| View previous topic :: View next topic |
| Author |
Message |
Jordancyre
Newbie cheater
![]() Reputation: 0
Joined: 30 May 2017
Posts: 11
|
 Posted: Mon Sep 20, 2021 9:43 am Post subject: Launching external program via assembly injection |
 |
|
I'm trying to launch calc.exe in response to a trigger using code injection. Is such a thing even possible?
I have this C++ program:
| Code: |
#include <iostream>
using namespace std;
int main() {
system("calc.exe");
}
|
And in assembly it should be this:
| Code: |
.LC0:
.string "calc.exe"
main:
push rbp
mov rbp, rsp
mov edi, OFFSET FLAT:.LC0
call system
mov eax, 0
pop rbp
ret
__static_initialization_and_destruction_0(int, int):
push rbp
mov rbp, rsp
sub rsp, 16
mov DWORD PTR [rbp-4], edi
mov DWORD PTR [rbp-8], esi
cmp DWORD PTR [rbp-4], 1
jne .L5
cmp DWORD PTR [rbp-8], 65535
jne .L5
mov edi, OFFSET FLAT:_ZStL8__ioinit
call std::ios_base::Init::Init() [complete object constructor]
mov edx, OFFSET FLAT:__dso_handle
mov esi, OFFSET FLAT:_ZStL8__ioinit
mov edi, OFFSET FLAT:_ZNSt8ios_base4InitD1Ev
call __cxa_atexit
.L5:
nop
leave
ret
_GLOBAL__sub_I_main:
push rbp
mov rbp, rsp
mov esi, 65535
mov edi, 1
call __static_initialization_and_destruction_0(int, int)
pop rbp
ret
|
Cheat engine throws errors saying that there are lines that cannot be compiled. I don't know if this is just a limitation of CE or if I have to make some edits to get it to work.
This is purely out of curiosity's sake. I'm a security researcher working on a talk on assembly injection. If I can get this to work I will use it in my talk as an example.
|
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Mon Sep 20, 2021 12:40 pm Post subject: |
|
|
Call CreateProcessA / CreateProcessW / ShellExecuteA / ShellExecuteW instead of using 'system()'.
_________________
- Retired. |
|
| Back to top |
|
|
Jordancyre
Newbie cheater
![]() Reputation: 0
Joined: 30 May 2017
Posts: 11
|
| Posted: Mon Sep 20, 2021 3:51 pm Post subject: |
|
|
| atom0s wrote: | | Call CreateProcessA / CreateProcessW / ShellExecuteA / ShellExecuteW instead of using 'system()'. |
OK I have new code now that works in Visual Studio.
| Code: |
#include<iostream>
#include<Windows.h>
using namespace std;
int main()
{
ShellExecute(NULL,L"open",L"C:\\Windows\\System32\\calc.exe",NULL,NULL,SW_SHOWDEFAULT);
system("pause");
return 0;
}
|
Forgive me if this is a noob question. How can I get this Code in cheat engine? Ideally I want to create a script that executes this code on a trigger like using an item.
Let's say I've already isolated the instructions where I want to put my code. In the memory view I would go to "Tools > Auto assemble" and it would pull up my script window.
Can I paste my code in there?
Usually I would go to "Template > AOB Injection" and then manually change the assembly to what I wanted but I feel like there is a way to use this C++ code that I am not seeing. Do I need to convert this into Assembly first and do it that way?
Again forgive me as I know this is a_strange_thing_to_ask_erwin.png...
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Thu Sep 23, 2021 3:34 pm Post subject: |
|
|
You can use CE 7.3's new {$c} / {$ccode} blocks in auto-assembler scripts which can run straight C code now at the point of injection.
_________________
- Retired. |
|
| Back to top |
|
|
Jordancyre
Newbie cheater
![]() Reputation: 0
Joined: 30 May 2017
Posts: 11
|
| Posted: Fri Sep 24, 2021 11:46 am Post subject: |
|
|
| atom0s wrote: | | You can use CE 7.3's new {$c} / {$ccode} blocks in auto-assembler scripts which can run straight C code now at the point of injection. |
Will it run C++?
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Fri Sep 24, 2021 1:19 pm Post subject: |
|
|
| Jordancyre wrote: | | atom0s wrote: | | You can use CE 7.3's new {$c} / {$ccode} blocks in auto-assembler scripts which can run straight C code now at the point of injection. |
Will it run C++? |
No, it's a mini-C compiler (TinyC to be specific) so only C code works. However, calling Win32 API like ShellExecute works fine with it since the Win32 API was designed as a C-level API.
_________________
- Retired. |
|
| Back to top |
|
|
RahA777
How do I cheat?
![]() Reputation: 0
Joined: 26 Oct 2021
Posts: 1
|
| Posted: Tue Oct 26, 2021 4:55 am Post subject: Re: |
|
|
| atom0s wrote: | | Jordancyre wrote: | | atom0s wrote: | | You can use CE 7.3's new {$c} / {$ccode} blocks in auto-assembler scripts which can run straight C code now at the point of injection. |
Will it run C++? |
No, it's a mini-C compiler (TinyC to be specific) so only C code works. However, calling Win32 API like ShellExecute works fine with it since the Win32 API was designed as a C-level API. |
I agree.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
