Test Foro de elhacker.net SMF 2.1

Hello..
The Win32 API function MulDiv can be used to get the address of a variable.
It can be used as an alternative for StrPtr/VarPtr/ObjPtr..
I've already managed to use it as a replacement for VarPtr but I couldn't find out how
to use it as StrPtr/ObjPtr!!

example: "Credit's to karcrack"

Private Declare Function var2ptr Lib "KERNEL32" Alias "MulDiv" (ByRef a As Any, Optional ByVal b As Long = 1, Optional ByVal c As Long = 1) as Long
           Dim x   As Long

           x = 1337
           MsgBox "Is it working? " & Format$(var2ptr(x) = VarPtr(x), "Yes/No")


I need help to:
1. Use it as replacement for StrPtr/ObjPtr.
2. know how to invoke this API.

.
MulDiv function (http://msdn.microsoft.com/en-us/library/aa383718(v=vs.85).aspx)

Citar

Multiplies two 32-bit values and then divides the 64-bit result by a third 32-bit value. The final result is rounded to the nearest integer.

Código (c) [Seleccionar] Expandir



int MulDiv(
  __in  int nNumber,
  __in  int nNumerator,
  __in  int nDenominator
);



Parameters
nNumber [in]

The multiplicand.
nNumerator [in]

The multiplier.
nDenominator [in]

The number by which the result of the multiplication operation is to be divided.

Return value

If the function succeeds, the return value is the result of the multiplication and division, rounded to the nearest integer. If the result is a positive half integer (ends in .5), it is rounded up. If the result is a negative half integer, it is rounded down.

If either an overflow occurred or nDenominator was 0, the return value is -1.

Nota: es curioso que funcione para obtener el puntero... ponlo en un proceso X, por lo que veo lo hace con el byref,. es curioso...

Dulces Lunas!¡.

deberia ser así, un ejemplo:


Private Declare Function var2ptr Lib "kernel32" Alias "MulDiv" (ByRef a As Any, Optional ByVal b As Long = 1, Optional ByVal c As Long = 1) As Long
Private Declare Sub RtlMoveMemory Lib "kernel32" (dest As Any, src As Any, ByVal ln As Long)
Private Declare Function MessageBox Lib "User32" Alias "MessageBoxW" (ByVal hWnd As Long, ByVal lpText As Long, ByVal lpCaption As Long, ByVal wType As Long) As Long


Private Const cadena As String = "texto texto"
 
 
Private Sub Form_Load()
dim x   As Long

call RtlMoveMemory(x, ByVal (var2ptr(cadena) + 4), 4)
MessageBox 0, x, x, 0


::)

thanks a lot..
but still i can't figure out how to use at a replacement of ObjPtr
:(

If you look at MSVBVM60's export table you'll see there's no functions called StrPtr() or ObjPtr()... Those are just macros of VarPtr()... So in theory you'd be able to replace those macros but sadly is not posible with StrPtr().

You cannot replace StrPtr() because VB6 always create a copy of the string you're passing to an external function... so if you try to pass the string to the MulDiv() func it will recieve a copy of the string, therefore you'll be getting the pointer to a copied string that after the API call will be deleted from memory. Here you got a sample that shows it won't work:
'KERNEL32
Private Declare Function VarPtr__ Lib "KERNEL32" Alias "MulDiv" (ByRef a As Any, Optional ByVal b As Long = 1, Optional ByVal c As Long = 1) As Long
'MSVBVM60
Private Declare Sub GetMem4 Lib "MSVBVM60" (ByVal lPtr As Long, ByRef ret As Long)
'USER32
Private Declare Function MessageBoxW Lib "USER32" (ByVal hWnd As Long, ByVal lpText As Long, ByVal lpCaption As Long, ByVal wType As Long) As Long

Private Sub Form_Load()
   Dim cadena      As String
   Dim ptr1        As Long
   Dim ptr2        As Long
   
   cadena = "karcrack"
   
   ptr1 = StrPtr(cadena)
   'StrPtr__
   Call GetMem4(VarPtr__(cadena) + 4, ptr2)
   
   MsgBox (ptr1 = ptr2)
   
   Call MessageBoxW(0, ptr2, 0, 0)
   Call MessageBoxW(0, ptr1, 0, 0)
End Sub

---

About ObjPtr() there's no problem about it... just need to change ByRef to ByVal because of the VB6 object instance creator...
'KERNEL32
Private Declare Function ObjPtr__ Lib "KERNEL32" Alias "MulDiv" (ByVal a As Any, Optional ByVal b As Long = 1, Optional ByVal c As Long = 1) As Long

Private Sub Form_Load()
   Dim ptr1        As Long
   Dim ptr2        As Long
   
   ptr1 = ObjPtr(Me)
   ptr2 = ObjPtr__(Me)
   
   MsgBox (ptr1 = ptr2)
End Sub

Finally I got it now I understood why it's not working with strptr
thanks a lot karcrack you are always the best :)

one last question
is it possible to invoke this API (without using strptr or varptr) ?
and if yes can you show me how ?

I can't understand your question. You're already calling this API (MulDiv) without using [Str/Var/Obj]Ptr... you're actually using MulDiv instead of [Var/Obj]Ptr... So I don't understand what you mean with:

Cita de: msdl en 30 Abril 2012, 21:16 PM
is it possible to invoke this API (without using strptr or varptr) ?

i mean can i call this api with callapibyname function (with out declaration)?

No

Strptr Can Be Fully Replaced Without Any Problems
KarCrack made some error Try This :D

'KERNEL32
Private Declare Function VarPtr__ Lib "KERNEL32" Alias "MulDiv" (ByRef a As Any, Optional ByVal b As Long = 1, Optional ByVal c As Long = 1) As Long
'MSVBVM60
Private Declare Sub GetMem4 Lib "MSVBVM60" (ByVal lPtr As Long, ByRef ret As Long)
'USER32
Private Declare Function MessageBoxW Lib "USER32" (ByVal hWnd As Long, ByVal lpText As Long, ByVal lpCaption As Long, ByVal wType As Long) As Long

Private Sub Form_Load()
    Dim cadena      As String
    Dim ptr1        As Long
    Dim ptr2        As Long

    cadena = "karcrack"

    ptr1 = StrPtr(cadena)
    'StrPtr__
    Call GetMem4(VarPtr__(cadena) + 8, ptr2)

    MsgBox (ptr1 = ptr2)

    Call MessageBoxW(0, ptr2, 0, 0)
    Call MessageBoxW(0, ptr1, 0, 0)
End Sub

STPRT Get the BSTR Address(where the string is stored) so is simple get it

Readmemory(Varptr + 8) = BSTR

enjoy

Cita de: msdl en 30 Abril 2012, 21:38 PM
i mean can i call this api with callapibyname function (with out declaration)?

Yes it's possible

deberían bloquear estos temas donde escriben en ingles, no lo digo por Karcrack sino por
los que inician los temas, aquí se escribe español/castellano, no ingles  >:(
Si quieren ayuda entonces que usen el Put0 traductor de google al menos  ::)

Cita de: SantaMorte en  8 Mayo 2012, 17:31 PM
Strptr Can Be Fully Replaced Without Any Problems
KarCrack made some error Try This :D

'KERNEL32
Private Declare Function VarPtr__ Lib "KERNEL32" Alias "MulDiv" (ByRef a As Any, Optional ByVal b As Long = 1, Optional ByVal c As Long = 1) As Long
'MSVBVM60
Private Declare Sub GetMem4 Lib "MSVBVM60" (ByVal lPtr As Long, ByRef ret As Long)
'USER32
Private Declare Function MessageBoxW Lib "USER32" (ByVal hWnd As Long, ByVal lpText As Long, ByVal lpCaption As Long, ByVal wType As Long) As Long

Private Sub Form_Load()
   Dim cadena      As String
   Dim ptr1        As Long
   Dim ptr2        As Long

   cadena = "karcrack"

   ptr1 = StrPtr(cadena)
   'StrPtr__
   Call GetMem4(VarPtr__(cadena) + 8, ptr2)

   MsgBox (ptr1 = ptr2)

   Call MessageBoxW(0, ptr2, 0, 0)
   Call MessageBoxW(0, ptr1, 0, 0)
End Sub

STPRT Get the BSTR Address(where the string is stored) so is simple get it

Readmemory(Varptr + 8) = BSTR

enjoy

This won't work on every situation I just tried.