Log in

View Full Version : Convert memory to string

haex
October 27th, 2002, 19:39
Ok this is the case:

ecx=12345678

That is ,it doesn't contain the value 12345678 but it refer to that memory location.

And now I want to push the VALUE "12345678" to the stack. (Not the value that is in the memory location 12345678.)
So that it can be shown in a MessageBox.

How do I do that?

I'm a newbie so I'm not sure that I made my question clear enough or used the right terms.


/haex
ZaiRoN
October 27th, 2002, 20:19
Hi!
you can use wsprintf function which formats and stores the value (12345678) in a buffer.

int_wsprintf(
LPTSTR_lpOut, // the output buffer
LPCTSTR_lpFmt, // format specification
... // optional arguments
);

for a complete description, make a simple search on google or at msdn
anyway, here is a masm style example:

Code:


format	db  "%X",0   ; format specification: unsigned hexadecimal integer in uppercase

serial  db  10  dup(0), 0   ; the output buffer

titolo	db  "and the value is...",0

...

mov ecx, 12345678h   ; the value you want to convert

...

invoke  wsprintf,OFFSET serial, OFFSET format, ecx

invoke  MessageBox, NULL, offset serial, offset titolo, MB_OK


regards,
ZaiRoN
haex
October 28th, 2002, 01:17
Ok, thanks for answering.

But either I didn't understood your answer or I didn't made myself clear enough.

I'll try again:

I don't want to convert a number to a string.
I want to convert a memory adress to a string.

I'm trying to patch a prog. I have found the good serial and I want to display it in the "Wrong serial"-message.
The problem is that the serial is a memory adress .

The good serail i.e. :12345678
and
ecx=12345678

That is if I, d ecx in sice i don't get the serial, cause the serial is the memory adress.

How do I convert the adress to string so I can push the string "12345678" ?

Ok, hope I made it clearer.
Kayaker
October 28th, 2002, 02:22
Hi

It's as Zairon said, you use wsprintfA to convert the value of a register, OR the value in a memory address that's contained in the register to a string and display it in the messagebox. You don't need the mov ecx, 12345678h statement, that was just to make the point that that was what was contained in ecx.

The format to display ecx is exactly as described:

invoke wsprintf,OFFSET serial, OFFSET format, ecx

If you want (which you say you don't) the value pointed to by a memory address that may be in ecx, then it would be:

invoke wsprintf,OFFSET serial, OFFSET format, dword ptr [ecx]


There's only one thing you need to be careful of though is that wsprintfA uses the ECX register, so whatever was in it will be gone. If you want to preserve it then transfer it to another register first and use that in the wsprintfA statement.

Get it?

Kayaker
Snatch
October 28th, 2002, 04:08
push ecx would push the value on the stack even if its pointing to a memory address or if it is a number. Since it is a memory address [ecx] makes sense though. Now wsprintf is the bottom line string formatting function for everything in c/c++ even if your using String classes or whatever so chances are the program you are modifying has the function in it somewhere. You will need to find some space maybe from the alignment or expand the file to get probably about 80 bytes of code to do what you need to do. you will probably want to use a "%X" format string assuming you want the serial in upper case hex or maybe %U if you want unsigned decimal etc you can read the docs on format specifications. Now if this doesnt work because your target is written in another language you can find the equivalent function or you can write your own simple routine though it would certainly take more code. If its decimal though it is very simple find an 11 byte memory buffer to output to and do something like:
mov ecx, 11
mov ebx, memory address to convert to string
mov edi, memory buffer address
mov [edi + ecx], 0
dec ecx
looplocation:
mov eax, ebx
and eax, 9
mov byte ptr [edi + ecx], 30h
add byte ptr [edi + ecx], al
div ebx, 10
dec ecx
jnz looplocation

Of course that is cheap and primitive as it has leading 0 padding but it works(I think I just wrote it out quickly). For hex you would do similar except you would divide by 10h and and with Fh and you would need to check if its greater than 9 to do the alpha characters. Either way its not too difficult to write your own routine to do the conversion . If that is easier than using routines from within your target that is.

Snatch
haex
October 28th, 2002, 14:38
Thanks Snatch!

I think you have answered my question.(Maybe the other guys did it to but I didn't realise that)
It turned up to be more complicated then first thought, maybe a good patching lesson for me.
And yes the serial is in hex.

But I have some other work to do right now, so I will try it later.

/haex