Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How to jmp far in memory 64 bit?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
Viloresi
Expert Cheater
Reputation: 0

Joined: 02 Feb 2017
Posts: 118

PostPosted: Mon Apr 03, 2017 9:07 am    Post subject: How to jmp far in memory 64 bit? Reply with quote

Hello guys, I'm trying to run a function that I've injected with a dll inside a process, the fact is that I want it to run like some sort of a codecave, so I'm trying to change a piece of memory of the process to make it execute my function in that desired point.
The fact is, this process is in 64 bit so my dll is injected very far away from this address that I want to change (atleast way more than 2GB) so I can't use a near jmp to execute it...
I know I could use a far push and then ret , or better a far jmp , but the fact is that I don't know how to write the algorithm that calculates the bytes that I should write to set this jmp...
I know the first one is 0xFF but I don't understand what I should put at the other 5 bytes, because I know I can't use the absolute address.
I'm using c++ visual studio, with the intel compiler .
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 341

Joined: 09 May 2003
Posts: 19986
Location: The netherlands

PostPosted: Mon Apr 03, 2017 9:36 am    Post subject: Reply with quote

do a megajump instead of a far jump
Code:

ff 25 00 00 00 00 xx xx xx xx xx xx xx xx

replace xx xx xx xx xx xx xx xx with the destination address of where you want to jump to

keep in mind that this will overwrite 14 bytes, so you need to take that into account when calling the original code.

Alternatively, use a jump trampoline
allocate a piece of code near the jmp origin so it's within 2 GB.
Then in that allocated piece of code have the megajmp
and just do a 5 byte jmp to your allocated code

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
Viloresi
Expert Cheater
Reputation: 0

Joined: 02 Feb 2017
Posts: 118

PostPosted: Mon Apr 03, 2017 10:01 am    Post subject: Reply with quote

Dark Byte wrote:
do a megajump instead of a far jump
Code:

ff 25 00 00 00 00 xx xx xx xx xx xx xx xx

replace xx xx xx xx xx xx xx xx with the destination address of where you want to jump to

keep in mind that this will overwrite 14 bytes, so you need to take that into account when calling the original code.

Alternatively, use a jump trampoline
allocate a piece of code near the jmp origin so it's within 2 GB.
Then in that allocated piece of code have the megajmp
and just do a 5 byte jmp to your allocated code

Wow ty darkbite, I didn't know about this megajump opcode! (I don't actually understand what's that 0x25 and 4 zeroes after the 0xFF meaning for the machine, but it's just my curiosity lol)
Now I may have another question, the address of my function is stored inside a variable in my c++ code, do you know a good way to separate its bytes and revert them (as I know I should start reading each byte from the end to the start of the address).


So it will be like:

Code:


__declspec(naked) void InfiniteAmmo()
{
   // my func
}

/* " InfiniteAmmo "  I use this as the start address of my function, but I don't know how to separate it in bytes... to manually write it inside the megajump */




I've found this thread on stackoverflow ( http://stackoverflow.com/questions/2747219/how-do-i-split-up-a-long-value-32-bits-into-four-char-variables-8bits-using ) but I can bet you know a better way to do that.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 341

Joined: 09 May 2003
Posts: 19986
Location: The netherlands

PostPosted: Mon Apr 03, 2017 10:48 am    Post subject: Reply with quote

you don't split it up.
you just do *(ULONG_PTR *)addressofxxxxxxxxxxxxxxxxbytes=(ULONG_PTR)dlladdress

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
Viloresi
Expert Cheater
Reputation: 0

Joined: 02 Feb 2017
Posts: 118

PostPosted: Mon Apr 03, 2017 12:48 pm    Post subject: Reply with quote

Dark Byte wrote:
you don't split it up.
you just do *(ULONG_PTR *)addressofxxxxxxxxxxxxxxxxbytes=(ULONG_PTR)dlladdress


Surprised Surprised Surprised
It works, thank you so much! Problem solved.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites