Jump to content

ASM Code Injection


AMp
 Share

Recommended Posts

Well, it looks like you were busy with adding opcodes for everything - must have been a bit frustrating! While I didn't look through all your code, I can identify several problems:

1. You are ReDimming the array, but then your loop uses 0 To Ubound($array), where it should be 0 to Ubound($array)-1.

2. In order to get any variable, or binary code to be seen by outside processes and functions, you have to pass a pointer to a DLLStruct, or in the case of regular DLLCalls where you need to just pass a number or string, then by using "str" or "int" or some other data-type declaration. DLLCall handles the conversion of 'str' to a pointer to a buffer it allocates, and the rest is passed as values (except pointers to datatypes (like int*, which is passing a ptr again)

3. To save yourself some headaches - if you have static values available, by all means use either AutoIT Inline Assembly UDF or something like I use, Flat Assembler and then get the Binary data through either method, which can then be copied into allocated memory (and even allocated memory needs a 'DLLStruct' created when you have to write to it btw [with a pointer though]). OR easier, you could also just pass the values as parameters too - 'CreateRemoteThread' allows one to be passed along (it would be the first item on the stack past a return address) - you could pass a structure pointer if you wanted.

You could check out how I and others do it (see my Remote* UDFs in my signature - though these UDF's I was told are named poorly since they just execute from an allocated memory buffer rather than from a real 'Remote' place (other process, pc, whatever)

Now as far as injecting into another process, THAT seems interesting, yet also possibly malicious - your code might be flagged by some antivirus program? But if you do get it to work, I would be curious how it turns out, and what would you do with injected code? Someone else mentioned it to me - but I still don't get the purpose? I'm probably missing something obvious though. Maybe your code then has extra capabilities, extra access to running process data?

*edit: typos oops

Edited by Ascend4nt
Link to comment
Share on other sites

Well, it looks like you were busy with adding opcodes for everything - must have been a bit frustrating! While I didn't look through all your code, I can identify several problems:

1. You are ReDimming the array, but then your loop uses 0 To Ubound($array), where it should be 0 to Ubound($array)-1.

2. In order to get any variable, or binary code to be seen by outside processes and functions, you have to pass a pointer to a DLLStruct, or in the case of regular DLLCalls where you need to just pass a number or string, then by using "str" or "int" or some other data-type declaration. DLLCall handles the conversion of 'str' to a pointer to a buffer it allocates, and the rest is passed as values (except pointers to datatypes (like int*, which is passing a ptr again)

3. To save yourself some headaches - if you have static values available, by all means use either AutoIT Inline Assembly UDF or something like I use, Flat Assembler and then get the Binary data through either method, which can then be copied into allocated memory (and even allocated memory needs a 'DLLStruct' created when you have to write to it btw [with a pointer though]). OR easier, you could also just pass the values as parameters too - 'CreateRemoteThread' allows one to be passed along (it would be the first item on the stack past a return address) - you could pass a structure pointer if you wanted.

You could check out how I and others do it (see my Remote* UDFs in my signature - though these UDF's I was told are named poorly since they just execute from an allocated memory buffer rather than from a real 'Remote' place (other process, pc, whatever)

Now as far as injecting into another process, THAT seems interesting, yet also possibly malicious - your code might be flagged by some antivirus program? But if you do get it to work, I would be curious how it turns out, and what would you do with injected code? Someone else mentioned it to me - but I still don't get the purpose? I'm probably missing something obvious though. Maybe your code then has extra capabilities, extra access to running process data?

*edit: typos oops

You can inject code in a program to change the course of execution.

I sent you a PM for additional information >_<

Anyone ever used Code Injection SUCCESSFULLY using Autoit? I would like to know some more about that too.

Thanks in advance.

Link to comment
Share on other sites

  • 3 weeks later...

Am already searching for a few days. Is this post ment to pump up your postcount?

Ahh you never know with Kip. He's just too damn proud to be 17900.

It could be anything.

Why would I try to 'pump up' my post count. I already have 143 times more posts than you do.

I found a succesfull code injection within 30 seconds of searching for "assembly".

Searching... hard isn't it?

Edited by Kip
Link to comment
Share on other sites

  • 10 years later...
  • Developers
10 minutes ago, LacBuoc said:

Can you give me an example, Assembly

You do realise you just resurrected an 10 years old thread and  without any explanation what it is you want to do with it?

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

  • 3 weeks later...
On 1/9/2019 at 19:02, Jos said:

Bạn có nhận ra bạn vừa hồi sinh một chủ đề 10 năm tuổi và không có bất kỳ lời giải thích nào bạn muốn làm gì với nó?

Jos

Autoit communicated with the Assembly assembly too I was really sad

Link to comment
Share on other sites

  • Developers

That answer is as clear as mud so guess we have a insurmountable language barrier.

Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

  • Moderators

For the member that decided to report this post, usually when a Mod is active in the thread you can consider it handled. I would have thought that to be self-evident.

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...