This is my video tutorial on writing Code Caves.
Click here for part 1 – Finding the Values!
Click here for part 2 – Writing the Code Cave!
Enjoy.
This is my video tutorial on writing Code Caves.
Click here for part 1 – Finding the Values!
Click here for part 2 – Writing the Code Cave!
Enjoy.
I got it working now, the problem was it was a x64 app trying to inject into a x86 app.
Nope. There are a lot of C++ sources though and it is better to write an injector in that language anyway.
I’ve also been trying to get my C# dll injector working for a while now but no luck so far. Do you know how to make a C# dll injector for windows 7 x64?
Very nice that is exactly how you do it!
I wrote a C# injector of this, one method using your code cave, the other, allocating memory:
private void static_inject_btn_Click(object sender, EventArgs e)
{
RWM = new RWMemory(“Winmine__XP”);
byte[] Injected_code =
{
0x60,//PUSHAD
0xC1, 0xE1, 0x05,//SHL ECX,5
0x8D, 0x94, 0x08, 0x40, 0x53, 0x00, 0x01,//LEA EDX,DWORD PTR DS:[EAX+ECX+1005340]
0xF6, 0x02, 0x8F,//TEST BYTE PTR DS:[EDX],8F
0x61,//POPAD
0x0F, 0x85, 0x45, 0xEE, 0xFF, 0xFF,//JNZ 010038B6
0x51,//PUSH ECX
0x50,//PUSH EAX
0xE8, 0x9A, 0xEA, 0xFF, 0xFF,//CALL 01003512
0xE9, 0x39, 0xEE, 0xFF, 0xFF//JMP 010038B6
};
byte[] JMP_to_loc =
{
0xE9, 0xA8, 0x11, 0x00, 0x00,//JMP 01004A5C
0x90,//NOP
0x90//NOP
};
if (RWM.WriteMemBytes((IntPtr)0x01004A5C, Injected_code))
RWM.WriteMemBytes((IntPtr)0x010038AF, JMP_to_loc);
}
private void dynamic_inject_btn_Click(object sender, EventArgs e)
{
RWM = new RWMemory(“Winmine__XP”);
int StartHere = 0x010038AF;
int ReturnHere = 0x010038B6;
int JumpHere = (int)RWM.AllocateMemory(0x21);//size of injected code
byte[] JMP_to_code = BitConverter.GetBytes(JumpHere – (StartHere + 5));
byte[] JNZ_Return = BitConverter.GetBytes(ReturnHere – (JumpHere + 21));
byte[] CALL_Func = BitConverter.GetBytes(0x01003512 – (JumpHere + 28));
byte[] JMP_Return = BitConverter.GetBytes(ReturnHere – (JumpHere + 33));
byte[] Injected_code =
{
0x60,//PUSHAD
0xC1, 0xE1, 0x05,//SHL ECX,5
0x8D, 0x94, 0x08, 0x40, 0x53, 0x00, 0x01,//LEA EDX,DWORD PTR DS:[EAX+ECX+1005340]
0xF6, 0x02, 0x8F,//TEST BYTE PTR DS:[EDX],8F
0x61,//POPAD
0x0F, 0x85, JNZ_Return[0], JNZ_Return[1], JNZ_Return[2], JNZ_Return[3],//JNZ 010038B6
0x51,//PUSH ECX
0x50,//PUSH EAX
0xE8, CALL_Func[0], CALL_Func[1], CALL_Func[2], CALL_Func[3],//CALL 01003512
0xE9, JMP_Return[0], JMP_Return[1], JMP_Return[2], JMP_Return[3]//JMP 010038B6
};
byte[] JMP_to_loc =
{
0xE9, JMP_to_code[0], JMP_to_code[1], JMP_to_code[2], JMP_to_code[3],//JMP to injceted code
0x90,//NOP
0x90//NOP
};
if (RWM.WriteMemBytes((IntPtr)JumpHere, Injected_code))
RWM.WriteMemBytes((IntPtr)StartHere, JMP_to_loc);
}
Awesome tutorial, is there any sites you would recommend for learning assembly?
Hmm I guess I can make a small introduction into assembly. I just learned it with time.