View previous topic :: View next topic |
Author |
Message |
DevilMan001 How do I cheat? Reputation: 0
Joined: 17 Jun 2018 Posts: 6
|
Posted: Fri Sep 14, 2018 10:03 am Post subject: Read the value of RBX Address form an AA Script |
|
|
Hi guys, i have an auto assembler script with this op code:
mov [EntityPtr], rbx
i can know the value of rbx using the EntityPtr symbol. How can i access directly to rbx without using the EntityPtr symbol ? I need to create a c++ stand alone application, so i need to know the value of RBX and it's pointer chain.
Full AA Script:
Code: |
alloc(EntityPtr,8)
registersymbol(EntityPtr)
aobscanmodule(targetedEntityInfo,asd.exe,8B D1 48 8B 0D ? ? ? ? 48 81 C1 E8 0D 00 00 E9)
alloc(newmemTT,256,targetedEntityInfo)
label(codeTT)
label(returnTT)
newmemTT:
mov [EntityPtr],rbx
codeTT:
mov edx,ecx
mov rcx,[MenuManBase]
jmp returnTT
targetedEntityInfo:
jmp newmemTT
nop
nop
nop
nop
returnTT:
registersymbol(targetedEntityInfo) |
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Fri Sep 14, 2018 10:09 am Post subject: |
|
|
You'd just code things in the same manner in C++ as you did with the code cave in the AA script. Create the cave, jump to it, store RBX's value into a C++ variable like the AA script is doing, and jump back to the normal code.
_________________
- Retired. |
|
Back to top |
|
|
DevilMan001 How do I cheat? Reputation: 0
Joined: 17 Jun 2018 Posts: 6
|
Posted: Fri Sep 14, 2018 10:18 am Post subject: |
|
|
I had thought about it, but the target application is 64bit. And Visual Studio doesn't support in-line asm for 64 bit application. How can i solve this problem?
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8517 Location: 127.0.0.1
|
Posted: Fri Sep 14, 2018 11:08 am Post subject: |
|
|
DevilMan001 wrote: | I had thought about it, but the target application is 64bit. And Visual Studio doesn't support in-line asm for 64 bit application. How can i solve this problem? |
You can still write the code out in raw bytes instead. Or use a different compiler.
You can also write the ASM in actual ASM files and link them to the project still with VS in 64bit mode, it's more work but is still possible, you just can't write it in inline manners like naked functions and so on.
_________________
- Retired. |
|
Back to top |
|
|
DevilMan001 How do I cheat? Reputation: 0
Joined: 17 Jun 2018 Posts: 6
|
Posted: Fri Sep 14, 2018 1:05 pm Post subject: |
|
|
Thank you very much atom0s !
|
|
Back to top |
|
|
|