Page 1 of 1
Code injection with value
Posted: Sat Mar 04, 2017 1:37 am
by CJtheTiger
Using the Auto Assembler I created a little snippet which modifies which value will be set to a specific address.
Initially it was:
What I want it to be is:
I'd like to define the value in the table. How would I accomplish this?
This is the complete script:
Code: Select all
[ENABLE]
alloc(valuemod,2048)
label(valuemodexit)
valuemod:
mov [esi+9A],<my value>
jmp valuemodexit
"MyGame.exe"+ABCDEF:
jmp valuemod
valuemodexit:
[DISABLE]
"MyGame.exe"+ABCDEF:
mov [esi+9A],al
I could just make another entry in the table which writes the value into allocated memory for the injection and then just retrieve it in there, but I figured there must be some way to do this in a more elegant way.
Re: Code injection with value
Posted: Sat Mar 04, 2017 3:10 am
by UltimatePoto42
if your push value is always the same then you can just put your value in like you have it, but CE will interpret this as hex but you can use (int)#
Or you could define a value:
Code: Select all
define(PushValue,(int)100)
...
mov [esi+9A],PushValue
Re: Code injection with value
Posted: Sat Mar 04, 2017 3:23 am
by ++METHOS
You can also create a custom symbol and add it to your table as a custom address:
[ENABLE]
alloc(valuemod,2048)
label(valuemodexit)
label(originalcode)
label(value)
registersymbol(value)
valuemod:
{--optional-->>
cmp [value],0
je originalcode
<<--optional--}
push edi
mov edi,[value]
mov [esi+9A],edi
pop edi
jmp valuemodexit //may need to add some original code before the jump
originalcode:
//originalcode here
jmp valuemodexit
value:
dd 0
"MyGame.exe"+ABCDEF:
jmp valuemod
valuemodexit:
[DISABLE]
"MyGame.exe"+ABCDEF:
mov [esi+9A],al
unregistersymbol(value)
Once the script is activated, add a custom address to your table and put
value in the address field. You can assign hotkeys for setting/freezing values etc..
Re: Code injection with value
Posted: Sat Mar 04, 2017 5:42 pm
by CJtheTiger
Thanks guys!
Re: Code injection with value
Posted: Mon Mar 06, 2017 2:57 am
by Zanzer
Be sure to include "byte ptr" so you're not overwriting more than the 1 address.
Re: Code injection with value
Posted: Tue Mar 07, 2017 5:38 pm
by CJtheTiger
Zanzer wrote: ↑Mon Mar 06, 2017 2:57 am
Be sure to include "byte ptr" so you're not overwriting more than the 1 address.
From my understanding it will take the smallest common size, so when I move some value to AL which is one byte in size, it will only take one byte from the value I want to move there. Feel free to correct me there though.