| View previous topic :: View next topic |
| Author |
Message |
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
|
| Back to top |
|
 |
DoomsDay
Grandmaster Cheater
 Reputation: 0
Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
|
 Posted: Mon Sep 15, 2008 2:22 pm Post subject: |
 |
|
| Try adding a return, it seems like you created a blank label.
|
|
| Back to top |
|
|
jackyyll
Expert Cheater
![]() Reputation: 0
Joined: 28 Jan 2008
Posts: 143
Location: here
|
| Posted: Mon Sep 15, 2008 2:32 pm Post subject: |
|
|
| DoomsDay wrote: | | Try adding a return, it seems like you created a blank label. |
void's dont have returns.
@1qaz:
When you have a naked function, you have to add your own prologue and epilogue, can't remember off the top of my head what it's supposed to look like though.
|
|
| Back to top |
|
|
DoomsDay
Grandmaster Cheater
Reputation: 0
Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
|
| Posted: Mon Sep 15, 2008 3:13 pm Post subject: |
|
|
| jackyyll wrote: | | DoomsDay wrote: | | Try adding a return, it seems like you created a blank label. |
void's dont have returns.
@1qaz:
When you have a naked function, you have to add your own prologue and epilogue, can't remember off the top of my head what it's supposed to look like though. |
Void is a typecast for a value; it mean that the programmer doesn't care abiout the value.
As for what I was saying, you created an empty block of code which means that the compiler will place the generated label just above the next function.
I compiled the follwing code: | Code: | void _declspec(naked) Hack()
{
__asm
{
}
}
int main(int argc, char* argv[])
{
Hack();
return 0;
} |
And it was compiled to: | Code: | main /$ 55 PUSH EBP
00401171 |. 8BEC MOV EBP,ESP
00401173 |. E8 F8FFFFFF CALL main
00401178 |. 33C0 XOR EAX,EAX
0040117A |. 5D POP EBP
0040117B \. C3 RETN |
As I said, the function was compiled to an "empty" label, below it was the main function, which resulted with an endless call chain, which eventually leads to a stack overflow.
Note: you will need to return manually if you use a naked function
|
|
| Back to top |
|
|
BanMe
Master Cheater
![]() Reputation: 0
Joined: 29 Nov 2005
Posts: 375
Location: Farmington NH, USA
|
| Posted: Mon Sep 15, 2008 3:23 pm Post subject: |
|
|
so um yea that instantly returns ... and doesnt really crash...oh btw you compiler optimized your code for you and removed hack();
Try adding this to Hack();...
| Code: |
char *SomeText = "Hello";
__asm
{
push 0
push [SomeText]
push 0
push 0
call MessageBox
}
|
|
|
| Back to top |
|
|
nog_lorp
Grandmaster Cheater
 Reputation: 0
Joined: 26 Feb 2006
Posts: 743
|
| Posted: Mon Sep 15, 2008 8:59 pm Post subject: |
|
|
| jackyyll wrote: | | When you have a naked function, you have to add your own prologue and epilogue, can't remember off the top of my head what it's supposed to look like though. |
Epilogue has a return. He meant an assembly return not a C return, although you could just do a return; statement (which is the same thing).
Standard prologue/epilogue is:
| Code: |
push ebp
mov ebp,esp
sub esp,8 ; optional, make room for local variables in advance
; ...
retn 8 ; same as add esp, 8; retn;
|
Although depending on the calling convention you are using (if not using naked) the caller may be responsible for cleaning the stack.
_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish |
|
| Back to top |
|
|
sponge
I'm a spammer
 Reputation: 1
Joined: 07 Nov 2006
Posts: 6009
|
| Posted: Mon Sep 15, 2008 9:31 pm Post subject: |
|
|
Clean up the Epilogue noggy.
_________________
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Tue Sep 16, 2008 4:52 am Post subject: |
|
|
:S :S :S you confused me with prologue / epilogue whatever it calls :S
all i try to do is "nop" the flags address at Minesweeper using inline asm
just for start :>
i removed the __declspec(naked) and left void Hack() now the window doesn't crush but nothing is happening
| Code: |
void Hack()
{
__asm
{
mov dword ptr ds:[0x0100346E],0x90
}
}
|
_________________
Stylo |
|
| Back to top |
|
|
oib111
I post too much
 Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Tue Sep 16, 2008 4:58 am Post subject: |
|
|
I'm going to remind you that you have to attach to the process and use WPM to do something like that. If you want direct access to the memory you have to change your program so that its a DLL.
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
Zand
Master Cheater
![]() Reputation: 0
Joined: 21 Jul 2006
Posts: 424
|
| Posted: Tue Sep 16, 2008 6:57 am Post subject: |
|
|
| When using naked functions, you need a return, in your case, a return; or RETN
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Tue Sep 16, 2008 9:15 am Post subject: |
|
|
| oib111 wrote: | | I'm going to remind you that you have to attach to the process and use WPM to do something like that. If you want direct access to the memory you have to change your program so that its a DLL. |
What about starting a remote thread?
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Tue Sep 16, 2008 9:17 am Post subject: |
|
|
why do i need to attach my window to the process?
i'm only writing to an address in the memory
the address is exist already in the memory so all i need to do is writing to it ?! :s
_________________
Stylo |
|
| Back to top |
|
|
GMZorita
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 21 Mar 2007
Posts: 1361
|
| Posted: Tue Sep 16, 2008 10:51 am Post subject: |
|
|
| 1qaz wrote: | :S :S :S you confused me with prologue / epilogue whatever it calls :S
all i try to do is "nop" the flags address at Minesweeper using inline asm
just for start :>
i removed the __declspec(naked) and left void Hack() now the window doesn't crush but nothing is happening
| Code: |
void Hack()
{
__asm
{
mov dword ptr ds:[0x0100346E],0x90
}
}
|
|
are you tryng to write ?
Try byte instead of dword.
_________________
Gone |
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Tue Sep 16, 2008 10:54 am Post subject: |
|
|
oh i think i forgot to mention that i tried already byte ptr and dword ptr with 0x90 00 00 00 still not working
btw i attached the window to the process as u told me to (still don't know what it's good for) and it doesn't work too
_________________
Stylo |
|
| Back to top |
|
|
nog_lorp
Grandmaster Cheater
Reputation: 0
Joined: 26 Feb 2006
Posts: 743
|
| Posted: Tue Sep 16, 2008 11:32 am Post subject: |
|
|
| sponge wrote: | | Clean up the Epilogue noggy. |
Hi, I'm dumb.
| Code: | mov esp, ebp
pop ebp
ret |
For some reason I never see leave used.
_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
