| View previous topic :: View next topic |
| Author |
Message |
Chaosis13
Master Cheater
![]() Reputation: 0
Joined: 14 Aug 2007
Posts: 372
|
 Posted: Sun Jul 06, 2008 9:03 pm Post subject: [ASM & C++] Pointer to Function |
 |
|
I am making some scripts into DLL's so I am just double checking this....
In C++ you can have a pointer to a function (yes you can, try it), so if I wanted to make this AA code into C++/ASM:
| Code: | [Enable]
//alloc crap
//etc
CodeCave:
//shit
jmp returnhere
1D6C8F7A:
jmp CodeCave // *
nop
returnhere: |
Wouldn't I need to make a pointer to a function at the line with the '*'?
If not what would I do.... I am not the best at ASM, I am going to learn it after python. |
|
| Back to top |
|
 |
lurc
Grandmaster Cheater Supreme
 Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Sun Jul 06, 2008 9:09 pm Post subject: |
|
|
If you wanna have the same effect as doing
Alloc(CodeCave, 128)
just do a __declspec(naked) function containing inline asm like so:
| Code: | DWORD Return = 0x1D6C8F80;
void __declspec(naked) CodeCave()
{
_asm
{
jmp dword ptr ds:[Return]
}
} |
then pointer editing like so:
| Code: | *(BYTE*)0x1D6C8F7A = 0xE8; // Call
*(DWORD*)0x1D6C8F7B = ((DWORD)CodeCave - 0x1D6C8F7A - 5); // Distance for jump
*(BYTE*)0x1D6C8F7F = 0x90; // Nop |
_________________
|
|
| Back to top |
|
|
Chaosis13
Master Cheater
![]() Reputation: 0
Joined: 14 Aug 2007
Posts: 372
|
| Posted: Sun Jul 06, 2008 9:29 pm Post subject: |
|
|
I get it... Then in asm.... (I just prefer it.)
| Code: | __asm
{
jmp dword ptr ds:[CodeCave]
nop
Return:
} |
Or I could do a call.... TY
P.S. I don't know what I didn't get that be4, i guess it is late + me a noob in asm. |
|
| Back to top |
|
|
Jani
Grandmaster Cheater
![]() Reputation: 2
Joined: 29 Dec 2006
Posts: 804
|
| Posted: Mon Jul 07, 2008 4:43 am Post subject: |
|
|
| Chaosis13 wrote: | | Or I could do a call.... |
Sure. You can do which ever you want, a jmp or call, depending on how do you build your cave. With a call, make sure that the stack doesn't get messed up. |
|
| Back to top |
|
|
Chaosis13
Master Cheater
![]() Reputation: 0
Joined: 14 Aug 2007
Posts: 372
|
| Posted: Mon Jul 07, 2008 7:30 am Post subject: |
|
|
Kk. I made my script, but I dont think I did something right.... Does this code look right:
| Code: | Addy = Pointer + 0xABC; //Pointer = 0x12344321
Value = *(DWORD*)Addy; |
I need Addy to = pointer + offset, and Value to = value of the address being pointed to. I tryed using this:
But the compiler got angry... |
|
| Back to top |
|
|
Symbol
I'm a spammer
![]() Reputation: 0
Joined: 18 Apr 2007
Posts: 5094
Location: Israel.
|
| Posted: Mon Jul 07, 2008 9:05 am Post subject: |
|
|
Pointer points to Base Address Value + Offset, so it should look like:
| Code: | | (*(int*)Address) + offset |
LEA and MOV are diffrent instructions, you know, LEA is used to load an address (Load Effective Address) and MOV moves data. |
|
| Back to top |
|
|
Chaosis13
Master Cheater
![]() Reputation: 0
Joined: 14 Aug 2007
Posts: 372
|
| Posted: Mon Jul 07, 2008 1:23 pm Post subject: |
|
|
| Oh, ty. I thought LEA was for pointers.... |
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Mon Jul 07, 2008 1:36 pm Post subject: |
|
|
| Code: | LEA - Load Effective Address
Usage: LEA dest,src
Modifies flags: None
Transfers offset address of "src" to the destination register.
Clocks Size
Operands 808x 286 386 486 Bytes
reg,mem 2+EA 3 2 1 2-4
- the MOV instruction can often save clock cycles when used in
place of LEA on 8088 processors
8D / r LEA r16,m Store effective address for m in register r16
8D / r LEA r32,m Store effective address for m in register r32 |
_________________
- Retired. |
|
| Back to top |
|
|
samuri25404
Grandmaster Cheater
 Reputation: 7
Joined: 04 May 2007
Posts: 955
Location: Why do you care?
|
| Posted: Mon Jul 07, 2008 5:38 pm Post subject: |
|
|
| Wiccaan wrote: | | Code: | LEA - Load Effective Address
Usage: LEA dest,src
Modifies flags: None
Transfers offset address of "src" to the destination register.
Clocks Size
Operands 808x 286 386 486 Bytes
reg,mem 2+EA 3 2 1 2-4
- the MOV instruction can often save clock cycles when used in
place of LEA on 8088 processors
8D / r LEA r16,m Store effective address for m in register r16
8D / r LEA r32,m Store effective address for m in register r32 |
|
Shouldn't you be crediting the Intel Reference Manual?
Makes eax a pointer to [eax+4]
_________________
|
|
| Back to top |
|
|
Chaosis13
Master Cheater
![]() Reputation: 0
Joined: 14 Aug 2007
Posts: 372
|
| Posted: Mon Jul 07, 2008 6:12 pm Post subject: |
|
|
OWNED. And I don't know why LEA wasn't working for me, but it must have been my other code.... It is getting abit complicated...
TY for your help. |
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Tue Jul 08, 2008 12:37 am Post subject: |
|
|
It's quoted, and I never said I wrote it.
Edit: On a side note, it came from the help files that come with MASM.
_________________
- Retired. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
