| View previous topic :: View next topic |
| Author |
Message |
Dr.Disrespect
Grandmaster Cheater
![]() Reputation: 3
Joined: 17 Feb 2016
Posts: 526
|
 Posted: Tue Mar 01, 2016 10:57 am Post subject: Code Injection and return. Need helps, thanks. |
 |
|
How do I return to other lines in the code other than "returnhere" in the code injection template? For example:
1. I inject my code at line 100
2. I want to return to line 110 after the execution of my injected code.
How to do that? Thanks. |
|
| Back to top |
|
 |
hhhuut
Grandmaster Cheater
 Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Tue Mar 01, 2016 10:59 am Post subject: |
|
|
You can also do something like:
which will jump to the next instruction after the code injection plus 20 (hex!) bytes. |
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4718
|
| Posted: Tue Mar 01, 2016 11:01 am Post subject: |
|
|
"returnhere" is just a label- a representation of an address. If you write your jump at derp.dll+100 and you want to return to derp.dll+110, then just write jmp derp.dll+110.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Dr.Disrespect
Grandmaster Cheater
![]() Reputation: 3
Joined: 17 Feb 2016
Posts: 526
|
| Posted: Tue Mar 01, 2016 11:03 am Post subject: |
|
|
| hhhuut wrote: | You can also do something like:
which will jump to the next instruction after the code injection plus 20 (hex!) bytes. |
Thanks for the reply. A follow up question:
00 1F FA 88
In the code above, "1F" is one byte as well as "88", right?
@ParkourPenguin:
So I can jump to any module addresses, right? Thanks. |
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4718
|
| Posted: Tue Mar 01, 2016 11:20 am Post subject: |
|
|
Yes. Or, you can jump to any other address you want to. CE will automatically translate the location of the module+offset into bytes, then use that in the machinecode. So you can jump to any address you want to, even if it's not a part of a module. For example, if you are using an AoB scan and you store the result into the symbol "aobaddy", then you could also write jmp aobaddy+10 and it'll work.
Also, yes, each sequence of 2 hexadecimal digits is 1 byte.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Dr.Disrespect
Grandmaster Cheater
![]() Reputation: 3
Joined: 17 Feb 2016
Posts: 526
|
| Posted: Tue Mar 01, 2016 11:23 am Post subject: |
|
|
| ParkourPenguin wrote: | Yes. Or, you can jump to any other address you want to. CE will automatically translate the location of the module+offset into bytes, then use that in the machinecode. So you can jump to any address you want to, even if it's not a part of a module. For example, if you are using an AoB scan and you store the result into the symbol "aobaddy", then you could also write jmp aobaddy+10 and it'll work.
Also, yes, each sequence of 2 hexadecimal digits is 1 byte. |
Got it, thanks a lot!  |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
