Sign in to follow this  
Followers 0
AMp

ASM Code Injection

8 posts in this topic

#1 ·  Posted (edited)

Removed due to lame comments. (Got it working btw).

Thanks Ascend4nt for your useful information. >_<

ASM.au3

Edited by AMp

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Well, it looks like you were busy with adding opcodes for everything - must have been a bit frustrating! While I didn't look through all your code, I can identify several problems:

1. You are ReDimming the array, but then your loop uses 0 To Ubound($array), where it should be 0 to Ubound($array)-1.

2. In order to get any variable, or binary code to be seen by outside processes and functions, you have to pass a pointer to a DLLStruct, or in the case of regular DLLCalls where you need to just pass a number or string, then by using "str" or "int" or some other data-type declaration. DLLCall handles the conversion of 'str' to a pointer to a buffer it allocates, and the rest is passed as values (except pointers to datatypes (like int*, which is passing a ptr again)

3. To save yourself some headaches - if you have static values available, by all means use either AutoIT Inline Assembly UDF or something like I use, Flat Assembler and then get the Binary data through either method, which can then be copied into allocated memory (and even allocated memory needs a 'DLLStruct' created when you have to write to it btw [with a pointer though]). OR easier, you could also just pass the values as parameters too - 'CreateRemoteThread' allows one to be passed along (it would be the first item on the stack past a return address) - you could pass a structure pointer if you wanted.

You could check out how I and others do it (see my Remote* UDFs in my signature - though these UDF's I was told are named poorly since they just execute from an allocated memory buffer rather than from a real 'Remote' place (other process, pc, whatever)

Now as far as injecting into another process, THAT seems interesting, yet also possibly malicious - your code might be flagged by some antivirus program? But if you do get it to work, I would be curious how it turns out, and what would you do with injected code? Someone else mentioned it to me - but I still don't get the purpose? I'm probably missing something obvious though. Maybe your code then has extra capabilities, extra access to running process data?

*edit: typos oops

Edited by Ascend4nt

Share this post


Link to post
Share on other sites

Well, it looks like you were busy with adding opcodes for everything - must have been a bit frustrating! While I didn't look through all your code, I can identify several problems:

1. You are ReDimming the array, but then your loop uses 0 To Ubound($array), where it should be 0 to Ubound($array)-1.

2. In order to get any variable, or binary code to be seen by outside processes and functions, you have to pass a pointer to a DLLStruct, or in the case of regular DLLCalls where you need to just pass a number or string, then by using "str" or "int" or some other data-type declaration. DLLCall handles the conversion of 'str' to a pointer to a buffer it allocates, and the rest is passed as values (except pointers to datatypes (like int*, which is passing a ptr again)

3. To save yourself some headaches - if you have static values available, by all means use either AutoIT Inline Assembly UDF or something like I use, Flat Assembler and then get the Binary data through either method, which can then be copied into allocated memory (and even allocated memory needs a 'DLLStruct' created when you have to write to it btw [with a pointer though]). OR easier, you could also just pass the values as parameters too - 'CreateRemoteThread' allows one to be passed along (it would be the first item on the stack past a return address) - you could pass a structure pointer if you wanted.

You could check out how I and others do it (see my Remote* UDFs in my signature - though these UDF's I was told are named poorly since they just execute from an allocated memory buffer rather than from a real 'Remote' place (other process, pc, whatever)

Now as far as injecting into another process, THAT seems interesting, yet also possibly malicious - your code might be flagged by some antivirus program? But if you do get it to work, I would be curious how it turns out, and what would you do with injected code? Someone else mentioned it to me - but I still don't get the purpose? I'm probably missing something obvious though. Maybe your code then has extra capabilities, extra access to running process data?

*edit: typos oops

You can inject code in a program to change the course of execution.

I sent you a PM for additional information >_<

Anyone ever used Code Injection SUCCESSFULLY using Autoit? I would like to know some more about that too.

Thanks in advance.

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Anyone ever used Code Injection SUCCESSFULLY using Autoit?

Yes. Just search. Edited by Kip

Share this post


Link to post
Share on other sites

Yes. Just search.

Am already searching for a few days. Is this post ment to pump up your postcount?

Share this post


Link to post
Share on other sites

Ahh you never know with Kip. He's just too damn proud to be 17900.

It could be anything.


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

help me, convert the code to autoit ,thanks.

c++ code:

addmp()

{

DWORD Address=0x00452E98;

__asm

{

pushad

mov eax,0xD51FA0

mov edx,0x453040

call Address

popad

}

}

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

Am already searching for a few days. Is this post ment to pump up your postcount?

Ahh you never know with Kip. He's just too damn proud to be 17900.

It could be anything.

Why would I try to 'pump up' my post count. I already have 143 times more posts than you do.

I found a succesfull code injection within 30 seconds of searching for "assembly".

Searching... hard isn't it?

Edited by Kip

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0