i cannot solve my problem. Any help appreciated. I want to create a jmp to my allocated memory. If i check my calculation with cheat engine allocated memory it is fine. Cause Cheat Engine allocates memory in a higher region. My allocated memory is e.g: 0x870000 and the adress where i want to create the jmp is at: 7FFDE65F5184.
Console.WriteLine("toWrite: {0:x}", toWrite.ToInt64()); /*toWrite: 7FFDE65F5184*/
IntPtr allocation = VirtualAllocEx(openproc, IntPtr.Zero , 0x1024, AllocationType.Commit | AllocationType.Reserve, MemoryProtection.ExecuteReadWrite);
Console.WriteLine("allocation: {0:x}", allocation.ToInt64()); /* allocation: 870000*/
IntPtr jmp = new IntPtr((toWrite.ToInt64() - (allocation.ToInt64() + 5)));
byte[] bytes1 = BitConverter.GetBytes(jmp.ToInt64());
byte[] bytes2 = { 0, 0, 0, 0, 0, 0, 0, 0, 0, };
bytes2[0] = 233;
bytes2[1] = bytes1[0];
bytes2[2] = bytes1[1];
bytes2[3] = bytes1[2];
bytes2[4] = bytes1[3];
/*nops*/
bytes2[5] = 144;
bytes2[6] = 144;
bytes2[7] = 144;
bytes2[8] = 144;
UIntPtr written = new UIntPtr();
WriteProcessMemory(openproc, toWrite, bytes2, 9, out written);
50% of the result is correct. anyone can help?
This is my result:
7FFDE65F5184 - E9 77AE271A - jmp 7FFE00870000
Why is there 7FFE00 in front of my needed jmp adress ? if i choose another value than IntPtr.Zero in VirtualAllocEx the return value is 0 - dont know why! i know it is not well coded, but first of all i want to understand what is my problem and how i can solve this issue.
Thanks so much guys!
