I'm trying to execute a function in a running (old) Win32 Borland application (Window has class OLW_WINDOW). By using OllyDbg I've found out that the function has one parameter which is a memory address. One variable/value used by the function is stored at an offset of that address. My idea is to find that memory address (which is at an constant offset in a memory block), change the variable/value to what I want and then execute the function. To use WriteProcessMemory and CreateRemoteThread to execute is okey, but the problem is how to find the memory address/block? When opening "Memory map" in OllyDbg the memory block has no owner, section or contains. Is it possible to get a list of memory blocks created by a specified thread? Or could I get it from the application somehow? Btw: the function is normally executed when a button is clicked and the variable/value I want to set is a database ID listed (by name) in a listview (or equivalent).
Execute remote function with memory address as parameter
416 views Asked by Oyvind E At
1
There are 1 answers
Related Questions in WINDOWS
- SuiteCRM how to retrieve all account related contacts
- how do i submit a pastebin or pastee from an android app and get the url back
- BigCommerce PHP API delete Category which contains products
- Interact with chrome bookmarks outside of extensions
- purchase individual items and subscriptions in the same PayPal REST API transaction
- youtube api v3 insert comments
- Youtube api v3 duration
- Responding to an Office 365 event invite via REST
- Convert youtube video to mp3 using Quick MP3 API
- How to real-time monitor the emails?
Related Questions in MEMORY
- SuiteCRM how to retrieve all account related contacts
- how do i submit a pastebin or pastee from an android app and get the url back
- BigCommerce PHP API delete Category which contains products
- Interact with chrome bookmarks outside of extensions
- purchase individual items and subscriptions in the same PayPal REST API transaction
- youtube api v3 insert comments
- Youtube api v3 duration
- Responding to an Office 365 event invite via REST
- Convert youtube video to mp3 using Quick MP3 API
- How to real-time monitor the emails?
Related Questions in OLLYDBG
- SuiteCRM how to retrieve all account related contacts
- how do i submit a pastebin or pastee from an android app and get the url back
- BigCommerce PHP API delete Category which contains products
- Interact with chrome bookmarks outside of extensions
- purchase individual items and subscriptions in the same PayPal REST API transaction
- youtube api v3 insert comments
- Youtube api v3 duration
- Responding to an Office 365 event invite via REST
- Convert youtube video to mp3 using Quick MP3 API
- How to real-time monitor the emails?
Related Questions in CREATEREMOTETHREAD
- SuiteCRM how to retrieve all account related contacts
- how do i submit a pastebin or pastee from an android app and get the url back
- BigCommerce PHP API delete Category which contains products
- Interact with chrome bookmarks outside of extensions
- purchase individual items and subscriptions in the same PayPal REST API transaction
- youtube api v3 insert comments
- Youtube api v3 duration
- Responding to an Office 365 event invite via REST
- Convert youtube video to mp3 using Quick MP3 API
- How to real-time monitor the emails?
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
The best thing to do is just call the function.
As an example here is a function which prints output to a console:
To call it, we would find the address of this function in the target binary. Let's say it's found at 0xDEADC0DE.
We would form a typedef for a function pointer:
We would create an instance of that function pointer type
To call the function we would simply do:
Likewise for your project, you would input whatever argument you required.