TranMinhDuc Posted April 10, 2014 Share Posted April 10, 2014 (edited) I know this is AutoIT Forum, not assambly, and I also do alot of search in/out forum with google but still cant find the answer, if you know the answer or know where I can study it, pls share This is the problem: I already know how to write, read, and inject code into memory, after inject code finish I need to jump back and I success to write opcode "jmp 004252EE" to memory, I have the bytes I need using Cheat Engine ... but the problem is these bytes change everytime I got address from VirtualAllocEx (Kernel32) more detail: if VirtualAllocEx give me: 0x001D0000 then to create "jmp 004252EE" in memory, I have to write: E9 12EEFF00 if VirtualAllocEx give me: 0x001D0001 then to create "jmp 004252EE" in memory, I have to write: E9 12EEFF01 if VirtualAllocEx give me: 0x001D0002 then to create "jmp 004252EE" in memory, I have to write: E9 12EEFF02 in fact, it not simple just +1 like that what I want to know is "The rule" I'm teaching my member solve CE Steps with AutoIT, the problem is step 7 of CE, not hacking any game, hope you can help... thx Edited April 10, 2014 by TranMinhDuc Share share share... and share share shareForum AutoIT Việt Link to comment Share on other sites More sharing options...
Shaggi Posted April 12, 2014 Share Posted April 12, 2014 As jumping/calling is always using relative offsets in x86 assembly, you would need to either calculate the correct jump offset (ie. base of your allocated code + offset of current instruction + instruction and operand size - the absolute address) or the simpler way: move the absolute address into a register and call / jump to that register. Second way may be more or less problematic as I'm assuming you're creating some kind of patch, where registers are either used or not saved yet. In this case, first method is usually the only way. Ever wanted to call functions in another process? ProcessCall UDFConsole stuff: Console UDFC Preprocessor for AutoIt OMG Link to comment Share on other sites More sharing options...
Mat Posted April 12, 2014 Share Posted April 12, 2014 Why not just run the injected code using call, and then jump back using ret? AutoIt Project Listing Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now