2

I have loaded a dll into a program by static injection (code cave). I have already called one dll function with no parameters, so that's okey, but I want to call a function with a memory address as one of the parameters.
Like: MyDllFunction(....., LPCWSTR MemoryAddress)
The memory address (like 027B02A3) is in a local variable [EBP-8].
I'm guessing (pretty sure) that I can't just: PUSH [EBP-8] ??
What do I do to make this happen? Or is it easier to rewrite the dll function to take a DWORD instead of LPCWSTR and do the conversion there? I think I saw an example using swprintf_s somewhere.

I'm not that experienced with assembly yet (or C/C++) and I've only been working with hardcoded strings before.

Oyvind E
  • 41
  • 2
  • Do you want `MemoryAddress` to contain `L"027B02A3"` or point to a `WCHAR` string located at `027B02A3`? If it's the latter `push [ebp-8]` should work (for getting that value on the stack, there might be other issues). – user786653 Nov 16 '11 at 18:44
  • Yes, I want MemoryAddress to contain L"027B02A3". Thank you for helping me clarify. – Oyvind E Nov 16 '11 at 21:33
  • If you know how to use `swprintf_s` (or `swprintf`) just go a head and use that. Otherwise look e.g. [here](http://stackoverflow.com/questions/7863094/how-can-i-convert-hex-to-decimal) on how to create an ascii string containing the hex value. Of course you'll have to add extra 0 bytes to have it be a wide char string. (i.e. "12" {0x31, 0x32, 0x00} -> L"12" {0x31, 0x00, 0x32, 0x00, 0x00, 0x00 }) – user786653 Nov 17 '11 at 07:26
  • I solved it by using swprintf_s in the dll file. Interesting alternative you gave me though. – Oyvind E Nov 17 '11 at 22:52

0 Answers0