Turkeychopio
Cheater
![]() Reputation: 0
Joined: 06 Aug 2014
Posts: 36
|
 Posted: Thu Mar 14, 2019 5:22 pm Post subject: Symbols and Pointers |
 |
|
Hello,
I've come across an odd scenario where the value i'm looking at only has an address and is only referred to as such.
Rather than my address being like [RSI+24] it's just an address
| Code: | 0F165C05: 74 07 - je 0F165C0E
// ---------- INJECTING HERE ----------
0F165C07: 83 05 94 5A 45 01 0A - add dword ptr [01455A94],0A
// ---------- DONE INJECTING ----------
0F165C0E: A1 94 5A 45 01 - mov eax,[01455A94] |
This confuses me since I don't understand how I can get a pointer from this, normally I make a label, register symbol and do like 'mov [symbol],esi then in address list i'll add the offset.
I found an example of someone doing it on internet but I've no idea how it works
| Code: | [ENABLE]
aobscan(clock,83 05 * * * * 0A A1 * * * * B9)
label(clock_ptr)
clock+2:
clock_ptr:
registersymbol(clock)
registersymbol(clock_ptr)
[DISABLE]
clock+6:
db 0A
unregistersymbol(clock)
unregistersymbol(clock_ptr) |
Using the address [clock_ptr] works but how does it? In the assembler it doesn't look like anything is mov'ed into it
EDIT: I've tried backtracking and I see lines like 'mov [01455A94],eax' so I thought i'd yoink the time from there but no matter where I try it crashes
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
