| View previous topic :: View next topic |
| Author |
Message |
Smanettone83 Expert Cheater
Reputation: 3
Joined: 21 Feb 2011 Posts: 146 Location: Italia
|
Posted: Fri Mar 09, 2012 2:38 pm Post subject: Distance between allocated memory and original address |
|
|
Hi guys. I'm tryng to calculate distance from allocated memory and original address for create a jump to code cave.. i've used this code in delphi:
| Code: |
AllocatedMem:= VirtualAllocEx(ProcHandle, nil, mySize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
VirtualProtectEx(ProcHandle, AllocatedMem, mySize, PAGE_EXECUTE_READWRITE, nil);
|
now i've need to use WriteProcessMemory function for write my E9 (jmp) to allocated memory.
Is there a function in delphi that i can use for calculate the distance in byte?
Thanks
_________________
|
|
| Back to top |
|
 |
atom0s Moderator
Reputation: 205
Joined: 25 Jan 2006 Posts: 8587 Location: 127.0.0.1
|
Posted: Fri Mar 09, 2012 3:57 pm Post subject: |
|
|
(CaveAddr - OriginalAddr) - 5
To calculate the distance.
_________________
- Retired. |
|
| Back to top |
|
 |
Smanettone83 Expert Cheater
Reputation: 3
Joined: 21 Feb 2011 Posts: 146 Location: Italia
|
Posted: Fri Mar 09, 2012 4:39 pm Post subject: |
|
|
| Wiccaan wrote: | (CaveAddr - OriginalAddr) - 5
To calculate the distance. |
why - 5 ?
_________________
|
|
| Back to top |
|
 |
atom0s Moderator
Reputation: 205
Joined: 25 Jan 2006 Posts: 8587 Location: 127.0.0.1
|
Posted: Fri Mar 09, 2012 5:16 pm Post subject: |
|
|
You need to account for the bytes used by your call/jmp.
_________________
- Retired. |
|
| Back to top |
|
 |
Smanettone83 Expert Cheater
Reputation: 3
Joined: 21 Feb 2011 Posts: 146 Location: Italia
|
Posted: Sat Mar 10, 2012 8:37 am Post subject: |
|
|
| Wiccaan wrote: | | You need to account for the bytes used by your call/jmp. |
example of calculation:
| Code: |
var
AllocatedMem,Original,JmpToAlloc:int64;
begin
JmpToAlloc:= (AllocatedMem - Original) -5;
WriteProcessMemory(ProcHandle, pointer(AllocatedMem), @MyArray, SizeOf(MyArray), myWrite);
end;
|
it's right?
_________________
|
|
| Back to top |
|
 |
|