| View previous topic :: View next topic |
| Author |
Message |
slippppppppp
Grandmaster Cheater
 Reputation: 0
Joined: 08 Aug 2006
Posts: 929
|
 Posted: Sat Feb 09, 2008 11:26 pm Post subject: C++ DLL |
 |
|
Im writing something in C++ dll wizard, and i was wonder exactly, how would i make an an address look to a script ie :
script:
blablabla
0x1023 jmp script
or w.e 
|
|
| Back to top |
|
 |
lurc
Grandmaster Cheater Supreme
 Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Sat Feb 09, 2008 11:32 pm Post subject: |
|
|
push eax
mov eax,0x1023
jmp script
or
call script (i think its call...)
kinda guesing  dont know much ASM...
_________________
|
|
| Back to top |
|
|
samuri25404
Grandmaster Cheater
 Reputation: 7
Joined: 04 May 2007
Posts: 955
Location: Why do you care?
|
| Posted: Sat Feb 09, 2008 11:49 pm Post subject: |
|
|
Try creating a method with the asm inside it, so you can do:
I forget the actual code, but Wiccaan has a nice tutorial on dlls with something about that on Extalia. I think Slovach even posted a link to it here, somewhere.
_________________
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
 Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Sun Feb 10, 2008 12:02 am Post subject: |
|
|
Written off the top of my head, probably doesn't work, but you get the idea.
| Code: | BOOL PlaceJump(unsigned long to, unsigned long from)
{
unsigned char jmp[5] = { 0xE9, 0, 0, 0, 0 };
unsigned long lawl = to - from -5;
__try {
__movsb(jmp+1, &lawl, 4);
__movsb(from, jmp, 5);
} __except(EXCEPTION_EXECUTE_HANDLER) {
return FALSE;
}
return TRUE;
} |
|
|
| Back to top |
|
|
slippppppppp
Grandmaster Cheater
Reputation: 0
Joined: 08 Aug 2006
Posts: 929
|
| Posted: Sun Feb 10, 2008 12:09 am Post subject: |
|
|
I have another question, lets say i want, 0x00100 <-addy
i want to set ZF[x][x], how do i convert that to Byte form>?
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Sun Feb 10, 2008 12:12 am Post subject: |
|
|
| Set/GetThreadContext and a breakpoint. You have to be attached as a debugger from outside the process, so that means no injected dll for you.
|
|
| Back to top |
|
|
slippppppppp
Grandmaster Cheater
Reputation: 0
Joined: 08 Aug 2006
Posts: 929
|
| Posted: Sun Feb 10, 2008 12:14 am Post subject: |
|
|
| no wait flyte, other than get/setcontextthread, is there a way to convert it to DEFINE Bytes or anything?
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Sun Feb 10, 2008 12:15 am Post subject: |
|
|
| samuri25404 wrote: | Try creating a method with the asm inside it, so you can do:
I forget the actual code, but Wiccaan has a nice tutorial on dlls with something about that on Extalia. I think Slovach even posted a link to it here, somewhere. |
http://www.extalia.com/forums/viewtopic.php?f=32&t=2795 
|
|
| Back to top |
|
|
samuri25404
Grandmaster Cheater
Reputation: 7
Joined: 04 May 2007
Posts: 955
Location: Why do you care?
|
| Posted: Sun Feb 10, 2008 12:16 am Post subject: |
|
|
I think I've answered that for you before. =P
SZF/CZF
Just go stick those somewhere in a CE and check the bytes.
I think that ZF [X] [X] is turning off ZF when it gets to that point.
_________________
|
|
| Back to top |
|
|
slippppppppp
Grandmaster Cheater
Reputation: 0
Joined: 08 Aug 2006
Posts: 929
|
| Posted: Sun Feb 10, 2008 12:20 am Post subject: |
|
|
| where on CE do i set it? In memory view? do i set SZF as the opcode?
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Sun Feb 10, 2008 2:17 am Post subject: |
|
|
| slippppppppp wrote: | | no wait flyte, other than get/setcontextthread, is there a way to convert it to DEFINE Bytes or anything? |
Somebody correct me if this is wrong but:
| Code: | Clear ZF:
pushf
and byte [esp+2], D
popf
Set ZF:
pushf
or byte [esp+2], 2
popf |
|
|
| Back to top |
|
|
Jani
Grandmaster Cheater
![]() Reputation: 2
Joined: 29 Dec 2006
Posts: 804
|
| Posted: Sun Feb 10, 2008 4:10 am Post subject: |
|
|
| slippppppppp wrote: | I have another question, lets say i want, 0x00100 <-addy
i want to set ZF[x][x], how do i convert that to Byte form>? |
If you can modify the code, you can use a cmp to set the flag.
|
|
| Back to top |
|
|
samuri25404
Grandmaster Cheater
Reputation: 7
Joined: 04 May 2007
Posts: 955
Location: Why do you care?
|
| Posted: Sun Feb 10, 2008 11:17 am Post subject: |
|
|
| slippppppppp wrote: | | where on CE do i set it? In memory view? do i set SZF as the opcode? |
Yeah, just like pop up minesweeper or something, attatch to it, and set some random address to be "SZF" or "CZF".
_________________
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Sun Feb 10, 2008 2:19 pm Post subject: |
|
|
| Flyte wrote: | | slippppppppp wrote: | | no wait flyte, other than get/setcontextthread, is there a way to convert it to DEFINE Bytes or anything? |
Somebody correct me if this is wrong but:
| Code: | Clear ZF:
pushf
and byte [esp+2], D
popf
Set ZF:
pushf
or byte [esp+2], 2
popf |
|
Not saying you are wrong but according to just about every site I've seen, ZF is offset 0x6. 0x2 is PF:
| Code: | 0 Carry
2 Parity
4 Auxiliary Carry
6 Zero
7 Sign
8 Trace
9 Interrupt
10 Direction
11 Overflow |
_________________
- Retired. |
|
| Back to top |
|
|
Flyte
Peanuts!!!!
Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Sun Feb 10, 2008 3:51 pm Post subject: |
|
|
Hmm, yes, looking back on that I used the wrong offset. 
My bad.
| Code: | Clear ZF:
pushf
and byte [esp+3], 0xDF
popf
Set ZF:
pushf
or byte [esp+3], 0x20
popf |
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
