Sign in to follow this  
Followers 0
TranMinhDuc

how to convert jump "address" (assembly) to bytes

3 posts in this topic

#1 ·  Posted (edited)

I know this is AutoIT Forum, not assambly, and I also do alot of search in/out forum with google but still cant find the answer, if you know the answer or know where I can study it, pls share :)

This is the problem:

I already know how to write, read, and inject code into memory,

after inject code finish I need to jump back

and I success to write opcode "jmp 004252EE" to memory, I have the bytes I need using Cheat Engine

... but the problem is these bytes change everytime I got address from VirtualAllocEx (Kernel32)

more detail:

if VirtualAllocEx give me: 0x001D0000 

then to create "jmp 004252EE"  in memory, I have to write: E9 12EEFF00

if VirtualAllocEx give me: 0x001D0001 

then to create "jmp 004252EE"  in memory, I have to write: E9 12EEFF01

if VirtualAllocEx give me: 0x001D0002

then to create "jmp 004252EE"  in memory, I have to write: E9 12EEFF02

in fact, it not simple just +1 like that

what I want to know is "The rule"

I'm teaching my member solve CE Steps with AutoIT, the problem is step 7 of CE, not hacking any game, hope you can help... thx :)

Edited by TranMinhDuc

Share share share... and share share shareForum AutoIT Việt

Share this post


Link to post
Share on other sites



As jumping/calling is always using relative offsets in x86 assembly, you would need to either calculate the correct jump offset (ie. base of your allocated code + offset of current instruction + instruction and operand size - the absolute address) or the simpler way: move the absolute address into a register and call / jump to that register.

Second way may be more or less problematic as I'm assuming you're creating some kind of patch, where registers are either used or not saved yet. In this case, first method is usually the only way.


Ever wanted to call functions in another process? ProcessCall UDFConsole stuff: Console UDFC Preprocessor for AutoIt OMG

Share this post


Link to post
Share on other sites

Why not just run the injected code using call, and then jump back using ret?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0