KevinD
Cheater
![]() Reputation: 0
Joined: 15 Apr 2020
Posts: 39
|
 Posted: Tue May 19, 2020 3:28 pm Post subject: CODE INJECTION HELP |
 |
|
Good evening, in my injection code instead of API_x64.exe+FCDC50 I would like to put the future address of the line where there is lea eax, [rcx + 09] (the last line of my script)
How to do ?
alloc(newmem,2048,"API_x64.exe"+FCDC50)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
ja API_x64.exe+FCDC50
cmp ecx,01
cmove eax,r8d
cmp eax,3F
ja API_x64.exe+FCDC50
mov rdx,[r9+rax*8]
test rdx,rdx
je API_x64.exe+FCDC50
cmp [rdx+00000118],r12d
je API_x64.exe+FCDC50
cmp [rdx+0000011C],r12d
je API_x64.exe+FCDC50
mov eax,ebx
mov [rbp+rax*8+000012D0],rdx
mov ebx,[rbp-70]
inc ebx
mov [rbp-70],ebx
lea eax,[rcx+09]
originalcode:
lea eax,[rcx+08]
cmp eax,09
exit:
jmp returnhere
"API_x64.exe"+FCDC50:
jmp newmem
nop
returnhere:
|
|
happyTugs
Cheater
 Reputation: 0
Joined: 23 Apr 2020
Posts: 26
|
| Posted: Thu May 21, 2020 5:37 am Post subject: |
|
|
| Quote: | | instead of API_x64.exe+FCDC50 I would like to put the future address of the line where there is lea eax, [rcx + 09] |
So you want to jump to 'orginalcode' instead? If that's the case, just replace the jumps to API_x64.exe+FCDC50 with the label that you want to jump to (i.e orginalcode).
_________________
This is a block of text that can be added to posts you make. There is a 300 character limit |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
