View previous topic :: View next topic |
Author |
Message |
Jordancyre Newbie cheater Reputation: 0
Joined: 30 May 2017 Posts: 11
|
Posted: Mon Sep 20, 2021 9:43 am Post subject: Launching external program via assembly injection |
|
|
I'm trying to launch calc.exe in response to a trigger using code injection. Is such a thing even possible?
I have this C++ program:
Code: |
#include <iostream>
using namespace std;
int main() {
system("calc.exe");
}
|
And in assembly it should be this:
Code: |
.LC0:
.string "calc.exe"
main:
push rbp
mov rbp, rsp
mov edi, OFFSET FLAT:.LC0
call system
mov eax, 0
pop rbp
ret
__static_initialization_and_destruction_0(int, int):
push rbp
mov rbp, rsp
sub rsp, 16
mov DWORD PTR [rbp-4], edi
mov DWORD PTR [rbp-8], esi
cmp DWORD PTR [rbp-4], 1
jne .L5
cmp DWORD PTR [rbp-8], 65535
jne .L5
mov edi, OFFSET FLAT:_ZStL8__ioinit
call std::ios_base::Init::Init() [complete object constructor]
mov edx, OFFSET FLAT:__dso_handle
mov esi, OFFSET FLAT:_ZStL8__ioinit
mov edi, OFFSET FLAT:_ZNSt8ios_base4InitD1Ev
call __cxa_atexit
.L5:
nop
leave
ret
_GLOBAL__sub_I_main:
push rbp
mov rbp, rsp
mov esi, 65535
mov edi, 1
call __static_initialization_and_destruction_0(int, int)
pop rbp
ret
|
Cheat engine throws errors saying that there are lines that cannot be compiled. I don't know if this is just a limitation of CE or if I have to make some edits to get it to work.
This is purely out of curiosity's sake. I'm a security researcher working on a talk on assembly injection. If I can get this to work I will use it in my talk as an example.
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Mon Sep 20, 2021 12:40 pm Post subject: |
|
|
Call CreateProcessA / CreateProcessW / ShellExecuteA / ShellExecuteW instead of using 'system()'.
_________________
- Retired. |
|
Back to top |
|
|
Jordancyre Newbie cheater Reputation: 0
Joined: 30 May 2017 Posts: 11
|
Posted: Mon Sep 20, 2021 3:51 pm Post subject: |
|
|
atom0s wrote: | Call CreateProcessA / CreateProcessW / ShellExecuteA / ShellExecuteW instead of using 'system()'. |
OK I have new code now that works in Visual Studio.
Code: |
#include<iostream>
#include<Windows.h>
using namespace std;
int main()
{
ShellExecute(NULL,L"open",L"C:\\Windows\\System32\\calc.exe",NULL,NULL,SW_SHOWDEFAULT);
system("pause");
return 0;
}
|
Forgive me if this is a noob question. How can I get this Code in cheat engine? Ideally I want to create a script that executes this code on a trigger like using an item.
Let's say I've already isolated the instructions where I want to put my code. In the memory view I would go to "Tools > Auto assemble" and it would pull up my script window.
Can I paste my code in there?
Usually I would go to "Template > AOB Injection" and then manually change the assembly to what I wanted but I feel like there is a way to use this C++ code that I am not seeing. Do I need to convert this into Assembly first and do it that way?
Again forgive me as I know this is a_strange_thing_to_ask_erwin.png...
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Thu Sep 23, 2021 3:34 pm Post subject: |
|
|
You can use CE 7.3's new {$c} / {$ccode} blocks in auto-assembler scripts which can run straight C code now at the point of injection.
_________________
- Retired. |
|
Back to top |
|
|
Jordancyre Newbie cheater Reputation: 0
Joined: 30 May 2017 Posts: 11
|
Posted: Fri Sep 24, 2021 11:46 am Post subject: |
|
|
atom0s wrote: | You can use CE 7.3's new {$c} / {$ccode} blocks in auto-assembler scripts which can run straight C code now at the point of injection. |
Will it run C++?
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Fri Sep 24, 2021 1:19 pm Post subject: |
|
|
Jordancyre wrote: | atom0s wrote: | You can use CE 7.3's new {$c} / {$ccode} blocks in auto-assembler scripts which can run straight C code now at the point of injection. |
Will it run C++? |
No, it's a mini-C compiler (TinyC to be specific) so only C code works. However, calling Win32 API like ShellExecute works fine with it since the Win32 API was designed as a C-level API.
_________________
- Retired. |
|
Back to top |
|
|
RahA777 How do I cheat? Reputation: 0
Joined: 26 Oct 2021 Posts: 1
|
Posted: Tue Oct 26, 2021 4:55 am Post subject: Re: |
|
|
atom0s wrote: | Jordancyre wrote: | atom0s wrote: | You can use CE 7.3's new {$c} / {$ccode} blocks in auto-assembler scripts which can run straight C code now at the point of injection. |
Will it run C++? |
No, it's a mini-C compiler (TinyC to be specific) so only C code works. However, calling Win32 API like ShellExecute works fine with it since the Win32 API was designed as a C-level API. |
I agree.
|
|
Back to top |
|
|
|