thenewcomer
Newbie cheater
![]() Reputation: 0
Joined: 09 Mar 2013
Posts: 22
Location: Behind you
|
 Posted: Thu Jul 18, 2013 11:42 pm Post subject: code caves in autoassembly |
 |
|
Alright, before i ask anything let me give some details. I am trying to find an array of bytes, and use a codecave to have it do whatever it is i want before those bytes are used.
let me try and explain in assembly terms. Basically what i'm looking for is wherever ?? ?? ?? ?? ?? bytes are in memory, i want it to jmp to the codecave, store the flags/registers, run the code i want, xor everything, put the flags and registers back, run the original bytes, and jmp back to where the bytes were and run like normal.
my problem is how would i go about doing this in auto assembly? im not sure how the autoassembly works and i wanted to ask you guys before just trying to figure it out on my own. does it run the assembly BEFORE the bytes? or afterwards. and i'll probably need help on the storing of registers/flags. the best i could come up with was label a name and just dump them onto it for storage.
my code (which is terribly incomplete) looks something like this
[ENABLE]
alloc
label(storage)
storage,registers
storage,flags
* * * * * (whatever bytes i want here)
xor registers,registers
xor flags,flags
push storage
?? ?? ?? ?? ?? original bytes here
[DISABLE]
?? ?? ?? ?? ?? original bytes here
dealloc
p.s. im very sorry if im asking too much, or if i sound like a noob. honestly i AM a noob.
_________________
-TNC |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
