Difference between revisions of "Auto Assembler Example 1"
(Replaced content with '<span style="font-size:25px;color:red">Sorry! Content not available.</span>') |
m (Reverted edits by This content is not available (Talk) to last revision by TheyCallMeTim13) |
||
Line 1: | Line 1: | ||
− | < | + | [[Category:Assembler]] |
+ | Take the following simple example: | ||
+ | <pre> | ||
+ | alloc(MyCode, 512) // allocate 512 bytes inside open process and store address in MyCode | ||
+ | label(MyData) // MyData is defined later, set value when assembler hits it | ||
+ | registersymbol(MyCode) // make MyCode available everywhere | ||
+ | registersymbol(MyData) // make MyData available everywhere | ||
+ | |||
+ | MyCode: // start assembling in allocated memory | ||
+ | mov eax, [400000] | ||
+ | mov [MyData], eax | ||
+ | mov [MyData+4], 12345678 | ||
+ | ret | ||
+ | |||
+ | MyData: // value will be set to address after ret | ||
+ | |||
+ | CreateThread(MyCode) // create new thread in open process | ||
+ | </pre> | ||
+ | |||
+ | This allocates 512 bytes and assigns the label MyCode to it. It then lets the assembler know that MyData is used as a label later, and the autoassembler should set it's value to wherever it left off assembling code (the byte after ret). It then registers MyCode and MyData as symbols, letting you enter them when you "Goto address" in the Memory Viewer window, or you can use an address of "MyData" or "MyData+4" for example in your cheat table. | ||
+ | |||
+ | It then assembles the code into the memory pointed to by MyCode (5F60000) and sets MyData to point to the address after it assembles the ret instruction (5F60016). Finally CreateThread creates a new thread inside the process and starts executing code at the MyCode address. The results are here, notice the 4 bytes after the ret are the 4 bytes at 4000000 inside the process and the 4 bytes after that are 78 56 34 12 from the second mov: | ||
+ | <pre> | ||
+ | MyCode - A1 00004000 - mov eax,[00400000] : [00905A4D] | ||
+ | 05F60005 - 89 05 1600F605 - mov [MyData],eax | ||
+ | 05F6000B - C7 05 1A00F605 78563412 - mov [05F6001A],12345678 | ||
+ | 05F60015 - C3 - ret | ||
+ | MyData - 4D - dec ebp | ||
+ | 05F60017 - 5A - pop edx | ||
+ | 05F60018 - 90 - nop | ||
+ | 05F60019 - 00 78 56 - add [eax+56],bh | ||
+ | 05F6001C - 34 12 - xor al,12 | ||
+ | </pre> | ||
+ | |||
+ | When you click the "Add Address Manually" button on the main Cheat Engine form (just above the table on the right below the scan info), you can use MyData as the address because we registered the symbol: | ||
+ | |||
+ | [[File:Aa_simple_ct1.png]] | ||
+ | |||
+ | And it will show in the table: | ||
+ | |||
+ | [[File:Aa_simple_ct2.png]] |
Revision as of 19:09, 18 March 2019
Take the following simple example:
alloc(MyCode, 512) // allocate 512 bytes inside open process and store address in MyCode label(MyData) // MyData is defined later, set value when assembler hits it registersymbol(MyCode) // make MyCode available everywhere registersymbol(MyData) // make MyData available everywhere MyCode: // start assembling in allocated memory mov eax, [400000] mov [MyData], eax mov [MyData+4], 12345678 ret MyData: // value will be set to address after ret CreateThread(MyCode) // create new thread in open process
This allocates 512 bytes and assigns the label MyCode to it. It then lets the assembler know that MyData is used as a label later, and the autoassembler should set it's value to wherever it left off assembling code (the byte after ret). It then registers MyCode and MyData as symbols, letting you enter them when you "Goto address" in the Memory Viewer window, or you can use an address of "MyData" or "MyData+4" for example in your cheat table.
It then assembles the code into the memory pointed to by MyCode (5F60000) and sets MyData to point to the address after it assembles the ret instruction (5F60016). Finally CreateThread creates a new thread inside the process and starts executing code at the MyCode address. The results are here, notice the 4 bytes after the ret are the 4 bytes at 4000000 inside the process and the 4 bytes after that are 78 56 34 12 from the second mov:
MyCode - A1 00004000 - mov eax,[00400000] : [00905A4D] 05F60005 - 89 05 1600F605 - mov [MyData],eax 05F6000B - C7 05 1A00F605 78563412 - mov [05F6001A],12345678 05F60015 - C3 - ret MyData - 4D - dec ebp 05F60017 - 5A - pop edx 05F60018 - 90 - nop 05F60019 - 00 78 56 - add [eax+56],bh 05F6001C - 34 12 - xor al,12
When you click the "Add Address Manually" button on the main Cheat Engine form (just above the table on the right below the scan info), you can use MyData as the address because we registered the symbol:
And it will show in the table: