You can't do the necessary far jump with the conditional jump instructions (apparently). Just put a label in front of your jmp return and jne to that. But even then you do have the test rdi,rdi and that other jne instruction from the original code in your injection, to avoid that I'd inject two lines higher.
Also and I'm not sure if that can happen, but if you get memory allocated near the injection point that'll shorten your jump instruction and screw up your return so to make sure I'd probably set the return point explicitly like this:
_Test2:
jmp newmem
_Test2+F: (this is for an injection point 2 lines higher, +10 would be for your current injection point)
return:
Re: COD WWII Code Injection
Posted: Sat Nov 04, 2017 9:30 am
by STN
CE can't allocate near where you're injecting so a far jump is used. Seems to be a CE bug as manually allocation does work using the API (at least that's what Booboo told me, haven't tested myself) so maybe CE' has a strict allocation filters? I don't know.
You can increase the number of zeroes to find a bigger code cave but this should suffice. I was able to find a 500-800 bytes free zone with that consistently (used like 300 bytes in my injections without any issues for anyone).
Re: COD WWII Code Injection
Posted: Sat Nov 04, 2017 12:04 pm
by l0wb1t
Thanks for the ideas. Dark Byte told me "Query Memory Region Routines" needs to be disabled when activating scripts, else memory allocation fails.
