• Amused
  • Angry
  • Annoyed
  • Awesome
  • Bemused
  • Cocky
  • Cool
  • Crazy
  • Crying
  • Down
  • Drunk
  • Embarrased
  • Enraged
  • Friendly
  • Geeky
  • Godly
  • Happy
  • Hateful
  • Hungry
  • Innocent
  • Meh
  • Piratey
  • Poorly
  • Sad
  • Secret
  • Shy
  • Sneaky
  • Tired
  • Wtf
  • At Work
  • CodenzHub
  • Coding
  • Deejaying
  • Donating
  • Drinking
  • Eating
  • Editing
  • Hacking
  • Hate Mailing
  • Jamin'
  • Lagging
  • Live Streaming
  • Lurking
  • No Status
  • Pawning
  • PC Gaming
  • PS Gaming
  • Raging
  • Reversing
  • Sleeping
  • Steam Gaming
  • Trolling
  • TwitchStreamer
  • Vodka!
  • Watching TV/Movie
  • Xbox Gaming
  • Youtuber
  • Zombies
  • Page 1 of 2 12 LastLast
    Results 1 to 10 of 13
    1. #1
      Administrator
      Hacked By Jesus
       
      Reversing
       
      [GH]Rake's Avatar
      Join Date
      Jan 2014
      Location
      USA
      Posts
      3,681
      Thanks (-->)
      897
      Thanks (<--)
      1101

      Writing inline assembly to external process

      How to Call Game Functions
      I answered an interesting StackOverflow question today and thought it was kinda neat so I'll share it with the GH homies here. Basically he wants to write asm to a process without knowing the bytes

      You can write your assembly inside of a __declspec(naked) function and use WriteProcessMemory to write data into the external process, using the inline assembly function as the source. This is nice if you just need to inject some shell code real fast and don't want to convert it by hand or using a disassembler.

      Here is an example that Writes from the assembly into a local buffer:


      __declspec(naked) int assembly()
      {
      __asm
      {
      push eax; // \x50
      mov eax, 1; // \xB8 \x01\x00\x00\x00
      pop eax; // \x58
      }
      }

      int main()
      {
      unsigned char buffer[7] = { 0 };

      HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, NULL, GetCurrentProcessId());
      WriteProcessMemory(hProc, &buffer, &assembly, 7, NULL);

      for (auto c : buffer)
      {
      printf("0x%hhX ", c);
      }

      std::getchar();

      return 0;
      }


      We use declspec to make sure no function prologue/epilogue gets in our way. The output is just for this proof of concept and will read: 0x50 0xB8 0x1 0x0 0x0 0x0 0x58

      Should be simple enough to Write to a target process using this technique.

      Using the Capstone disassembler is the ultimate solution if you find yourself doing this often, it's very easy to use.

    2. Thanks iPower, KeyGen2009-1, Broihon, Icew0lf thanked for this post
    3. #2
      Newbie
      Learning to hack games!
       
      Cocky
       
      KeyGen2009-1's Avatar
      Join Date
      Oct 2016
      Posts
      8
      Thanks (-->)
      2
      Thanks (<--)
      3

      Smile

      Code:
      DWORD USP_DEC=0x4234234;
      
      BYTE miASM[4];
      miASM[0]=0x90;
      miASM[0]=0x48; //inc eax 
      
      and i use writeprocessmemory:
      
      WriteProcessMemory(hp,(LPVOID)(USP_DEC),&miASM,sizeof(BYTE[2]),0);
      and i simulate, but my code is very noobbb! hahahah!
      thankyou for this info man! i LOVE YOU!

    4. #3
      edgy 5 y/o
      __fastcall is superior
       
      Trolling
       
      Broihon's Avatar
      Join Date
      Jul 2015
      Location
      Gro▀deutsches Reich
      Posts
      899
      Thanks (-->)
      133
      Thanks (<--)
      384
      A nice way but in my opinion using bytes is easier and better when it comes to more complicated hooks because those dummy functions are by default read/execute only. That means you won't be able to change any of the opcodes (eg. to update addresses or offsets at runtime). Also inline asm isn't support in the free Visual Studio versions when building x64 apps. I prefer this way:
      Writing inline assembly to external process
      That way I have full control about the amount of bytes, the EXACT instructions being used (no stupid optimizations or weird behaviour on different compilers) and I can hotfix addresses.

    5. Thanks [GH]Rake thanked for this post
    6. #4
      Hacker
      I'm just a collection of atoms
      maan
       
      No Status
       
      mambda's Avatar
      Join Date
      Jun 2014
      Posts
      768
      Thanks (-->)
      74
      Thanks (<--)
      228
      inline asm isnt available in any visual studio version when compiling x64, you have to make a standalone .asm file

    7. Thanks [GH]Rake thanked for this post
    8. #5
      Newbie
      Newbie in a progress.
       
      Crazy
       
      Onsed1970's Avatar
      Join Date
      Aug 2015
      Posts
      21
      Thanks (-->)
      0
      Thanks (<--)
      6
      In this case using OpenProcess isn't necessary, GetCurrentProcess returns the current handle with process_all_access by default

    9. #6
      Coder
      PM for THO unlimited RT
       
      Coding
       
      Roman_Ablo's Avatar
      Join Date
      Feb 2017
      Location
      KFC
      Posts
      212
      Thanks (-->)
      96
      Thanks (<--)
      53
      Quote Originally Posted by Onsed1970 View Post
      In this case using OpenProcess isn't necessary, GetCurrentProcess returns the current handle with process_all_access by default
      It doesnt on windows 10

    10. #7
      Administrator
      Hacked By Jesus
       
      Reversing
       
      [GH]Rake's Avatar
      Join Date
      Jan 2014
      Location
      USA
      Posts
      3,681
      Thanks (-->)
      897
      Thanks (<--)
      1101
      when are the noobs at microsoft gonna let us do inline asm in VS x64? I assume they aren't planning on doing it...

    11. #8
      edgy 5 y/o
      __fastcall is superior
       
      Trolling
       
      Broihon's Avatar
      Join Date
      Jul 2015
      Location
      Gro▀deutsches Reich
      Posts
      899
      Thanks (-->)
      133
      Thanks (<--)
      384
      Quote Originally Posted by Roman_Ablo View Post
      It doesnt on windows 10
      Quote Originally Posted by Onsed1970 View Post
      In this case using OpenProcess isn't necessary, GetCurrentProcess returns the current handle with process_all_access by default
      No and no.
      Let's take a quick look at GetCurrentProcess disassembled:
      Writing inline assembly to external process
      As you can see GetCurrentProcess doesn't even create a handle object nor do the returned F's refer to a (kernel) handle object.
      When you call some API which requires a process handle and you pass -1 to it the kernel will simply perform the actions on the caller process.
      Same for GetCurrentThread:
      Writing inline assembly to external process
      The only difference is that the value for the current thread is -2.

    12. #9
      Administrator
      Hacked By Jesus
       
      Reversing
       
      [GH]Rake's Avatar
      Join Date
      Jan 2014
      Location
      USA
      Posts
      3,681
      Thanks (-->)
      897
      Thanks (<--)
      1101
      Yeah that's right bitches don't even try to shit on my code

    13. #10
      Coder
      PM for THO unlimited RT
       
      Coding
       
      Roman_Ablo's Avatar
      Join Date
      Feb 2017
      Location
      KFC
      Posts
      212
      Thanks (-->)
      96
      Thanks (<--)
      53
      Advertise on GuidedHacking
      ye ik, getcurrentprocess is a pseudohandle but afaik it cant be used on some win10 versions

    Page 1 of 2 12 LastLast

    Similar Game Hacker Threads

    1. [Help] Getting process' main thread by process id
      By Roman_Ablo in forum C/C++
      Replies: 2
      Last Post: 12-06-2017, 01:37 PM
    2. [Source Code] Calling traceline with inline ASM
      By [GH]Rake in forum Assault Cube Hacks
      Replies: 18
      Last Post: 10-19-2015, 06:52 PM
    3. [Help] Read Process Memory from Process + mono.dll
      By ranseier in forum C#
      Replies: 2
      Last Post: 09-26-2015, 07:26 AM
    4. Execute ASM on process with external program.
      By Cyrion in forum Hacking Help
      Replies: 4
      Last Post: 01-24-2014, 09:47 AM