Log in

View Full Version : Writing to Process memory within SoftICE

foxthree
November 3rd, 2002, 11:57
Hello:

I was wondering if there was a way to write a certain pre-defined byte to a process memory within softice. I know I can do a "ed <mem> <value>" but what if I wanted to fill say 1K block from some memaddr1 with 00s? Is there a macro or somthing to achieve this from within softice itself? Otherwise I'll have to write a small proggie to do this...

Signed,
-- FoxThree
r4g3
November 3rd, 2002, 12:26
well this is almost as coding WinXp2.006

push eax
push ebx
push ecx
mov ebx,memaddr
xor eax,eax
xor ecx,ecx
loop:
mov [ebx+4*ecx], eax
inc ecx
cmp ecx, 100h
jle loop
pop ecx
pop ebx
pop eax
jmp back_to_app_code

it`s not an optimized code , but should work
hobgoblin
November 3rd, 2002, 16:56
What about the F command in Sice?

F <address> l <lenght> <type of bytes to be written>

Or did I misunderstand the question?

hobgoblin
foxthree
November 3rd, 2002, 17:50
Hi Hob:

Thanx a lot, buddy! I didn't think it would be so easy . May be I should RTFM... anywayz, thanks a bunch

Signed,
-- FoxThree
esther
November 3rd, 2002, 18:20
>May be I should RTFM... anywayz, thanks a bunch

sure you need to
foxthree
November 3rd, 2002, 18:33
Hi Esther:

Sorry for asking something that was in TFM It wouldn't happen again! I wouldn't want to give you any more work than you already have

Thanks,

Signed,
-- FoxThree
esther
November 3rd, 2002, 18:36
Hey FoxThree,
I was just pulling your leg :P Sorry
foxthree
November 3rd, 2002, 18:41
Esther:

NP

Signed,
-- FoxThree
Kayaker
November 3rd, 2002, 19:49
Ahch, 'F' is obscure enough for me not to fall into the rtfm category.

Did you know that 'F' is one of those SI commands you can send via the BCHK interface? Check this out FoxThree, maybe you can incorporate it into a Win9x app for fun or profit

Cheers,
Kayaker
foxthree
November 4th, 2002, 06:19
Hi Kayaker:

Man, good one I totally forgot about the BCHK interface ... ofcourse No ICEDUMP ... Nice proggie, the wet one. BTW, what profit? where, where, where ???

Signed,
-- FoxThree
esther
November 4th, 2002, 06:27
Hi FoxThreeadthemanual ,

>what profit? where, where, where

He meant knowlege
Kayaker
November 4th, 2002, 16:54
Quote:
Originally posted by esther

>what profit? where, where, where

He meant knowlege


Heh, he's probably looking for something a little more tangible than that that he can put in his pocket..

Hey just out of curiousity, does the app work on Me/XP? I have no way of checking it but I was wondering if the BCHK interface is actually still active on those Win versions. There may be some restrictions when it comes to memory access, but I was wondering if it worked at all?

Kayaker
foxthree
November 5th, 2002, 08:06
Yo Kayaker: Right (Jus' kidding )

Alas, I too do not have a working WinMe/XP installation around here.

Signed,
-- FoxThree
Kayaker
November 5th, 2002, 08:16
...there must be some other brave adventurous soul around willing to put it to the test then?
Snatch
November 7th, 2002, 12:38
Did not work for me on WinXP SP1.

The exception Breakpoint
A breakpoint has been reached.
(0x80000003) occured in the application at location 0x004010b1.

Okay just slapped myself awake after looking at the source and duh. So if I turn i3here on then I go into the debugger and nothing happens. Looks like the interface is no longer exported and its just being interpreted as a normal int3 breakpoint. Unless there is some option in Softice that I have set wrong...

Snatch