02-05-2025, 09:07 PM
Ok Charles, I have tried out using a PowerBasic program to poke
a function inside the system memory. I'm not to sure that it can be
done, but this program works by CALL DWORD the function
which is already poke inside the system memory.
Can you please check whether this is the correct approach?
Currently I'm running this program using Admin rights and I
wonder whether I can run it without Admin rights.
a function inside the system memory. I'm not to sure that it can be
done, but this program works by CALL DWORD the function
which is already poke inside the system memory.
Can you please check whether this is the correct approach?
Currently I'm running this program using Admin rights and I
wonder whether I can run it without Admin rights.
Code:
' Mem allocate system.bas
' This program allocates memory, writes some code into that
' memory, changes the memory protection to allow execution,
' and then executes the code.
' VirtualAlloc is used to allocate a block of memory.
' The %MEM_COMMIT and %MEM_RESERVE flags are used
' to commit and reserve the memory, and %PAGE_READWRITE
' is used to set the memory protection to read/write.
'
#COMPILE EXE
#DIM ALL
#INCLUDE "Win32Api.inc"
%MEM_COMMIT = &H1000
%MEM_RESERVE = &H2000
%PAGE_READWRITE = &H4
%PAGE_EXECUTE_READ = &H20
' place a test function inside the system memory
' and runs it
DECLARE FUNCTION TestRetM() AS DWORD
'==============================
FUNCTION PBMAIN () AS LONG
' Machine code for a simple test function that returns 42
LOCAL Cd1 AS STRING * 6
' MOV EAX, 42; RET
Cd1 = CHR$(&HB8) + CHR$(&H2A) + CHR$(&H00) + CHR$(&H00) + CHR$(&H00) + CHR$(&HC3)
' Allocate the system memory to run the code
LOCAL InsMemSys AS DWORD
InsMemSys = VirtualAlloc(0, LEN(Cd1), %MEM_COMMIT OR _
%MEM_RESERVE, %PAGE_READWRITE)
IF InsMemSys = 0 THEN
MSGBOX "Failed to allocate memory"
EXIT FUNCTION
END IF
' Copy the code into the allocated memory
POKE$ InsMemSys, Cd1
' Change memory protection to allow execution
LOCAL oldProtect AS DWORD
IF VirtualProtect(InsMemSys, LEN(Cd1), _
%PAGE_EXECUTE_READ, oldProtect) = 0 THEN
MSGBOX "Failed to change memory protection"
VirtualFree InsMemSys, 0, %MEM_RELEASE
EXIT FUNCTION
END IF
' Execute the code --------- inside the system memory -------------
LOCAL Dresult AS DWORD
CALL DWORD InsMemSys USING TestRetM() TO Dresult
' Display the Dresult
MSGBOX "The result of the Test function : " + STR$(Dresult)
' Free the allocated memory
VirtualFree InsMemSys, 0, %MEM_RELEASE
' Exit the program
ExitProcess 0
END FUNCTION