flat assembler
Message board for the users of flat assembler.
Index
> Main > code injection |
Author |
|
Tomasz Grysztar 01 Feb 2004, 00:40
Code: mov byte [cave],c1 mov byte [cave+1],c2 jmp cave @i: invoke MessageBox,0,test1,captioN,MB_OK invoke ExitProcess,eax cave rb 5 ; make this a jmp to @i virtual at cave jmp @i load c1 from cave load c2 from cave+1 end virtual |
|||
01 Feb 2004, 00:40 |
|
Paul6253 01 Feb 2004, 01:48
thats an interesting solution!
so the virtuel simulates the logic out of the load statements? _________________ Plez xcuce mi spelng |
|||
01 Feb 2004, 01:48 |
|
comrade 01 Feb 2004, 02:57
Here is what I use:
Code: OFFSET equ glFlushold rb 05h stdcall memcpy,OFFSET glFlushold,[glFlush],5 stdcall hook,[glFlush],OFFSET opengl32glFlush memcpy: mov esi,[esp+08h] mov edi,[esp+04h] mov ecx,[esp+0Ch] rep movsb retn 0Ch hook: mov edx,[esp+04h] mov eax,[esp+08h] sub eax,edx sub eax,5 mov byte [edx],0E9h mov [edx+01h],eax retn 08h opengl32glFlush: ; call push esi edi stdcall memcpy,[glFlush],OFFSET glFlushold,5 call watermark pop edi esi push dword [esp] pop [caller] mov dword [esp],OFFSET .ret jmp [glFlush] .ret: ; return push eax stdcall hook,[glFlush],OFFSET opengl32glFlush mov eax,[caller] xchg eax,[esp] retn |
|||
01 Feb 2004, 02:57 |
|
Tomasz Grysztar 01 Feb 2004, 11:06
Paul6253 wrote: thats an interesting solution! "virtual" just generates some code as if it were under the specified address, but doesn't put this code in the output file; while "load" directive loads byte values from that code (while it still exists in memory during the assembly - note that it loads from its "current" address space, so "load from cave" loads byte from "cave" address within virtual block, but if you put that load outside the virtual block, it will load byte from the "cave rb 5" declaration) and these values can be used in other parts of code, as in this example. |
|||
01 Feb 2004, 11:06 |
|
Paul6253 07 Feb 2004, 14:04
thats wicked man!
you still need to know the op-code length... I mean the jmp is two-bytes so can load two byte registers bit what if it was a 7 byte jump and you didnt know it? _________________ Plez xcuce mi spelng |
|||
07 Feb 2004, 14:04 |
|
Tomasz Grysztar 07 Feb 2004, 14:19
You can add some check so the code will warn you if you have not used all the bytes from virtual block.
Also you could make some more complex macros to generate sequence of mov's for code of any length. Let me know if you need some example. The above was just the most simple one to show how you can utilize "virtual" for such purposes (and it was assuming that the jump is short just like your initial code sample). |
|||
07 Feb 2004, 14:19 |
|
Paul6253 07 Feb 2004, 14:50
yes, that would be nice...thankyou. I would like to
post more -- i have other stuff to say concerning this and it's relationship with C++ function overloading feature. regards, _________________ Plez xcuce mi spelng |
|||
07 Feb 2004, 14:50 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.