Disconnect... How to??

Page 2 of 2 1 2
10/26/2008 20:32 high6#16
Quote:
Originally Posted by null View Post
In short, here's how to do it if using C++
Code:
mov ecx, dword ptr ds:[0057FBF0]
call 004C2394
Not a hard peice of code, but implementing code is always the tricky part when it comes to ASM for me.
That will only work in a dll injected into conquer.
10/28/2008 05:43 *M*#17
Quote:
Originally Posted by high6 View Post
That will only work in a dll injected into conquer.
It it possible to make a static pointer in a c++ Dll thats to be injected,

eg atm I have a
const int * BOB;

and my asm
MOV BOB,EAX '(eax contains the current packet pre-encryption)
MOV EAX,005219D0h
JMP Origin

This moves the address of eax(eg 13F8FD), I can then use an external program to read BOB to a textbox or whatever, but as BOB changes each time I have to recompile the program to read BOB
10/28/2008 05:50 high6#18
Quote:
Originally Posted by *M* View Post
It it possible to make a static pointer in a c++ Dll thats to be injected,

eg atm I have a
const int * BOB;

and my asm
MOV BOB,EAX '(eax contains the current packet pre-encryption)
MOV EAX,005219D0h
JMP Origin

This moves the address of eax(eg 13F8FD), I can then use an external program to read BOB to a textbox or whatever, but as BOB changes each time I have to recompile the program to read BOB
I meant calling that function from your app with that assembly code wont work unless it is an inject dll because the function is in CO.
10/28/2008 06:01 *M*#19
Quote:
Originally Posted by high6 View Post
I meant calling that function from your app with that assembly code wont work unless it is an inject dll because the function is in CO.
Oh yeah I know that, this is sort of off-topic, for my own project
10/28/2008 06:36 high6#20
ah, well you quoted me so...

Reminds me I should post my project tonight.
10/28/2008 06:42 *M*#21
Quote:
Originally Posted by high6 View Post
ah, well you quoted me so...

Reminds me I should post my project tonight.
K, but is it possible?
10/28/2008 07:14 high6#22
Quote:
Originally Posted by *M* View Post
K, but is it possible?
O, you typed "It it" so you confused me there.

Anyways yes and no.

It will not make it the static that you want. Why? Well because LoadLibrary tries to place the DLL at it's default ImageBase but if that is not free it will relocate it to another region in memory.

So to read the address you will need to get the address to the "static" value and remove the base. Once you do that to use you just add the injected dlls image base.

[Only registered and activated users can see links. Click Here To Register...]

GetRemoteModuleBaseAddress() will get the base address of a remote module.

personally I would just VirtualAlloc some memory and write the instructions to it like a codecave for that amount of code.
Page 2 of 2 1 2