Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Need Help with this ASM. Thanks

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials
View previous topic :: View next topic  
Author Message
souleaper
Newbie cheater
Reputation: 0

Joined: 08 Jul 2012
Posts: 22

PostPosted: Mon Aug 27, 2018 10:34 pm    Post subject: Need Help with this ASM. Thanks Reply with quote

Well here is what i want to achieve. I want to use writeprocessmemory in c# to call the w2_32.send function.
I know the parameters are
1. socket number handle.
2. packets
3. length of the packet
4. flag = 0

well my first problem was to get the socket handle.. which i read from somewhere it needs to do an injection to get. My asm is very lacking, but I did see in the w2_32.send() function stacktrace.. the first one is the socket handle equal to the one i see from WPE.

Unfortunately, the socket handle only show for a brief milli second during the function call to w2_32.send().. in esp.

my plan was to write an injection to grab the esp right before the w2_32.send() and store it in a symbol.



Code:

define(address,"loginp.exe"+C0B13)
define(bytes,E8 60 DD FF FF)

[ENABLE]

assert(address,bytes)
alloc(newmem,$1000)
alloc(SocketAddress,$1024)

label(code)
label(return)

label(SocketAddress)
registerSymbol(SocketAddress)

newmem:

code:
  push eax
  mov eax,[esp]
  mov [SocketAddress],eax
  jmp return

SocketAddress:

address:
  jmp newmem

return:

[DISABLE]
address:
  db bytes
  // call loginp.exe+BE878

dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: "loginp.exe"+C0B13

"loginp.exe"+C0AF8: 80 78 08 00           -  cmp byte ptr [eax+08],00
"loginp.exe"+C0AFC: 75 0A                 -  jne loginp.exe+C0B08
"loginp.exe"+C0AFE: E8 E5 3D F4 FF        -  call loginp.exe+48E8
"loginp.exe"+C0B03: E9 BC 00 00 00        -  jmp loginp.exe+C0BC4
"loginp.exe"+C0B08: 6A 00                 -  push 00
"loginp.exe"+C0B0A: 56                    -  push esi
"loginp.exe"+C0B0B: 53                    -  push ebx
"loginp.exe"+C0B0C: 8B 45 FC              -  mov eax,[ebp-04]
"loginp.exe"+C0B0F: 8B 40 04              -  mov eax,[eax+04]
"loginp.exe"+C0B12: 50                    -  push eax
// ---------- INJECTING HERE ----------
"loginp.exe"+C0B13: E8 60 DD FF FF        -  call loginp.exe+BE878
// ---------- DONE INJECTING  ----------
"loginp.exe"+C0B18: 89 45 F8              -  mov [ebp-08],eax
"loginp.exe"+C0B1B: 83 7D F8 FF           -  cmp dword ptr [ebp-08],-01
"loginp.exe"+C0B1F: 0F 85 82 00 00 00     -  jne loginp.exe+C0BA7
"loginp.exe"+C0B25: E8 9E DD FF FF        -  call loginp.exe+BE8C8
"loginp.exe"+C0B2A: 89 45 F4              -  mov [ebp-0C],eax
"loginp.exe"+C0B2D: 81 7D F4 33 27 00 00  -  cmp [ebp-0C],00002733
"loginp.exe"+C0B34: 74 71                 -  je loginp.exe+C0BA7
"loginp.exe"+C0B36: 8D 45 F4              -  lea eax,[ebp-0C]
"loginp.exe"+C0B39: 50                    -  push eax
"loginp.exe"+C0B3A: B1 01                 -  mov cl,01
}


[/code]

well somehow this script after being checked stops all packet send afterward even after disable..

Thanks..

2nd question. How do i use c# to find the registersymbol address? since allocation of the memory is different everytime. (At this point, i was going to use aobscan to find that address.)

Thanks.. If there is a easiler way to do so, Please direct me.
Chelvan.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites