| View previous topic :: View next topic |
| Author |
Message |
PuckaHuck
Newbie cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 11
|
 Posted: Sun Jan 03, 2016 3:49 pm Post subject: C++ Code Injection |
 |
|
Hi,
I basically want to make a program in C++ that does the same thing as the Auto Assembler in Cheat Engine (With the code injection). I would really like to do this without injecting any DLL, basically I just want to insert some assembly code to a codecave inside the process, and then jump to there from a specific address that I already have.
I have not been able to find so much about this in C++, so I was hoping you could help on how I could do this. Thanks! 
#Edit: I figured I have to use WriteProcessMemory and VirtualAllocEx, but I have not yet figured out how to perform the jump to the codecave and back to "where I came from".
|
|
| Back to top |
|
 |
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Sun Jan 03, 2016 7:39 pm Post subject: |
|
|
Do do a jump in a 32bit program, write E9 (byte) followed by {address_where_you_jump_to - address_where_you_jump_from - 5} as a 32 bit int.
The -5 comes from the size of a jmp instruction: 5 bytes.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
mgostIH
Expert Cheater
 Reputation: 3
Joined: 01 Jan 2016
Posts: 159
|
| Posted: Mon Jan 04, 2016 5:51 am Post subject: |
|
|
I usually use a call (Opcode E8 instead of E9) because it's sure it will take up 5 bytes and it's easy to return to: just put a ret (opcode C3) at the end of your assembly script.
Here's what I use for calculating the jmp gniarf was talking about:
| Code: |
DWORD calcjmp(PVOID Address,DWORD jmpto){
DWORD RelAddress = (DWORD) (jmpto - (DWORD)Address)-5;
return RelAddress;
}
|
Seems a little messy with those (DWORD) because VirtualAllocEx returns a PVOID type pointer.
_________________
|
|
| Back to top |
|
|
PuckaHuck
Newbie cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 11
|
| Posted: Mon Jan 04, 2016 1:58 pm Post subject: |
|
|
Thanks for the help guys, I almost have it working now
I just have one problem though. This is some of the assembly I'm injecting (AT&T syntax):
| Code: | movl $0x226, 30(%ebx)
movl %ebx, %eax |
The problem is that the value 30 in this: | Code: | | movl $0x226, 30(%ebx) // mov [ebx+30], 0x226 |
gets changed to something else like 22. Any idea why this happens? It works fine if I change it back to 30 afterwards, but I'd like to know why this happens and how I can fix it.
|
|
| Back to top |
|
|
mgostIH
Expert Cheater
Reputation: 3
Joined: 01 Jan 2016
Posts: 159
|
| Posted: Mon Jan 04, 2016 2:01 pm Post subject: |
|
|
| PuckaHuck wrote: | Thanks for the help guys, I almost have it working now :)
I just have one problem though. This is some of the assembly I'm injecting (AT&T syntax):
| Code: | movl $0x226, 30(%ebx)
movl %ebx, %eax |
The problem is that the value 30 in this: | Code: | | movl $0x226, 30(%ebx) // mov [ebx+30], 0x226 |
gets changed to something else like 22. Any idea why this happens? It works fine if I change it back to 30 afterwards, but I'd like to know why this happens and how I can fix it. |
Assuming you are code injecting with a c++ program, you don't input the syntax itself, but instead you write the bytes of the opcodes, so you have to check those instead, to see if you messed something up.
Also, providing some of the source code of your program would help a lot.
_________________
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4697
|
| Posted: Mon Jan 04, 2016 3:05 pm Post subject: |
|
|
| mgostIH wrote: | | Assuming you are code injecting with a c++ program, you don't input the syntax itself, but instead you write the bytes of the opcodes... |
What? You can write ASM in C++ just fine. Example here.
| PuckaHuck wrote: | | ...gets changed to something else like 22. |
Does it change to random values every time you run it? If not, does it change to exactly 22? If not that either, then what does it change to? I'd guess it's some sort of dec/hex conversion problem depending on what it's changed to.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
PuckaHuck
Newbie cheater
![]() Reputation: 0
Joined: 01 Nov 2015
Posts: 11
|
| Posted: Mon Jan 04, 2016 3:17 pm Post subject: |
|
|
| ParkourPenguin wrote: | | mgostIH wrote: | | Assuming you are code injecting with a c++ program, you don't input the syntax itself, but instead you write the bytes of the opcodes... |
What? You can write ASM in C++ just fine. [/url].
| PuckaHuck wrote: | | ...gets changed to something else like 22. |
Does it change to random values every time you run it? If not, does it change to exactly 22? If not that either, then what does it change to? I'd guess it's some sort of dec/hex conversion problem depending on what it's changed to. |
I just realized I wrote 30, it's actually 34, which converts to 22 in hex if you write it as a decimal... so yes it was a conversion problem. But I have fixed it now and it works perfectly, thanks for your help guys! 
|
|
| Back to top |
|
|
mgostIH
Expert Cheater
Reputation: 3
Joined: 01 Jan 2016
Posts: 159
|
| Posted: Tue Jan 05, 2016 6:55 am Post subject: |
|
|
| ParkourPenguin wrote: | | mgostIH wrote: | | Assuming you are code injecting with a c++ program, you don't input the syntax itself, but instead you write the bytes of the opcodes... |
What? You can write ASM in C++ just fine. Example here.
|
Unless you use dll injection, you can't write asm code itself.
Also, invoking _asm is not something that C++ has by its own, but it's a compiler feature.
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
