Difference between revisions of "Tutorial:CodeInjection Integers"
Jump to navigation
Jump to search
(Replaced content with '<span style="font-size:25px;color:red">Sorry! Content not available.</span>') |
m (Reverted edits by This content is not available (Talk) to last revision by TheyCallMeTim13) |
||
| Line 1: | Line 1: | ||
| − | < | + | <!-- Tutorial:CodeInjection_Integers --> |
| + | [[Category:Tutorial]] | ||
| + | [[Category:Auto Assembler]] | ||
| + | {{DISPLAYTITLE:Code Injection - Working with Integers}} | ||
| + | This tutorial builds on the topic of Code Injection: | ||
| + | {{TutorialsCodeInjection}} | ||
| + | |||
| + | <br> | ||
| + | Let's say you have an integer and some code that increases the value. | ||
| + | <pre> | ||
| + | add [eax+10],ecx | ||
| + | </pre> | ||
| + | <blockquote> | ||
| + | What if what writes to the value is only a [[Assembler:Commands:MOV|MOV]]. Try to find a spot above the write instruction that has an [[Assembler:Commands:ADD|ADD]] (or a [[Assembler:Commands:SUB|SUB]] depending on what you want to do). | ||
| + | <pre> | ||
| + | add ecx,ebx | ||
| + | //... | ||
| + | mov [eax+10],ecx | ||
| + | </pre> | ||
| + | </blockquote> | ||
| + | |||
| + | <br> | ||
| + | == Hardcoded value == | ||
| + | We could just hardcode a value for this. | ||
| + | <pre> | ||
| + | add dword ptr [eax+10],(int)100 // #100 //// "#" is a short hand for integer | ||
| + | </pre> | ||
| + | |||
| + | <br> | ||
| + | == Editable value == | ||
| + | We could use a [[Auto Assembler:label|label]], giving it some memory. And optionally [[Auto_Assembler:registerSymbol|register]] it so the label can be used on the table as an address. | ||
| + | <pre> | ||
| + | //... | ||
| + | alloc(someMem, 0x400) | ||
| + | //... | ||
| + | label(someSymbol) | ||
| + | registerSymbol(someSymbol) | ||
| + | //... | ||
| + | someMem: | ||
| + | //... | ||
| + | mov ecx,[someSymbol] | ||
| + | add [eax+10],ecx | ||
| + | //... | ||
| + | jmp return | ||
| + | //... | ||
| + | someSymbol: | ||
| + | dd (int)100 | ||
| + | //... | ||
| + | </pre> | ||
| + | |||
| + | <br> | ||
| + | == Adding a Multiplier == | ||
| + | We could add an editable value like above but use [[Assembler:Commands:IMUL|IMUL]] to add a multiplier to the script. | ||
| + | <pre> | ||
| + | //... | ||
| + | alloc(someMem, 0x400) | ||
| + | //... | ||
| + | label(someSymbol) | ||
| + | registerSymbol(someSymbol) | ||
| + | //... | ||
| + | someMem: | ||
| + | //... | ||
| + | imul ecx,[someSymbol] | ||
| + | add [eax+10],ecx | ||
| + | //... | ||
| + | jmp return | ||
| + | //... | ||
| + | someSymbol: | ||
| + | dd (int)10 | ||
| + | //... | ||
| + | </pre> | ||
| + | |||
| + | <br> | ||
| + | == Fractional Multiplier == | ||
| + | But what if we wanted to be able to multiply by a fractional number (i.e.: "0.5"). Well this can take a bit more, but we can use [[Assembler:Commands:CVTSI2SS|CVTSI2SS]] and [[Assembler:Commands:CVTSS2SI|CVTSS2SI]] to convert the value form an integer to a float and back a gain. Then we can just use [[Assembler:Commands:MULSS|MULSS]] to do the multiplying, but we will need an [[Assembler#Structure|XMM]] [[Assembler#Registers|registry]] to work with. So we will need some extra memory and use [[Assembler:Commands:MOVUPS|MOVUPS]] to save and restore the XMM registry. | ||
| + | <pre> | ||
| + | //... | ||
| + | alloc(someMem, 0x400) | ||
| + | //... | ||
| + | label(someSymbol) | ||
| + | registerSymbol(someSymbol) | ||
| + | label(extraStuff) | ||
| + | //... | ||
| + | someMem: | ||
| + | //... | ||
| + | movups [extraStuff],xmm0 //// save | ||
| + | cvtsi2ss xmm0,ecx | ||
| + | mulss xmm0,[someSymbol] | ||
| + | cvtss2si ecx,xmm0 | ||
| + | movups xmm0,[extraStuff] //// restore | ||
| + | //... | ||
| + | jmp return | ||
| + | //... | ||
| + | someSymbol: | ||
| + | dd (int)10 | ||
| + | extraStuff: | ||
| + | dd 0 //// Data double-word (4 bytes) | ||
| + | dd 0 | ||
| + | dq 0 //// Data quad-word (8 bytes) | ||
| + | //... | ||
| + | </pre> | ||
| + | |||
| + | <br> | ||
| + | == Calculate a value for a Multiplier == | ||
| + | Let's say we just can't find an [[Assembler:Commands:ADD|ADD]] or a [[Assembler:Commands:SUB|SUB]], and all we have is a [[Assembler:Commands:MOV|MOV]]. | ||
| + | <pre> | ||
| + | mov [eax+10],ecx | ||
| + | </pre> | ||
| + | |||
| + | We can just do some math in the script, to calculate a value for a multiplier. | ||
| + | <pre> | ||
| + | //... | ||
| + | alloc(someMem, 0x400) | ||
| + | //... | ||
| + | label(someSymbol) | ||
| + | registerSymbol(someSymbol) | ||
| + | //... | ||
| + | someMem: | ||
| + | //... | ||
| + | sub ecx,[eax+10] | ||
| + | imul ecx,[someSymbol] | ||
| + | add ecx,[eax+10] | ||
| + | mov [eax+10],ecx | ||
| + | //... | ||
| + | jmp return | ||
| + | //... | ||
| + | someSymbol: | ||
| + | dd (int)10 | ||
| + | //... | ||
| + | </pre> | ||
| + | |||
| + | <br> | ||
| + | == See Also == | ||
| + | {{TutorialsAA}} | ||
Revision as of 19:07, 18 March 2019
This tutorial builds on the topic of Code Injection:
- Code Injection - Basic injection
- Code Injection - Full injection
- Code Injection - Adding Editable Values
- Code Injection - Working with Integers
- Code Injection - Working with Floats
Let's say you have an integer and some code that increases the value.
add [eax+10],ecx
What if what writes to the value is only a MOV. Try to find a spot above the write instruction that has an ADD (or a SUB depending on what you want to do).
add ecx,ebx //... mov [eax+10],ecx
Contents
Hardcoded value
We could just hardcode a value for this.
add dword ptr [eax+10],(int)100 // #100 //// "#" is a short hand for integer
Editable value
We could use a label, giving it some memory. And optionally register it so the label can be used on the table as an address.
//...
alloc(someMem, 0x400)
//...
label(someSymbol)
registerSymbol(someSymbol)
//...
someMem:
//...
mov ecx,[someSymbol]
add [eax+10],ecx
//...
jmp return
//...
someSymbol:
dd (int)100
//...
Adding a Multiplier
We could add an editable value like above but use IMUL to add a multiplier to the script.
//...
alloc(someMem, 0x400)
//...
label(someSymbol)
registerSymbol(someSymbol)
//...
someMem:
//...
imul ecx,[someSymbol]
add [eax+10],ecx
//...
jmp return
//...
someSymbol:
dd (int)10
//...
Fractional Multiplier
But what if we wanted to be able to multiply by a fractional number (i.e.: "0.5"). Well this can take a bit more, but we can use CVTSI2SS and CVTSS2SI to convert the value form an integer to a float and back a gain. Then we can just use MULSS to do the multiplying, but we will need an XMM registry to work with. So we will need some extra memory and use MOVUPS to save and restore the XMM registry.
//...
alloc(someMem, 0x400)
//...
label(someSymbol)
registerSymbol(someSymbol)
label(extraStuff)
//...
someMem:
//...
movups [extraStuff],xmm0 //// save
cvtsi2ss xmm0,ecx
mulss xmm0,[someSymbol]
cvtss2si ecx,xmm0
movups xmm0,[extraStuff] //// restore
//...
jmp return
//...
someSymbol:
dd (int)10
extraStuff:
dd 0 //// Data double-word (4 bytes)
dd 0
dq 0 //// Data quad-word (8 bytes)
//...
Calculate a value for a Multiplier
Let's say we just can't find an ADD or a SUB, and all we have is a MOV.
mov [eax+10],ecx
We can just do some math in the script, to calculate a value for a multiplier.
//...
alloc(someMem, 0x400)
//...
label(someSymbol)
registerSymbol(someSymbol)
//...
someMem:
//...
sub ecx,[eax+10]
imul ecx,[someSymbol]
add ecx,[eax+10]
mov [eax+10],ecx
//...
jmp return
//...
someSymbol:
dd (int)10
//...
