Writing Memory and VirtualAlloc

[Slugsnack]

I have allocated a certain amount of memory with VirtualAlloc and what I want to do is write a procedure there.  VirtualAlloc of course has a return value as the base address of the allocated region.  So several solutions I have are to use:

• WriteProcessMemory
• RtlMemCopy
• rep movsb

But each of these options requires that I know the source buffer and the destination buffer.  Destination buffer will be the return of VirtualAlloc but I'm not sure how I could write a load of instructions somewhere and then find the address of those instructions.

I'm sure there must be an easy way to do this that I just don't know about  ::)

[BogdanOntanu]

Code Select Expand


mov esi,offset My_Proc
mov edi,[dest_buffer_ptr] ; return of Virtual alloc
mov ecx, size_of_my_proc ; the "hard" one left as an exercise to the reader :P
rep movsb


...  maybe ?

[hutch--]

If you want to copy an existing procedure to dynamically allocated memory, there is a simple trick to get its length, get the start offset of the proc in the way Bogdan has shown you then get the start adress of the next procedure after it, subtract the first from the second and you have its length. Allocate that much memory and then write the proc to that memory.

NOTE that with DEP enabled you will have to manualy set the memory to executable so that the code can be run.

[Slugsnack]

Ahhh I see I had totally forgot about offset (I'm still a beginner  :red).  Once I remembered about that and how you could use it to find the address of a procedure, I didn't even need to use VirtualAlloc !  And I did it easily from there.

The method you guys said as well, better to do as many methods as possible since I'm still a starter.  To set memory to executable, I guess I just use VirtualProtect.  Sounds good !

Thank you both  :bg