Joined: 06 Aug 2014
|Posted: Thu Mar 14, 2019 5:22 pm Post subject: Symbols and Pointers
I've come across an odd scenario where the value i'm looking at only has an address and is only referred to as such.
Rather than my address being like [RSI+24] it's just an address
|0F165C05: 74 07 - je 0F165C0E
// ---------- INJECTING HERE ----------
0F165C07: 83 05 94 5A 45 01 0A - add dword ptr [01455A94],0A
// ---------- DONE INJECTING ----------
0F165C0E: A1 94 5A 45 01 - mov eax,[01455A94]
This confuses me since I don't understand how I can get a pointer from this, normally I make a label, register symbol and do like 'mov [symbol],esi then in address list i'll add the offset.
I found an example of someone doing it on internet but I've no idea how it works
aobscan(clock,83 05 * * * * 0A A1 * * * * B9)
Using the address [clock_ptr] works but how does it? In the assembler it doesn't look like anything is mov'ed into it
EDIT: I've tried backtracking and I see lines like 'mov [01455A94],eax' so I thought i'd yoink the time from there but no matter where I try it crashes