Departure Posted November 28, 2007 Posted November 28, 2007 Hey people I just need a little help from someone with some delphi experiance, Im new to delphi coming over from Vb6 and I have no problem writting to memory in Vb6 But I want to do it in delphi, I have used something similar that I would have used in vb6. But I would like to know how I would write multiple bytes to a single addressimplementation const Address1=$0054B28B; //These will be the address's im going to write to Address2=$0054B297; Address3=$0054B29C;{$R *.dfm}procedure TForm1.Button1Click(Sender: TObject); var Path : string; StartInfo : TStartupInfo; ProcInfo : TProcessInformation; CreateOK : Boolean; Write: Cardinal; NumberOfBytes : Cardinal; BytesToWrite : Byte; // Im not sure if I declared the correct variable, Proberly need to put it into an array??????begin Path :='C:\\Program Files\\My Program\\MyProgram.exe'; { fill with known state } FillChar(StartInfo,SizeOf(TStartupInfo),#0); FillChar(ProcInfo,SizeOf(TProcessInformation),#0); StartInfo.cb := SizeOf(TStartupInfo); CreateOK := CreateProcess(PChar(Path),nil, nil, nil,False,CREATE_SUSPENDED,nil, nil, StartInfo, ProcInfo); //check to see if successful if CreateOK then begin NumberOfBytes := 2; //No problem writing 1 byte "08" or "EB" but I want to write both bytes to adress Nr.1 BytesToWrite := $08EB; //If i was to change numberofbytes to = 1 and have BytesToWrite = $08 (single byte) it would work fine WriteProcessMemory(ProcInfo.hProcess,ptr(Address1),BytesToWrite,NumberOfBytes,Write); ResumeThread(ProcInfo.hThread); CloseHandle(ProcInfo.hProcess); end;end;end.Im thinnking I need to make byte array but then I just need to know how to implement the array, Writting 1 byte is no problems to the address but I need to write 2 or more bytes to a single address. Any help I would be very thankful
IMPosTOR Posted November 28, 2007 Posted November 28, 2007 (edited) const Patch_Memory_String1 : array[1..6] of byte = ($E9,$7B,$01,$00,$00,$90);....WriteProcessMemory(G_P,$0040000,@Patch_Memory_String1,length(Patch_Memory_String1),C);....maybe this one can help u Edited November 28, 2007 by IMPosTOR
Departure Posted November 28, 2007 Author Posted November 28, 2007 (edited) yes look like the exact thing I wanted to do, ill try it out, I did find a solution but your way looks better ) This is my way I found that seems to work also implementation const Address1=$0054B28B; Address2=$0054B297; Address3=$0054B29C; Value1 = $08EB; Value2 = $BB00; Value3 = $90;{$R *.dfm}procedure TForm1.Button1Click(Sender: TObject); var Path : string; StartInfo : TStartupInfo; ProcInfo : TProcessInformation; CreateOK : Boolean; Write: Cardinal; NumberOfBytes : Cardinal; WriteByte : Byte; buf: PChar;begin Path :='C:\\Program Files\\My Program\\MyProgram.exe'; //Fill with state FillChar(StartInfo,SizeOf(TStartupInfo),#0); FillChar(ProcInfo,SizeOf(TProcessInformation),#0); StartInfo.cb := SizeOf(TStartupInfo); CreateOK := CreateProcess(PChar(Path),nil, nil, nil,False,CREATE_SUSPENDED,nil, nil, StartInfo, ProcInfo); //Checking if CreateOK then begin NumberOfBytes := 2; GetMem(buf, 2); buf^ := Chr(Value1); WriteProcessMemory(ProcInfo.hProcess,ptr(Address1),buf,NumberOfBytes,Write); FreeMem(buf); NumberOfBytes := 2; GetMem(buf, 2); buf^ := Chr(Value2); WriteProcessMemory(ProcInfo.hProcess,ptr(Address2),buf,NumberOfBytes,Write); FreeMem(buf); NumberOfBytes := 1; GetMem(buf, 1); buf^ := Chr(Value3); WriteProcessMemory(ProcInfo.hProcess,ptr(Address3),buf,NumberOfBytes,Write); FreeMem(buf); ResumeThread(ProcInfo.hThread); CloseHandle(ProcInfo.hProcess); end;end;end. But after seeing your way it looks better implemented So im going to go and try it now Edited November 28, 2007 by Departure
IMPosTOR Posted November 28, 2007 Posted November 28, 2007 (edited) my src is small and u can replace my src Edited November 28, 2007 by IMPosTOR
Departure Posted November 28, 2007 Author Posted November 28, 2007 Thanks IMPoster, I used your method and it works perfectly with a lot less code, I did'nt know i could use MyArray : array[1..8] of byte ($1b,$2b,$3b,$4b,$5b,$6b,$7b,$8b); These are the small thing that make it alot easyer than with vb6, btw those arn'nt real bytes they are just example of how you told me... Thanks again )
Nevyn Posted January 10, 2008 Posted January 10, 2008 Thanks IMPoster, I used your method and it works perfectly with a lot less code, I did'nt know i could use MyArray : array[1..8] of byte ($1b,$2b,$3b,$4b,$5b,$6b,$7b,$8b); These are the small thing that make it alot easyer than with vb6, btw those arn'nt real bytes they are just example of how you told me... Thanks again ) I know you already got your answer out, but i thought i'd be giving you another way. ar: array[0..500] of char; begin str := 'I can replace Strings in Memory'; FillChar(ar, SizeOf(ar), 0); Move(str[1], ar, Length(str)); Then just WriteProcessMemory using @ar
C++ Posted February 22, 2018 Posted February 22, 2018 I have a question a little similar to this. In ollydbg there's a command I see called Fill with nops where it fills an address with 90s . I was trying to implement that also in delphi. I know I can do a loop but not so sure how to do it Any help? or a better approach?
evlncrn8 Posted February 22, 2018 Posted February 22, 2018 (edited) make a buffer of the size required (or a fraction and do the write in a loop), fill it with 0x90, write x bytes from that to the process using WriteProcessMemory, hardly rocket science Edited February 22, 2018 by evlncrn8 2
GautamGreat Posted February 22, 2018 Posted February 22, 2018 (edited) procedure WriteNOP(Address : DWORD; Size : Integer; hProcess : THandle); var i : Integer; nop : byte; bytesread : DWORD; begin nop = $90; for i := 0 to Size - 1 do begin WriteProcessMemory(hProcess, Pointer(Address), @nop, 1, bytesread); inc(Address); end; end; Here is small example. Maybe it helps Edited February 22, 2018 by GautamGreat 2
evlncrn8 Posted February 22, 2018 Posted February 22, 2018 that is one horrible example.. writing one byte at the time... wow... that code should be taken out the back of the shed and shot 2
idrcelab Posted February 26, 2018 Posted February 26, 2018 (edited) On 2/22/2018 at 5:36 PM, evlncrn8 said: that is one horrible example.. writing one byte at the time... wow... that code should be taken out the back of the shed and shot Can you show us, how you can do it in a better way? Edited February 26, 2018 by idrcelab
evlncrn8 Posted February 26, 2018 Posted February 26, 2018 i already said, allocate a buffer of the size, fill it with nops, write it in one go... 1
GautamGreat Posted February 26, 2018 Posted February 26, 2018 procedure WriteNOP(Address : DWORD; Size : Integer; hProcess : THandle); var NopBytes : array of Bytes; bytesread : DWORD; begin SetLength(NopBytes, Size); FillMemory(@NopBytes[0], Size, $90); WriteProcessMemory(hProcess, Pointer(Address), @NopBytes, Size, bytesread); end; something like this ? 1
evlncrn8 Posted February 26, 2018 Posted February 26, 2018 something like that yep, i think you can already see how much better is than one byte at a time.. no ?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now