Discuss Byte Grabber

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Solaire

Respected Hacker
Dank Tier VIP
Dec 15, 2013
1,051
16,353
62
I wrote this up today, and it's pretty fun to use, though I'm curious if there is a better way to check whether the function has ended yet.

C++:
int grabBytes(DWORD funct, std::list<BYTE>& lst)
{
    for (int i = 0;; i++)
    {
        //If we come across an INT instruction, return the number of bytes found
        if ((*(BYTE*)(funct + i)) == 0xCC)
        {
            return i;
        }

        //Push the byte into our list
        lst.push_back(*(BYTE*)(funct + i));
    }
}
Using it:
C++:
//The example function to grab the bytes from
int ourFunct(int a, int b, int c)
{ 
    return a + b + c;
}

//Our list of BYTEs
std::list<BYTE> lst;
//Puts the bytes of the function into lst, and the number of bytes in lstNum
int lstNum = grabBytes((DWORD)ourFunct, lst);

//Print out the number of bytes
printf("All %d bytes of \"ourFunc\"\n", lstNum);

//Loop through and print out all of the bytes
for (auto i : lst)
{
    printf("\\x%02X", i);
}
Right now I'm checking whether or not the funct has ended by seeing if the next byte is 0xCC. The issue with that is what if we have a jmp to an address that contains CC in it. The function would stop there, and we wouldn't get the correct number of bytes, nor the correct output of bytes (There are other cases in which I've seen CC in ASM).

One way I could solve this is find out the possible instructions in which 0xCC is involved, and makes sure we go passed those, except that would take quite a few if statements/switch cases, and a TON of research. Just curious if anyone knows a better way to check, or has any suggestions towards making this function safer.
 

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
Instruction dissassembler. LDE, ADE, Beaengine, etc.
 

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
12,638
76
I'll check them out, thanks :)
You might want to check vxheaven or z0mbie's site for LDE or ADE. But there are plenty of other instruction length disassemblers around.

Edit: Also a ghetto way for visual c++ compilers, compiler will pad the functions with int3 breakpoints under some optimization settings, you could also check for a return and a 0xc3 following it. Bare in mind in some cases a function might not return with a ret though, it might just jump out somwehere else. It's best to use your own markers anyways I guess (If it's your own code obviously).
 
Last edited:

Solaire

Respected Hacker
Dank Tier VIP
Dec 15, 2013
1,051
16,353
62
Maybe check if there's a ret statement before (still not 100% safe - I know^^).
That would work, though you'd still end up with ending too soon on certain functions unless you added a parameter to skip rets if there are more than one (and there's still the issue of matching bytes elsewhere :p)
 

Solaire

Respected Hacker
Dank Tier VIP
Dec 15, 2013
1,051
16,353
62
Just thought I'd clear this up with a probably better way to deal with grabbing bytes so that you don't run into random bytes causing the function to stop halfway through, or having it go on passed the end of the function.

C++:
void grabBytes(){
    BYTE bytes[1024];
    __asm{
        push ecx
        push eax
        push ebx
        push edx

        mov eax, blocStart
        mov ecx, blocEnd
        sub ecx, blocStart
        lea ebx, dword ptr[bytes]

    copyAllBytesLoop:
        mov edx, [eax]
        mov[ebx], edx
        inc ebx
        inc eax
        dec ecx
        jnz CopyAllBytesLoop

        pop edx
        pop ebx
        pop eax
        pop ecx

        jmp blocEnd
    }

    __asm blocStart:

     for (int i = 0; i < 12; i++) { }

    __asm blocEnd:
}
Using (very messy) inline assembly, I loop through the bytes between blocStart and blocEnd. This is best for when you want to grab the bytes in a snippet of code for later use.
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods