| View previous topic :: View next topic |
| Author |
Message |
mgr.inz.Player
I post too much
 Reputation: 218
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
 Posted: Wed Sep 14, 2016 5:31 am Post subject: |
 |
|
| hhhuut wrote: | | About two days ago that has been changed in the SVN, so if you download and compile the source yourself, you'll get the "jmp newmem" coded by default, but in the public release, you still have the "jmp code". |
Damn. I didn't notice this. (there's nothing about this modification in github commits titles/descriptions)
This will break my "Custom 'AOB Injection' Templates" extension. (edit: I fixed it.)
@DB, why?
_________________
|
|
| Back to top |
|
 |
STN
I post too much
 Reputation: 42
Joined: 09 Nov 2005
Posts: 2672
|
| Posted: Wed Sep 14, 2016 6:45 am Post subject: |
|
|
I liked the jmp code, like someone else here said you could write data variables and other stuff above code like in masm.
But i couldn't give a shit where it jumps to and i don't think it affects a newbie. If he doesn't understand the difference between jmp newmem and jmp code then he needs to learn more before he can start writing scripts. Geri has nothing to do with this and he probably wouldn't care either so let him rest in peace.
Anyway, it seems DB decided to go back to jmp newmem so yay i guess ?
_________________
|
|
| Back to top |
|
|
predprey
Master Cheater
![]() Reputation: 24
Joined: 08 Oct 2015
Posts: 486
|
| Posted: Wed Sep 14, 2016 7:22 am Post subject: |
|
|
more of a user preference than bug. if it irks you just use mgr.inz's custom aob templates extension and customize the templates to your liking. that was how i did it.
| peter4d5 wrote: | From CE Code Injection Template
| Code: |
,
,
[ENABLE]
alloc(newmem,2048,"calc.exe"+1B9DC)
label(returnhere)
label(originalcode)
label(exit)
newmem:
//place your code here //<------ what is this meaning?
originalcode:
sub rsp,000000B0
exit:
jmp returnhere
"calc.exe"+1B9DC:
jmp newmem //<------- Why 'jmp newmem'? Why not 'jmp originalcode'?
nop
nop
returnhere:
;
;
|
|
"place your code here" means exactly that, write your ASM there. suppose you followed the comment's guideline and wrote it below "newmem:", using "jmp originalcode" would have jumped right to the original ASM instructions and skipped over what you wrote, so "jmp newmem" is correct. suppose you wrote your ASM below "originalcode:" together with the original instructions then both "jmp newmem" and "jmp originalcode" works. some people like me prefer having one labels only others prefer more to denote original instructions. play around with CE's label function and compare the generated instructions and you will understand what i just said better.
Last edited by predprey on Wed Sep 14, 2016 7:33 am; edited 1 time in total |
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25296
Location: The netherlands
|
| Posted: Wed Sep 14, 2016 7:29 am Post subject: |
|
|
You can also put it at the end; or just add an alloc(data, 2048)
The data section will then be in the same 4k page anyhow
Also, next version has an align option you can use if you did this because of alignment issues
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
danrevella
Master Cheater
 Reputation: 2
Joined: 11 Jun 2008
Posts: 290
|
| Posted: Wed Sep 14, 2016 7:31 am Post subject: |
|
|
@all:
here is a matter of personal opinion, so here is my personal opinion:
-) don't care if jmp to code o newmem, more important is that the added comment is according to the situation.
-) I like a template who also a newbie may utilize without editing it, an expert may always edit it with no problem, while a newbie at least in his initial phase does need something elementar.... (f.e. I need it...  )
About Geri..... yes... he has nothingh to do with the question, BTW I like remember he as he was a very special "human" person.
Thanks to this "unnecessary" discussion, I have re-read many post, also many MP, plus also any script so I may tell you I have with this occasion any new info that will help me in future when I'll write new scripts......
Even worse, I have constate that both admin and "major" member of this forum were always really kind and patient with me and with the newbie in general, so
MANY THANKS TO ALL!!!
peace&love
danrevella
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Wed Sep 14, 2016 6:56 pm Post subject: |
|
|
| I personally would always change it to "jmp newmem" because, if the script was complicated enough to warrant a code cave and not just NOPs, chances are it was going to have a conditional jump in it. So the conditional jump would always jump to "code".
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
