Oldschool Posted March 17, 2008 Posted March 17, 2008 If I wanted to erase a block of process memory (4096 bytes in this case), would this do it? $pBuffer = DllStructCreate('byte[4096]') _WinAPI_WriteProcessMemory($hProcess, $pBaseAddress, DllStructGetPtr($pBuffer), $iSize, $iWritten, $sBuffer = "ptr") If not, what's the best way for me to do this?
Emiel Wieldraaijer Posted March 17, 2008 Posted March 17, 2008 I don't know the anwser but maybe Memory Fusion will give you a hint http://www.autoitscript.com/forum/index.ph...amp;showfile=65 Best regards,Emiel Wieldraaijer
FreeFry Posted March 18, 2008 Posted March 18, 2008 If I wanted to erase a block of process memory (4096 bytes in this case), would this do it? $pBuffer = DllStructCreate('byte[4096]') _WinAPI_WriteProcessMemory($hProcess, $pBaseAddress, DllStructGetPtr($pBuffer), $iSize, $iWritten, $sBuffer = "ptr") If not, what's the best way for me to do this?Why not try it first? You could use a memory viewer/editor to see if it worked...
The Kandie Man Posted March 18, 2008 Posted March 18, 2008 If I wanted to erase a block of process memory (4096 bytes in this case), would this do it? $pBuffer = DllStructCreate('byte[4096]') _WinAPI_WriteProcessMemory($hProcess, $pBaseAddress, DllStructGetPtr($pBuffer), $iSize, $iWritten, $sBuffer = "ptr")oÝ÷ Øç¢Ü!jÝý²Ø^më-Á¬¢¹¶h¶¬þ«¨µàå+k¹ËBæz)íè^âë§uêëzf«Ê®¢×¢·¥y«jYhq«^vg¦¢¼£ºËlzÛaz·º¹Þvö«¦åzÚ4þ«¨µæ®¶sbb33c·'VffW"ÒFÆÅ7G'V7D7&VFRb33¶'FU³CeÒb33²¥õväõw&FU&ö6W74ÖVÖ÷'b33c¶&ö6W72Âb33c·&6TFG&W72ÂFÆÅ7G'V7DvWEG"b33c·'VffW"Âb33c¶6¦RÂb33c¶w&GFVâÂb33c·4'VffW"ÒgV÷C·G"gV÷C²¢b33c·'VffW"Ò¶g&VRÆÆö6FVBÖVÖ÷' -The Kandie Man ;-) "So man has sown the wind and reaped the world. Perhaps in the next few hours there will no remembrance of the past and no hope for the future that might have been." & _"All the works of man will be consumed in the great fire after which he was created." & _"And if there is a future for man, insensitive as he is, proud and defiant in his pursuit of power, let him resolve to live it lovingly, for he knows well how to do so." & _"Then he may say once more, 'Truly the light is sweet, and what a pleasant thing it is for the eyes to see the sun.'" - The Day the Earth Caught Fire
FreeFry Posted March 18, 2008 Posted March 18, 2008 I think what he's meaning is that he wants to zero-out an area in another applications memory, not deleting a struct..
Oldschool Posted March 18, 2008 Author Posted March 18, 2008 I think what he's meaning is that he wants to zero-out an area in another applications memory, not deleting a struct.. You are correct there... I guess if it doesn't work plain, I could always do something like this, which will definitely work: local $data For $i = 1 To 4096 $data &= $i-$i Next DllStructSetData($pBuffer, 1, $data) My head works a lot better in the first part of the day @Emiel That's a useful link, thanks.
FreeFry Posted March 18, 2008 Posted March 18, 2008 The struct is already filled with zeros when it's created. You can check it with this code: $myStruct = DllStructCreate("byte[4096]") ConsoleWrite("$myStruct size: " & DllStructGetSize($myStruct) & @LF & "$myStruct Data: " & DllStructGetData($myStruct, 1) & @LF)
Oldschool Posted March 19, 2008 Author Posted March 19, 2008 The struct is already filled with zeros when it's created. You can check it with this code: $myStruct = DllStructCreate("byte[4096]") ConsoleWrite("$myStruct size: " & DllStructGetSize($myStruct) & @LF & "$myStruct Data: " & DllStructGetData($myStruct, 1) & @LF) I get no crash, but it does not exactly erase it. Looks like that when I read it:
FreeFry Posted March 21, 2008 Posted March 21, 2008 You're probably writing over memory that the application reads/executes, and that causes the crash. I did a little test on the calculator, and it doesn't crash(mainly because the "code cave" is huge.): #Include <WinAPI.au3> Run("calc.exe") ProcessWait("calc.exe") Dim $ProcessID = ProcessExists("calc.exe") Dim $ProcesshWnd = _WinAPI_OpenProcess($PROCESS_ALL_ACCESS, False, $ProcessID, False) Dim $dataStruct = DllStructCreate("byte[4096]"), $dataWritten = 0 _WinAPI_WriteProcessMemory($ProcesshWnd, 0x01015018, DllStructGetPtr($dataStruct), DllStructGetSize($dataStruct), $dataWritten) ConsoleWrite("Data written: " & $DataWritten & " bytes. Error: " & @error & @LF) _WinAPI_CloseHandle($ProcesshWnd) $dataStruct = 0 And it does write 0 to the memory in the range, no need to fill the struct with zeros first.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now