| View previous topic :: View next topic |
| Author |
Message |
skotos_
How do I cheat?
![]() Reputation: 0
Joined: 26 Sep 2007
Posts: 7
|
 Posted: Mon Dec 24, 2007 12:41 pm Post subject: Program's memory management |
 |
|
Hi! I want to make a code injection in delphi but I don't know how to turn this code into binary. For example . The JMP looks like E9. The question is how does the address looks like? I think it depends on the real place of the program in the memory. Where could I read more about this or how can I solve this? I hope you understand what I realy want coz my english is bad.
Edited:
I guess my question is in short.
How to translate a process address into a physical address?
|
|
| Back to top |
|
 |
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
| Posted: Mon Dec 24, 2007 1:31 pm Post subject: |
|
|
E9 FB FF 89 01
You can paste JMP 01CA0000 to memory view of CE and it will show you what it is in the lower window.
|
|
| Back to top |
|
|
skotos_
How do I cheat?
![]() Reputation: 0
Joined: 26 Sep 2007
Posts: 7
|
| Posted: Mon Dec 24, 2007 1:37 pm Post subject: |
|
|
Ok, but I need it in delphi code. I can't write it into CE every time when I need it. Maybe the sollution is in the CE's source code, but it's very big and difficult for me. Btw I'm glad for ur answer.
Edited: I found this VirtualQueryEx. What do u think about this function? Is it useful in my case?
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Mon Dec 24, 2007 10:35 pm Post subject: |
|
|
| skotos_ wrote: | Ok, but I need it in delphi code. I can't write it into CE every time when I need it. Maybe the sollution is in the CE's source code, but it's very big and difficult for me. Btw I'm glad for ur answer.
Edited: I found this VirtualQueryEx. What do u think about this function? Is it useful in my case? |
Just write your new code in CE then look at the corresponding bytes CE shows. Those bytes are what make up those instructions. Use WriteProcessMemory and just write that.
|
|
| Back to top |
|
|
skotos_
How do I cheat?
![]() Reputation: 0
Joined: 26 Sep 2007
Posts: 7
|
| Posted: Tue Dec 25, 2007 4:20 am Post subject: |
|
|
How does CE do the translate of JMP 01CA0000 into E9 FB FF 89 01?
That's what i want to know. It's not a constant value!
|
|
| Back to top |
|
|
Labyrnth
Moderator
![]() Reputation: 10
Joined: 28 Nov 2006
Posts: 6301
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25864
Location: The netherlands
|
| Posted: Tue Dec 25, 2007 5:40 am Post subject: |
|
|
jmp are special since they use relative addresses instead of static addresses.
basically addresstojumpto-(addresstojumpfrom +5)
you could use the equivalent jmp [xxxxxxxx] where xxxxxxxx is the address that holds the value 1ca0000
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
skotos_
How do I cheat?
![]() Reputation: 0
Joined: 26 Sep 2007
Posts: 7
|
| Posted: Tue Dec 25, 2007 7:37 am Post subject: |
|
|
| Dark Byte wrote: | jmp are special since they use relative addresses instead of static addresses.
basically addresstojumpto-(addresstojumpfrom +5)
you could use the equivalent jmp [xxxxxxxx] where xxxxxxxx is the address that holds the value 1ca0000 |
Master! U 've right! Is it difference between short jump or long jump? Btw I think the trick u advised solve my problem. (Sry for my english  )
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
