flat assembler
Message board for the users of flat assembler.
Index
> Windows > from C to FASM (API Hook Function) |
Author |
|
baldr 02 Sep 2010, 18:29
Nameless,
You must first verify that there is nop×5; mov edi, edi trampoline placeholder at the addresses that you're trying to overwrite. Second, stdcall calling conventions specify that callee is responsible for clearing stack from its arguments (thus simple ret overwriting function entry point can disturb caller's stack). Third, how do you expect to get control? ret can't automagically transfer it to the address you've specified as a target for direct near jump. Something more creative should be used (like jmp short $-5). Read on detours, it's all about this. |
|||
02 Sep 2010, 18:29 |
|
Nameless 02 Sep 2010, 20:01
looks like im way over my head :S
i dont really understand most of what u said, cause im not that good with asm words yet can u fix it for me so i can see what ur talking about? sorry im just still new to all this stuff |
|||
02 Sep 2010, 20:01 |
|
coconut 02 Sep 2010, 20:39
there is also a sample detours project by RedGhost on the FASM examples page: http://flatassembler.net/examples.php
third one down from the top |
|||
02 Sep 2010, 20:39 |
|
Nameless 02 Sep 2010, 22:44
well im gonna read much more then get back to this example
its a long way to go offtopic: can anyone here tell me how long they been doing asm? just asking |
|||
02 Sep 2010, 22:44 |
|
semiono 16 Sep 2010, 23:02
http://www.codeproject.com/KB/system/change_drive_sn.aspx
I've stuppid look to this program and not see how this app get access to volume?! Where is api like open disk write disk etc. ? Only MsgBox and printf // write boot sector if (!disk.WriteSector(0, Sector)) How to apps has known it? (MSVC++ horrible language) |
|||
16 Sep 2010, 23:02 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.