Issue with VirtualProtect

[UEZ]

I want to port an Autoit script to Freebasic but I've problems with VirtualProtect.

Code: Select all

#Include Once "windows.bi"

Sub __MemoryDllCore()
	Static As Ubyte Ptr BinData
	Dim As Ushort iLen, iLines, p = 0

	Dim As String aBinary(1)
	
	Restore __OpCode:
	Read iLen
	iLen \= 2
	Read iLines
	
	BinData = Allocate(iLen)
	For i As Ulong = 0 To iLines - 1
		Read aBinary(0)
		For j As Ulong = 1 To Len(aBinary(0)) Step 2
			BinData[p] = Cubyte("&H" & Mid(aBinary(0), j, 2))
			p += 1
		Next
	Next
	Dim As DWORD old
	? VirtualProtect(BinData, iLen, PAGE_EXECUTE_READWRITE, @old)
	
	? "Error VP: " & GetLastError()
	Deallocate(BinData)
End Sub		

__MemoryDllCore()
Sleep



__OpCode:
Data 6648, 7
Data "FFFFFFFFFFFFFFB800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE05589E55156578B7D088B750C8B4D10FCF3A45F5E595DC35589E5578B7D088A450C8B4D10F3AA5F5DC359585A5153E8000000005B81EBAB114000898300114000899304114000E8000000005981E9C3114000518B9100114000E80B0000007573657233322E646C6C005850FFD2598B9104114000E80C0000004D657373616765426F784100595150FFD2898372114000E8000000005981E90D124000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80A0000006C737472636D70694100595150FFD2898309114000E8000000005981E957124000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80D0000005669727475616C416C6C6F6300595150FFD2898310114000E8000000005981E9A4124000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80C0000005669727475616C4672656500595150FFD2898317114000E8000000005981E9F012"
Data "4000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80F0000005669727475616C50726F7465637400595150FFD289831E114000E8000000005981E93F134000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80E00000052746C5A65726F4D656D6F727900595150FFD2898325114000E8000000005981E98D134000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80D0000004C6F61644C6962726172794100595150FFD289832C114000E8000000005981E9DA134000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80F00000047657450726F634164647265737300595150FFD2898333114000E8000000005981E929144000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80D00000049734261645265616450747200595150FFD289833A114000E8000000005981E976144000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80F00000047657450726F636573734865617000595150FFD2898341114000E8000000005981E9C5144000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2"
Data "598B9104114000E80A00000048656170416C6C6F6300595150FFD2898348114000E8000000005981E90F154000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E809000000486561704672656500595150FFD289834F114000E8000000005981E958154000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80C000000476C6F62616C416C6C6F6300595150FFD2898356114000E8000000005981E9A4154000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80E000000476C6F62616C5265416C6C6F6300595150FFD2898364114000E8000000005981E9F2154000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80B000000476C6F62616C4672656500595150FFD289835D114000E8000000005981E93D164000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80C000000467265654C69627261727900595150FFD289836B1140005B59585150E80E04000059C35990585A515250E8CC0500005A5AC35A585250E88E06000059C35589E557565383EC1C8B45108B40048945EC8B55108B020FB750148D740218C745F00000000066837806000F84B0000000837E"
Data "1000754C8B450C8B583885DB0F8E84000000C744240C04000000C744240800100000895C24048B45EC03460C890424E8FEF9FFFF83EC10894608895C2408C744240400000000890424E864FAFFFFEB46C744240C04000000C7442408001000008B4610894424048B45EC03460C890424E8BDF9FFFF83EC1089C78B55080356148B46108944240889542404893C24E808FAFFFF897E08FF45F083C6288B55108B020FB740063B45F00F8F50FFFFFF8D65F45B5E5F5DC35589E557565383EC1C8B55088B020FB750148D5C0218BF0000000066837806000F84E80000008B432489C2C1EA1D89D683E60189C2C1EA1E83E20189C1C1E91FA9000000027422C7442408004000008B4310894424048B4308890424E822F9FFFF83EC0CE99000000085F6741E85D2740D83F90119D283E2E083C240EB2983F90119D283E29083EA80EB1C85D2740D83F90119D283E2FE83C204EB0B83F90119D283E2F983C208F6432704740681CA000200008B4B1085C97522F6432440740A8B4D088B018B4820EB0EF643248074088B4D088B018B482485C9741D8D45F08944240C89542408894C24048B4308890424E894F8FFFF83EC104783C3288B55088B020FB7400639F80F8F18FFFFFF8D65F45B5E5F5DC35589E557565383EC048B45088B50048955F08B0083B8A400000000745789D30398A0000000833B00"
Data "744A8B7DF0033B8D4B08BE000000008B430483E808D1E883F80076280FB70189C2C1EA0C25FF0F000083FA0375068B550C0114074683C1028B430483E808D1E839F077D8035B04833B0075B683C4045B5E5F5DC35589E557565383EC1CC745F0010000008B45088B40048945EC8B55088B0283B884000000000F84410100008B7DEC03B880000000E9120100008B45EC03470C890424E8BFF7FFFF83EC048945E883F8FF750CC745F000000000E90E0100008B4D0883790800742EC7442408400000008B410C8D048504000000894424048B4108890424E8B6F7FFFF83EC0C8B550889420885C075268B4D088B410C8D04850400000089442404C7042440000000E87EF7FFFF83EC088B55088942088B4D088B510C8B41088B4DE8890C908B4508FF400C833F0074168B5DEC031F8B75EC037710EB11C745F000000000EB578B5DEC035F1089DE833B00744A833B0079190FB703894424048B55E8891424E8FEF6FFFF83EC088906EB1C8B45EC030383C002894424048B4DE8890C24E8E0F6FFFF83EC088906833E0074AB83C30483C604833B0075B6837DF000742483C714C744240414000000893C24E8B9F6FFFF83EC0885C0750A837F0C000F85CDFEFFFF8B45F08D65F45B5E5F5DC35589E557565383EC1C8B45088945F0B8000000008B550866813A4D5A0F85A20100008B75088B45F003"
Data "703CB800000000813E504500000F8588010000C744240C04000000C7442408002000008B4650894424048B4634890424E815F6FFFF83EC1089C785C07535C744240C04000000C7442408002000008B465089442404C7042400000000E8E9F5FFFF83EC1089C7B80000000085FF0F8428010000E803F6FFFFC744240814000000C744240400000000890424E8F2F5FFFF83EC0C89C3897804C7400C00000000C7400800000000C7401000000000C744240C04000000C7442408001000008B465089442404893C24E87EF5FFFF83EC10C744240C04000000C7442408001000008B465489442404893C24E85CF5FFFF83EC108945EC8B55F08B423C03465489442408895424048B45EC890424E8A3F5FFFF8B45EC8B55F003423C8903897834895C2408897424048B4508890424E8B4FAFFFF89F82B4634740C89442404891C24E8A0FCFFFF891C24E814FDFFFF85C0743E891C24E876FBFFFF8B0383782800742A89FA0350287427C744240800000000C744240401000000893C24FFD283EC0C85C0740BC743100100000089D8EB0D891C24E8DB000000B8000000008D65F45B5E5F5DC35589E583EC28895DF48975F8897DFC8B45088B50048955F0C745ECFFFFFFFF8B1083C278B800000000837A04000F848E0000008B5DF0031A837B18007406837B1400750FB800000000EB760FB73F897DEC"
Data "EB458B75F00373208B7DF0037B24C745E800000000837B1800762C8B45F00306894424048B450C890424E820F4FFFF83EC0885C074C4FF45E883C60483C7028B55E839531877D4B800000000837DECFF741EB8000000008B55EC3B531477118B45ECC1E00203431C8B55F003141089D08B5DF48B75F88B7DFC89EC5DC35589E5565383EC108B750885F60F84AC000000837E1000742A8B068B56048B48288D040AC744240800000000C744240400000000891424FFD083EC0CC7461000000000837E08007436BB00000000837E0C007E1D8B4608833C98FF740E8B0498890424E8CCF3FFFF83EC0443395E0C7FE38B4608890424E8AAF3FFFF83EC04837E0400741EC744240800800000C7442404000000008B4604890424E840F3FFFF83EC0CE862F3FFFF89742408C744240400000000890424E85CF3FFFF83EC0C8D65F85B5E5DC3"

VirtualProtect runs properly but is not successful error 126:

ERROR_MOD_NOT_FOUND

126 (0x7E)

The specified module could not be found.

How can I use VirtualProtect with the opcode properly in x86 mode?

The opcode is x86 assembler code.

[MrSwiss]

Not everybody around here is familiar, with AutoIt.
More information on: VirtualProtect's 'workings', is therefore needed ...

[UEZ]

Not everybody around here is familiar, with Auto-It.
More information on: VirtualProtect's 'workings', is therefore needed ...

Currently there is no need for Autoit code, just the issue why VirtualProtect produces an error code 126.

With Autoit the return value of VirtualProtect is 1, same with FB, but with Autoit there is no error when calling GetLastError.

You can minimize the code to

Code: Select all

#Include Once "windows.bi"
Dim As Ubyte Ptr BinData
Dim As SIZE_T iLen = 1000
Dim As DWORD old
BinData = Allocate(iLen)
	
? VirtualProtect(BinData, iLen, PAGE_EXECUTE_READWRITE, @old), "Error VP: " & GetLastError()
Deallocate(BinData)

Sleep

If anybody wants to see the Autoit code I can post it.

Btw, running the code as x64 produces the expected result. Why not with x86?

[jj2007]

Compiled with GAS, Gcc32, Gcc64 on Win7-64:

Code: Select all

 1            Error VP: 0

[srvaldez]

I get the value of 1 both in 32 and 64-bit, which according to MS is ok https://docs.microsoft.com/en-us/window ... ualprotect

[dodicat]

My 64 bit machine is er . . . kaput, I think describes it best.
So on 32 bit XP (with a real crt monitor), gas and gcc, I get the original error, 126.(fb 1.06)
I have ordered another machine from Ebay, Win 10 pro.

[MrSwiss]

So on 32 bit XP (with a real crt monitor), gas and gcc, I get the original error, 126.(fb 1.06)

IIRC, there has been a 'compatibility break' between FBC versions:
1.06 and 1.07 (which may cause differences).
See: changelog (ver: 1.07.1)
Yet another reason, to keep the compilers current.

[jj2007]

This has nothing to do with the compiler version - it is a simple straightforward WinAPI call. On WinXP-32 I get error 203, although the return value is 1. Which simply means there is no error. You can test this behaviour as follows:

Code: Select all

#Include Once "windows.bi"
Dim As Ubyte Ptr BinData
Dim As SIZE_T iLen = 1000
Dim As DWORD old
BinData = Allocate(iLen)
SetLastError(123)
? VirtualProtect(BinData, iLen, PAGE_EXECUTE_READWRITE, @old), "Error VP: " & GetLastError()
Deallocate(BinData)

Sleep

This will return 123 for GetLastError but 1 for VirtualProtect. So, @UEZ, if you get one for VirtualProtect you can safely ignore the error 126.

[UEZ]

Thanks all for your replies.

The odd thing is that VirtualProtect returns 1 which means is successful but on the other hand the error flag was set.

When I use following code

Code: Select all

#Include Once "windows.bi"
SetLastError(0)
? GetLastError()
Dim As Ubyte Ptr BinData
Dim As SIZE_T iLen = 1000
Dim As DWORD old
? GetLastError()
BinData = Allocate(iLen)
? GetLastError()
? VirtualProtect(BinData, iLen, PAGE_EXECUTE_READWRITE, @old), "Error VP: " & GetLastError()
Deallocate(BinData)

Sleep

The the error is still 0 after VirtualProtect call. I don't know why it's set...

My 64 bit machine is er . . . kaput, I think describes it best.

Well, when it's "kaputt" then it's "kaputt" and you have to get a new one. If you don't play high end games then a standard one would be sufficient but you should have at least 8 GM ram with SSD. :-)

What I'm trying to port to FB is a code to call a DLL from the memory just with some inline assembler opcode and api calls. So need for external files or static libs.

Well, to understand the Autoit code you must have some knowledge with Autoit, therefor I don't know whether it makes sense to post the code.

There are many smart wrapper functions in Autoit which makes the coder's live more easy.

Btw, when I have a optcode and some reference addresses of that code how can I call it?

Let's say my opcode is in memory using Allocate which gives me the address and one function within the opcode is memory opcode + &h00A1.
There is the entry point for a function with 3 parameters.
How can I call it?

This is the code what it so far which is crashing.

MemDLLCall.bi

Code: Select all

#Include Once "windows.bi"

Sub __MemoryDllCore(iCall As Ubyte, Dll_Bin As Ubyte Ptr, iBinLen As Ulong, sFuncName As String = "")
	Static As Boolean bDllInit = False
	Static As Any Ptr pMDLoadLibrary, pMDGetFuncAddress, pMDFreeLibrary
	Static As HMODULE pModule
	Static As FARPROC pGetProcAddress, pLoadLibraryA
	Static As DWORD OldProtect, OldProtectDLL
	Static As Ubyte Ptr BinData
	Dim As Ushort iLen, iLines, p = 0
	If bDllInit = False Then
		Dim As String aBinary(1)
		
		Restore __OpCode:
		Read iLen
		iLen \= 2
		Read iLines
		Dim As DWORD old
		
		BinData = Allocate(iLen)
		? VirtualProtect(BinData, iLen, PAGE_EXECUTE_READWRITE, @old)
		? "Error VP: " & GetLastError()
		
		For i As Ulong = 0 To iLines - 1
			Read aBinary(0)
			For j As Ulong = 1 To Len(aBinary(0)) Step 2
				BinData[p] = Cubyte("&H" & Mid(aBinary(0), j, 2))
				p += 1
			Next
		Next
	
		'pLoadLibrary = GetProcAddress(GetModuleHandle("Kernel32"),"LoadLibraryA")
		
		pMDLoadLibrary = BinData + &h00A1 : pMDGetFuncAddress = BinData + &h0590 : pMDFreeLibrary = BinData + &h059F :
		pModule = LoadLibraryA("kernel32.dll") : pGetProcAddress = GetProcAddress(pModule, "GetProcAddress") : pLoadLibraryA = GetProcAddress(pModule, "LoadLibraryA")
				
		bDllInit = True
	End If
	
	Dim cpMDLoadLibrary As Function (Byval Lib As FARPROC, Byval ProcAddress As FARPROC, Byval ModBin As Any Ptr) As Any Ptr = pMDLoadLibrary
	Dim cpMDGetFuncAddress As Function(Byval ModBin As Ubyte Ptr, Byref sFuncName As String) As Any Ptr = pMDGetFuncAddress
	Dim cpMDFreeLibrary As Sub(Byval ModBin As Any Ptr) = pMDFreeLibrary
		
	Static As Any Ptr hModule
	
	Select Case iCall
		Case 0
			? VirtualProtect(@Dll_Bin[0], iBinLen, PAGE_EXECUTE_READWRITE, @OldProtectDLL)
			? "Error: " & GetLastError()
			hModule = cpMDLoadLibrary(pLoadLibraryA, pGetProcAddress, Dll_Bin)
			? "hModule = " & Hex(hModule), hModule
		Case 1
			'? cpMDGetFuncAddress(@Dll_Bin[0], sFuncName)
			? "huhuh"
		Case 2
			'cpMDFreeLibrary(hModule)
			? "huhuh"
			VirtualFree(BinData, iLen, MEM_DECOMMIT)
			FreeLibrary(pModule)
			Deallocate(Dll_Bin)
			Deallocate(BinData)
'			? VirtualProtect(@BinData(0), Ubound(BinData), OldProtect, NULL)
'			? GetLastError()
'			? VirtualProtect(@Dll_Bin(0), Ubound(Dll_Bin), OldProtectDLL, NULL)
'			? GetLastError()
	End Select
End Sub


__OpCode:
Data 6648, 7
Data "FFFFFFFFFFFFFFB800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE0B800000000FFE05589E55156578B7D088B750C8B4D10FCF3A45F5E595DC35589E5578B7D088A450C8B4D10F3AA5F5DC359585A5153E8000000005B81EBAB114000898300114000899304114000E8000000005981E9C3114000518B9100114000E80B0000007573657233322E646C6C005850FFD2598B9104114000E80C0000004D657373616765426F784100595150FFD2898372114000E8000000005981E90D124000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80A0000006C737472636D70694100595150FFD2898309114000E8000000005981E957124000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80D0000005669727475616C416C6C6F6300595150FFD2898310114000E8000000005981E9A4124000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80C0000005669727475616C4672656500595150FFD2898317114000E8000000005981E9F012"
Data "4000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80F0000005669727475616C50726F7465637400595150FFD289831E114000E8000000005981E93F134000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80E00000052746C5A65726F4D656D6F727900595150FFD2898325114000E8000000005981E98D134000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80D0000004C6F61644C6962726172794100595150FFD289832C114000E8000000005981E9DA134000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80F00000047657450726F634164647265737300595150FFD2898333114000E8000000005981E929144000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80D00000049734261645265616450747200595150FFD289833A114000E8000000005981E976144000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80F00000047657450726F636573734865617000595150FFD2898341114000E8000000005981E9C5144000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2"
Data "598B9104114000E80A00000048656170416C6C6F6300595150FFD2898348114000E8000000005981E90F154000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E809000000486561704672656500595150FFD289834F114000E8000000005981E958154000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80C000000476C6F62616C416C6C6F6300595150FFD2898356114000E8000000005981E9A4154000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80E000000476C6F62616C5265416C6C6F6300595150FFD2898364114000E8000000005981E9F2154000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80B000000476C6F62616C4672656500595150FFD289835D114000E8000000005981E93D164000518B9100114000E80D0000006B65726E656C33322E646C6C005850FFD2598B9104114000E80C000000467265654C69627261727900595150FFD289836B1140005B59585150E80E04000059C35990585A515250E8CC0500005A5AC35A585250E88E06000059C35589E557565383EC1C8B45108B40048945EC8B55108B020FB750148D740218C745F00000000066837806000F84B0000000837E"
Data "1000754C8B450C8B583885DB0F8E84000000C744240C04000000C744240800100000895C24048B45EC03460C890424E8FEF9FFFF83EC10894608895C2408C744240400000000890424E864FAFFFFEB46C744240C04000000C7442408001000008B4610894424048B45EC03460C890424E8BDF9FFFF83EC1089C78B55080356148B46108944240889542404893C24E808FAFFFF897E08FF45F083C6288B55108B020FB740063B45F00F8F50FFFFFF8D65F45B5E5F5DC35589E557565383EC1C8B55088B020FB750148D5C0218BF0000000066837806000F84E80000008B432489C2C1EA1D89D683E60189C2C1EA1E83E20189C1C1E91FA9000000027422C7442408004000008B4310894424048B4308890424E822F9FFFF83EC0CE99000000085F6741E85D2740D83F90119D283E2E083C240EB2983F90119D283E29083EA80EB1C85D2740D83F90119D283E2FE83C204EB0B83F90119D283E2F983C208F6432704740681CA000200008B4B1085C97522F6432440740A8B4D088B018B4820EB0EF643248074088B4D088B018B482485C9741D8D45F08944240C89542408894C24048B4308890424E894F8FFFF83EC104783C3288B55088B020FB7400639F80F8F18FFFFFF8D65F45B5E5F5DC35589E557565383EC048B45088B50048955F08B0083B8A400000000745789D30398A0000000833B00"
Data "744A8B7DF0033B8D4B08BE000000008B430483E808D1E883F80076280FB70189C2C1EA0C25FF0F000083FA0375068B550C0114074683C1028B430483E808D1E839F077D8035B04833B0075B683C4045B5E5F5DC35589E557565383EC1CC745F0010000008B45088B40048945EC8B55088B0283B884000000000F84410100008B7DEC03B880000000E9120100008B45EC03470C890424E8BFF7FFFF83EC048945E883F8FF750CC745F000000000E90E0100008B4D0883790800742EC7442408400000008B410C8D048504000000894424048B4108890424E8B6F7FFFF83EC0C8B550889420885C075268B4D088B410C8D04850400000089442404C7042440000000E87EF7FFFF83EC088B55088942088B4D088B510C8B41088B4DE8890C908B4508FF400C833F0074168B5DEC031F8B75EC037710EB11C745F000000000EB578B5DEC035F1089DE833B00744A833B0079190FB703894424048B55E8891424E8FEF6FFFF83EC088906EB1C8B45EC030383C002894424048B4DE8890C24E8E0F6FFFF83EC088906833E0074AB83C30483C604833B0075B6837DF000742483C714C744240414000000893C24E8B9F6FFFF83EC0885C0750A837F0C000F85CDFEFFFF8B45F08D65F45B5E5F5DC35589E557565383EC1C8B45088945F0B8000000008B550866813A4D5A0F85A20100008B75088B45F003"
Data "703CB800000000813E504500000F8588010000C744240C04000000C7442408002000008B4650894424048B4634890424E815F6FFFF83EC1089C785C07535C744240C04000000C7442408002000008B465089442404C7042400000000E8E9F5FFFF83EC1089C7B80000000085FF0F8428010000E803F6FFFFC744240814000000C744240400000000890424E8F2F5FFFF83EC0C89C3897804C7400C00000000C7400800000000C7401000000000C744240C04000000C7442408001000008B465089442404893C24E87EF5FFFF83EC10C744240C04000000C7442408001000008B465489442404893C24E85CF5FFFF83EC108945EC8B55F08B423C03465489442408895424048B45EC890424E8A3F5FFFF8B45EC8B55F003423C8903897834895C2408897424048B4508890424E8B4FAFFFF89F82B4634740C89442404891C24E8A0FCFFFF891C24E814FDFFFF85C0743E891C24E876FBFFFF8B0383782800742A89FA0350287427C744240800000000C744240401000000893C24FFD283EC0C85C0740BC743100100000089D8EB0D891C24E8DB000000B8000000008D65F45B5E5F5DC35589E583EC28895DF48975F8897DFC8B45088B50048955F0C745ECFFFFFFFF8B1083C278B800000000837A04000F848E0000008B5DF0031A837B18007406837B1400750FB800000000EB760FB73F897DEC"
Data "EB458B75F00373208B7DF0037B24C745E800000000837B1800762C8B45F00306894424048B450C890424E820F4FFFF83EC0885C074C4FF45E883C60483C7028B55E839531877D4B800000000837DECFF741EB8000000008B55EC3B531477118B45ECC1E00203431C8B55F003141089D08B5DF48B75F88B7DFC89EC5DC35589E5565383EC108B750885F60F84AC000000837E1000742A8B068B56048B48288D040AC744240800000000C744240400000000891424FFD083EC0CC7461000000000837E08007436BB00000000837E0C007E1D8B4608833C98FF740E8B0498890424E8CCF3FFFF83EC0443395E0C7FE38B4608890424E8AAF3FFFF83EC04837E0400741EC744240800800000C7442404000000008B4604890424E840F3FFFF83EC0CE862F3FFFF89742408C744240400000000890424E85CF3FFFF83EC0C8D65F85B5E5DC3"

And this is an example of a MD5 dll to call it from memory.

MemDllCall Example1.bas

Code: Select all

#Include "MemDLLCall.bi"

'Dim As OpCode MD5DLL

Dim As Ubyte aMD5DLL(Any)

Dim As Ushort iLen, iLines, p = 0, l = 0
Dim As String aBinary(1)
Restore __MD5_DLL:
Read iLen
Read iLines
iLen \= 2
Redim aMD5DLL(iLen)

Dim As Ubyte Ptr pMD5DLL= Allocate(iLen)

For i As Ushort = 0 To iLines - 1
	Read aBinary(0)
	For j As Ushort = 1 To Len(aBinary(0)) Step 2
		pMD5DLL[p] = Cubyte("&H" & Mid(aBinary(0), j, 2))
		p += 1
	Next
Next

'Dim As Long f
'f = FreeFile
'Open "c:\temp\md5.bin" For Binary Access Write As #f
'Put #f, 0, MD5DLL.bin(0), iLen \ 2
'Close #f


__MemoryDllCore(0, pMD5DLL, iLen)
__MemoryDllCore(1, pMD5DLL, iLen, "md5")
__MemoryDllCore(2, pMD5DLL, iLen)
Sleep

__MD5_DLL:
Data 6144, 7
Data "4D5A50000200000004000F00FFFF0000B80000000000000040001A0000000000535048494E5820432D2D20302E3233394A616E20313920323030370060000000BA0E000E1FB409CD21B8014CCD21466F722057696E3332206F6E6C79210D0A24504500004C010100000000000000000000000000E0008EA10B0100EF000A0000000000000000000000100000001000000000000000004000001000000002000001000000000000000400000000000000002000000002000000000000030001000080000000080000000001000010000000000000100000006C1800003E000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000434F4445000000000010000000100000000A000000020000000000000000000000000000600000E00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
Data "00000000000000000000000031C040C20C00C85800005356578D45A850E83B000000FF750CFF75088D45A850E8590000008D45A850FF7510E88A0700005F5E5BC9C20C005589E55156578B7D088B750C8B4D10FCF3A45F5E595DC20C005589E58B4D0831C0894114894110C70101234567C7410489ABCDEFC74108FEDCBA98C7410C765432105DC20400C80C0000538B5D088B4310C1E80383E03F8945F88B4510C1E0030143103943107303FF43148B4510C1E81D0143146A40582B45F88945F4394510724550FF750C8B45F88D44031850E86DFFFFFF8D43185053E84E0000008B45F48945FC8B45FC83C03F39451076138B450C0345FC5053E8300000008345FC40EBE28365F800EB048365FC008B45102B45FC508B450C0345FC508B45F88D44031850E81AFFFFFF5BC9C20C00C84000005356576A40FF750C8D45C050E800FFFFFF8B45088B088B50048B70088B780C89D021F089D3F7D321FB09D801C1034DC081C178A46AD7C1C10701D189C821D089CBF7D321F309D801C7037DC481C756B7C7E8C1C70C01CF89F821C889FBF7D321D309D801C60375C881C6DB702024C1C61101FE89F021F889F3F7D321CB09D801C20355CC81C2EECEBDC1C1C21601F289D021F089D3F7D321FB09D801C1034DD081C1AF0F7CF5C1C10701D189C821D089CBF7D321F309D801C7037DD481C72AC687"
Data "47C1C70C01CF89F821C889FBF7D321D309D801C60375D881C6134630A8C1C61101FE89F021F889F3F7D321CB09D801C20355DC81C2019546FDC1C21601F289D021F089D3F7D321FB09D801C1034DE081C1D8988069C1C10701D189C821D089CBF7D321F309D801C7037DE481C7AFF7448BC1C70C01CF89F821C889FBF7D321D309D801C60375E881C6B15BFFFFC1C61101FE89F021F889F3F7D321CB09D801C20355EC81C2BED75C89C1C21601F289D021F089D3F7D321FB09D801C1034DF081C12211906BC1C10701D189C821D089CBF7D321F309D801C7037DF481C7937198FDC1C70C01CF89F821C889FBF7D321D309D801C60375F881C68E4379A6C1C61101FE89F021F889F3F7D321CB09D801C20355FC81C22108B449C1C21601F289D021F889FBF7D321F309D801C1034DC481C162251EF6C1C10501D189C821F089F3F7D321D309D801C7037DD881C740B340C0C1C70901CF89F821D089D3F7D321CB09D801C60375EC81C6515A5E26C1C60E01FE89F021C889CBF7D321FB09D801C20355C081C2AAC7B6E9C1C21401F289D021F889FBF7D321F309D801C1034DD481C15D102FD6C1C10501D189C821F089F3F7D321D309D801C7037DE881C753144402C1C70901CF89F821D089D3F7D321CB09D801C60375FC81C681E6A1D8C1C60E01FE89F021C889CBF7D321FB09D801C20355D081"
Data "C2C8FBD3E7C1C21401F289D021F889FBF7D321F309D801C1034DE481C1E6CDE121C1C10501D189C821F089F3F7D321D309D801C7037DF881C7D60737C3C1C70901CF89F821D089D3F7D321CB09D801C60375CC81C6870DD5F4C1C60E01FE89F021C889CBF7D321FB09D801C20355E081C2ED145A45C1C21401F289D021F889FBF7D321F309D801C1034DF481C105E9E3A9C1C10501D189C821F089F3F7D321D309D801C7037DC881C7F8A3EFFCC1C70901CF89F821D089D3F7D321CB09D801C60375DC81C6D9026F67C1C60E01FE89F021C889CBF7D321FB09D801C20355F081C28A4C2A8DC1C21401F289D031F031F801C1034DD481C14239FAFFC1C10401D189C831D031F001C7037DE081C781F67187C1C70B01CF89F831C831D001C60375EC81C622619D6DC1C61001FE89F031F831C801C20355F881C20C38E5FDC1C21701F289D031F031F801C1034DC481C144EABEA4C1C10401D189C831D031F001C7037DD081C7A9CFDE4BC1C70B01CF89F831C831D001C60375DC81C6604BBBF6C1C61001FE89F031F831C801C20355E881C270BCBFBEC1C21701F289D031F031F801C1034DF481C1C67E9B28C1C10401D189C831D031F001C7037DC081C7FA27A1EAC1C70B01CF89F831C831D001C60375CC81C68530EFD4C1C61001FE89F031F831C801C20355D881C2051D8804C1C21701F289D0"
Data "31F031F801C1034DE481C139D0D4D9C1C10401D189C831D031F001C7037DF081C7E599DBE6C1C70B01CF89F831C831D001C60375FC81C6F87CA21FC1C61001FE89F031F831C801C20355C881C26556ACC4C1C21701F289F8F7D009D031F001C1034DC081C1442229F4C1C10601D189F0F7D009C831D001C7037DDC81C797FF2A43C1C70A01CF89D0F7D009F831C801C60375F881C6A72394ABC1C60F01FE89C8F7D009F031F801C20355D481C239A093FCC1C21501F289F8F7D009D031F001C1034DF081C1C3595B65C1C10601D189F0F7D009C831D001C7037DCC81C792CC0C8FC1C70A01CF89D0F7D009F831C801C60375E881C67DF4EFFFC1C60F01FE89C8F7D009F031F801C20355C481C2D15D8485C1C21501F289F8F7D009D031F001C1034DE081C14F7EA86FC1C10601D189F0F7D009C831D001C7037DFC81C7E0E62CFEC1C70A01CF89D0F7D009F831C801C60375D881C6144301A3C1C60F01FE89C8F7D009F031F801C20355F481C2A111084EC1C21501F289F8F7D009D031F001C1034DD081C1827E53F7C1C10601D189F0F7D009C831D001C7037DEC81C735F23ABDC1C70A01CF89D0F7D009F831C801C60375C881C6BBD2D72AC1C60F01FE89C8F7D009F031F801C20355E481C291D386EBC1C21501F28B4508010801500401700801780C5F5E5BC9C20800C814000053E8400000"
Data "00800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008F45EC8B5D0C6A088D4310508D45F850E81EF8FFFF8B4310C1E80383E03F8945F483F838730B6A38582B45F48945F0EB096A78582B45F48945F0FF75F0FF75ECFF750CE831F8FFFF6A088D45F850FF750CE823F8FFFF6A1053FF7508E8D2F7FFFF5BC9C20800900000000000000000000000009E18000001000000010000000100000094180000981800009C18000006100000A618000000006D64352E646C6C006D643500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
Data "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"

Original Autoit code can be found here: https://www.autoitscript.com/forum/topi ... nt=1099337

[jj2007]

The odd thing is that VirtualProtect returns 1 which means is successful but on the other hand the error flag was set

This is standard practice in Windows. What counts is the return code of the API call; GetLastError is valid only if the return code says "it's an error". Windows uses its errors internally, and most of the time they are meaningless for the caller of the API.

In this case, the GetLastError code results from an earlier API call. I used SetLastError(123) to demonstrate that VirtualProtect does not set the error.

[UEZ]

Thanks @jj2007.

Let's say my opcode is in memory using Allocate which gives me the address and one function within the opcode is memory opcode + &h00A1.
There is the entry point for a function with 3 parameters.
How can I call it?

Any idea on this?

Is this a valid approach?
(code extract from above)

Code: Select all

...
		pMDLoadLibrary = BinData + &h00A1 : pMDGetFuncAddress = BinData + &h0590 : pMDFreeLibrary = BinData + &h059F :
		pModule = LoadLibraryA("kernel32.dll") : pGetProcAddress = GetProcAddress(pModule, "GetProcAddress") : pLoadLibraryA = GetProcAddress(pModule, "LoadLibraryA")
				
		bDllInit = True
	End If
	
	Dim cpMDLoadLibrary As Function (Byval Lib As FARPROC, Byval ProcAddress As FARPROC, Byval ModBin As Any Ptr) As Any Ptr = pMDLoadLibrary
	Dim cpMDGetFuncAddress As Function(Byval ModBin As Ubyte Ptr, Byref sFuncName As String) As Any Ptr = pMDGetFuncAddress
	Dim cpMDFreeLibrary As Sub(Byval ModBin As Any Ptr) = pMDFreeLibrary
	...

The first call doesn't crash in Case 0 but the 2nd one in Case 1 does... :-(