Code injections
-migrated-
Code injections Posted on: 12/18/2012 6:28am
Quote Post
Ive spent about 4-6 hours over the past day trying to wrap my head around this. I have been unable to find any tutorials or information on this topic.
I was hoping that maybe someone would be able to set me in the right direction.
What I have so far:
http://imageshack.us/photo/my-images/12/21902800.jpg/

Questions:
1) Line 9-11. This is obviously the previous code but what happens to it after I place my code in newmem? Is it overwritten?
2) Line 16-19 whats going on here? (I have a basic understanding of assembler and I am currently working of learning x86 assembler)

-----------------------------
Additional question:
1) Is cheat engine the best program for this? If not, what would your recommend?

Picture is also attached, just in case the imageshack one is too hard to read.
any help would be appreciated
Re: Code injections Posted on: 12/18/2012 9:12pm
Quote Post
Never let a computer tell me shit.
I am far from a pro with CEs auto assemble, but heres a try
Code: [Select]
0656518f:
jmp newmem //jump to the codecave
nop //nops for the lost space
returnhere: //this is the label that is used to return to the address  from the codecave

ok so start with Q2. The above snippet is lines 16-20. The number 0656518f is the address of the original code in memory. When the auto assembler executes, the code at that address will be replaced with jmp newmem nop.

Q1:
now that the code at 0656518f has been changed, it will jmp to the codecave newmem and run whats there. in the code written so far the only names that are important are returnhere: and newmem:. you dont need the originalcode and exit labels. I think they may be messing you up. Newmem is completely free unused memory, filled only with what you put in there. The point is you can make as much code in there as you want instead of working within the byte space provided by the original thread.



I use this AoB tool to make all the AoBs I post. Try the online version if you dont feel like downloading it.
"Obviously, windows are central to Windows. They are so important that they named the operating system after them. But what is a window?"

Re: Code injections Posted on: 12/18/2012 11:30pm
Quote Post
Thanks Kolonel ^^ +karma

You wouldnt happen to know of any good x86 assembler manuals, teaching guides, etc?
Re: Code injections Posted on: 12/19/2012 9:54am
Quote Post
Never let a computer tell me shit.
Unfortunately I dont really know any books since I generally prefer to learn by just using the reference. so here is that http://download.intel.com/design/intarch/manuals/24319101.pdf

and also this
http://download.intel.com/products/processor/manual/325462.pdf
This document contains the following:
Volume 1: Describes the architecture and programming environment of processors supporting IA-32 and Intel 64 Architectures.
Volume 2: Includes the full Instruction Set Reference, A-Z, in one volume. Describes the format of the instruction and provides reference pages for instructions.
Volume 3: Includes the full System Programming Guide, Parts 1, 2, and 3, in one volume. Describes the operating-system support environment of Intel 64 and IA-32 Architectures, including: memory management, protection, task management, interrupt and exception handling, multi-processor support, thermal and power management features, debugging, performance monitoring, system management mode, VMX instructions, and Intel



I use this AoB tool to make all the AoBs I post. Try the online version if you dont feel like downloading it.
"Obviously, windows are central to Windows. They are so important that they named the operating system after them. But what is a window?"

Re: Code injections Posted on: 12/20/2012 8:44am
Quote Post
disgruntled old man
You can also check out the attached book, "The Art of Assembly Language" (or just Google it). I've been studying malware analysis when I have the time and have acquired a few books on Assembly, C, C++...



New to Kong Hack and want to learn the basics? Check out the [Kong Hack 101] and the [Hacking 101].
Wanna learn how we make the hacks? Start with getting [the tools], then check these out: [AoB tutorial] | [.sol guide] | [Unity3d tutorial] | kadat's [video tutorials]
And if you don't already have it, check out the [Kong Hack Ultra Trainer]. You'll be glad you did!
Re: Code injections Posted on: 12/20/2012 8:40pm
Quote Post
Kolonel:
Thanks, I read through about 200 pages. Its a good reference source since its made, unassumingly, by the creators of this version of assembly. Also I used to know C really well but I haven't touched it in about 4 years since I left the Computer science major. Liked C a lot better than Java actually, lol.

Gates:
Omg I love this book. The author makes it fun to read. Still on the Forward tho XD

------------------
I recomend anyone learning assembly check out this tutorial on the CE official forum:
http://forum.cheatengine.org/viewtopic.php?t=95363

Its a good birds eye view on what to expect.
Few errors like INC and DEC is not increase and decrease, its increment and decrement.

Another thing I noticed was that with Intel based assembler languages - It reads from right to left
ex.
Code: [Select]
MOV [ebx+8],ecxThis states that ecx will be put in register ebx offset 8.

I may write a guide when im done learning this.