struct1, 1), 'str', '')
$window = $window[0]
DllStructDelete ($v_Struct1)

Dim $v_Struct2 = DllStructCreate ('dword')
DllCall('user32.dll', 'int', 'GetWindowThreadProcessId', 'hwnd', $window, 'ptr', DllStructGetPtr ($v_Struct2, 1))
$pid = DllStructGetData ($v_Struct2, 1)
$pid = 2664
DllStructDelete ($v_Struct2)

$_handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', 0x20 + 0x8, 'int', 0, 'int', $pid)
$_handle = $_handle[0]

$v_callStruct = DllStructCreate('byte[9]')

For $i = 0 to 8
    DllStructSetData($v_callStruct, 1, $ofw1[$i], $i)
Next

DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $_handle, 'int', $off1, 'ptr', DllStructGetPtr($v_callStruct, 1), 'int', 9, 'int', '');
$var = DllCall('kernel32.dll', 'int', 'GetLastError')
ConsoleWrite($var[0] & @LF)

#cs
    WriteProcessMemory (_handle, (void *) off2, (void *) & ofw2, 8, &bytes);
    WriteProcessMemory (_handle, (void *) off3, (void *) & ofw3, 8, &bytes);
    WriteProcessMemory (_handle, (void *) off4, (void *) & ofw4, 12, &bytes);
    WriteProcessMemory (_handle, (void *) off5, (void *) & ofw5, 3, &bytes);
    WriteProcessMemory (_handle, (void *) off6, (void *) & ofw6, 5, &bytes);
    Return 0;
    }

its verry ugly; inefficent; getting the PID doesnt work.

but could you test it with the app you want.

(just look up the pid in taskmngr.exe and enter it at line 32)

Edited by w0uter

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Posted

Thanks w0uter but still not working, I don't get any error's but nothing appear's to change.

$Pid now work's and I use 0xFFF instead of 0x20 + 0x8 for the OpenProcess call, 0xFFF meaning PROCESS_ALL_ACCESS. I also finished/added the last WriteProcessMemory call's. Does it look correct?

Thanks again.

CODE
Dim $pid;

Dim $bytes;

Dim $_handle;

Dim $off1 = 0x6FC11024;

Dim $ofw1[9] = [0x66, 0x83, 0xF9, 0x2D, 0x90, 0x74, 0x2F, 0xEB, 0xDB];

Dim $off2 = 0x6FC11008;

Dim $ofw2[8] = [0x66, 0x89, 0x0E, 0xE9, 0x9E, 0x04, 0, 0];

Dim $off3 = 0x6FC1105A;

Dim $ofw3[8] = [0xE9, 0xC5, 0x09, 0, 0];

Dim $off4 = 0x6FC11A24;

Dim $ofw4[12] = [0x66, 0xB9, 0xFF, 0, 0x66, 0x89, 0x0E, 0xE9, 0x7E, 0xFA, 0xFF, 0xFF];

Dim $off5 = 0x6FC114AB;

Dim $ofw5[3] = [0xEB, 0x2B, 0x90];

Dim $off6 = 0x6FC114D8;

Dim $ofw6[5] = [0xE9, 0x47, 0xFB, 0xFF, 0xFF];

Dim $v_Struct1 = DllStructCreate ('str')

DllStructSetData($v_Struct1, 1, "class")

Dim $window = DllCall('user32.dll', 'hwnd', 'FindWindow', 'ptr', DllStructGetPtr ($v_Struct1,

1), 'str', '')

$window = $window[0]

DllStructDelete ($v_Struct1)

Dim $v_Struct2 = DllStructCreate ('dword')

DllCall('user32.dll', 'int', 'GetWindowThreadProcessId', 'hwnd', $window, 'ptr', DllStructGetPtr

($v_Struct2, 1))

$pid = DllStructGetData ($v_Struct2, 1)

DllStructDelete ($v_Struct2)

$_handle = DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', 0xFFF, 'int', 0, 'int', $pid)

$_handle = $_handle[0]

$v_callStruct1 = DllStructCreate('byte[9]')

$v_callStruct2 = DllStructCreate('byte[8]')

$v_callStruct3 = DllStructCreate('byte[8]')

$v_callStruct4 = DllStructCreate('byte[12]')

$v_callStruct5 = DllStructCreate('byte[3]')

$v_callStruct6 = DllStructCreate('byte[5]')

For $i = 0 to 8

DllStructSetData($v_callStruct1, 1, $ofw1[$i], $i)

Next

For $i = 0 to 7

DllStructSetData($v_callStruct2, 1, $ofw2[$i], $i)

DllStructSetData($v_callStruct3, 1, $ofw3[$i], $i)

Next

For $i = 0 to 11

DllStructSetData($v_callStruct4, 1, $ofw4[$i], $i)

Next

For $i = 0 to 2

DllStructSetData($v_callStruct5, 1, $ofw5[$i], $i)

Next

For $i = 0 to 4

DllStructSetData($v_callStruct6, 1, $ofw6[$i], $i)

Next

DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $_handle, 'int', $off1, 'ptr',

DllStructGetPtr($v_callStruct1, 1), 'int', 9, 'int', '');

DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $_handle, 'int', $off2, 'ptr',

DllStructGetPtr($v_callStruct2, 1), 'int', 8, 'int', '');

DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $_handle, 'int', $off3, 'ptr',

DllStructGetPtr($v_callStruct3, 1), 'int', 8, 'int', '');

DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $_handle, 'int', $off4, 'ptr',

DllStructGetPtr($v_callStruct4, 1), 'int', 12, 'int', '');

DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $_handle, 'int', $off5, 'ptr',

DllStructGetPtr($v_callStruct5, 1), 'int', 3, 'int', '');

DllCall('kernel32.dll', 'int', 'WriteProcessMemory', 'int', $_handle, 'int', $off6, 'ptr',

DllStructGetPtr($v_callStruct6, 1), 'int', 5, 'int', '');

qq

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...