Hey. Although I'm aware that AutoIt is not the best way for code injection and such, I use it quite often (especially for calling WinApi in asm). The number one problem is calculation of the relative addresses on injection site. So I wrote a small UDF that calculates them for me instead of me bothering every single time. Hope this helps someone out there.
Code:
#include <String.au3>
Func CalculateBytes($dwAddress,$sByte)
If Not IsBinary($dwAddress) Then $dwAddress = "0x" & Hex($dwAddress,8)
If Not StringInStr($sByte,"0x") Then $sByte = "0x" & $sByte
$aStat = _StringBetween($sByte,"-","-",1)
If IsArray($aStat) Then
For $i = 0 To UBound($aStat)-1
Local $sAddress = StringReplace($aStat[$i],"0x","")
Local $sReversedAddress = ""
For $b = 7 To 1 Step -2
$sReversedAddress = $sReversedAddress & StringMid($sAddress, $b, 2)
Next
$sByte = StringReplace($sByte,"-" & $aStat[$i] & "-",$sReversedAddress)
Next
EndIf
Do
Local $iOccurance = StringInStr($sByte,"|")
If Not $iOccurance Then ExitLoop
Local $iOccurance2 = StringInStr($sByte,"|",0,1,$iOccurance+1)
Local $sCalcAddress = StringMid($sByte,$iOccurance+1,$iOccurance2-$iOccurance-1)
If Not StringInStr($sCalcAddress,"0x") Then $sCalcAddress = "0x" & $sCalcAddress
Local $sCalcDist = Hex(Execute(($sCalcAddress - ($dwAddress+($iOccurance-1)/2) - 4) +1),8)
Local $sNewAddress = ""
For $i = StringLen($sCalcDist) - 1 To 1 Step -2
$sNewAddress = $sNewAddress & StringMid($sCalcDist, $i, 2)
Next
$sByte = StringLeft($sByte,$iOccurance - 1) & $sNewAddress & StringRight($sByte,(StringLen($sByte)-$iOccurance2))
Until StringInStr($sByte,"|") = 0
Return $sByte
EndFunc
While wrapping an address in "-" results in reversed bytes (such as for a push), wrapping in "|" results in the relative distance of page+previous bytes to desired address. (calls jmps etc.) Make sure all your addresses are in 0x hex format.
[VB.NET]ASM bytes realisiren ;D 09/01/2010 - .NET Languages - 0 Replies HEy leute also hab ein großes Problem ich mache grad ein programm und habe da mal ein ausschnitt vom debugger für euch(von einem anderem prozess :
0060054C - 59 - pop ecx
0060054D - 89 0d 92 03 60 00 - mov ,ecx
00600553 - ff 35 92 03 60 00 - push ;
00600559 - 8b 0d 28 c0 61 00 - mov ecx, ;
0060055F - e8 dc 6a e1 ff - call 00417040
00600564 - 60 - pushad
2 Bytes oder 4 Bytes ? 02/13/2010 - Kal Online - 3 Replies Erm wenn ich nach cooldowns schaue für Mockery mit der UCE
such ich dann mit 2 Bytes oder 4 Bytes ??
![[Beatrice]'s Avatar](https://www.elitepvpers.com/forum/customavatars/avatar6192974_57.gif){kind=avatar}
![[Beatrice] is offline](images/elitepvpers/statusicon/user_offline.gif){kind=small}
