[Release] Assembly in C#

10/26/2008 19:29 null#1
Hello,
With this .cs (C# Class) file, you can perform BASIC asm commands, such as
Code:
mov ebp, esp <-- asm.Mov_EBP_ESP();
call dword ptr ds:[00873A1F] <-- asm.Call_DWORD_Ptr(0x00873A1F);
ret <-- asm.Ret();
Assembly in C# is NOT my creation, however, I have modified the source to enable Call's that are not 'Dword Ptr's (this was difficult because to figure out the opcode for jmp ADDY, you have to perform a math sequence on the ADDY (intTohex(((TargetCall - OldAddress) - 10), 8) due to the jmp TARGET being relative to the current address line).

Example:
Code:
            ASM asm = new ASM();
            int CodeCaveAddy = asm.GetAddress(Co2PID);
            MessageBox.Show(asm.IntToHexA(Co2PID));
           asm.Mov_ECX(0x0057FBF0);
           asm.Call(CodeCaveAddy, 0x004C2394);
           asm.Ret();
            asm.RunAsm(Co2PID, CodeCaveAddy);
Replace Co2PID with the process ID of the Conquer Window
If you want the PID worked out for you:

Code:
            Process[] pro = Process.GetProcessesByName("Conquer");
            int conquer = pro[0].Id;
For the 1st active conquer window.


And last but not least, the ASM.cs file! (Attached)
10/27/2008 19:31 _fobos_#2
Quote:
Originally Posted by null View Post
Hello,
With this .cs (C# Class) file, you can perform BASIC asm commands, such as
Code:
mov ebp, esp <-- asm.Mov_EBP_ESP();
call dword ptr ds:[00873A1F] <-- asm.Call_DWORD_Ptr(0x00873A1F);
ret <-- asm.Ret();
Assembly in C# is NOT my creation, however, I have modified the source to enable Call's that are not 'Dword Ptr's (this was difficult because to figure out the opcode for jmp ADDY, you have to perform a math sequence on the ADDY (intTohex(((TargetCall - OldAddress) - 10), 8) due to the jmp TARGET being relative to the current address line).

Example:
Code:
            ASM asm = new ASM();
            int CodeCaveAddy = asm.GetAddress(Co2PID);
            MessageBox.Show(asm.IntToHexA(Co2PID));
           asm.Mov_ECX(0x0057FBF0);
           asm.Call(CodeCaveAddy, 0x004C2394);
           asm.Ret();
            asm.RunAsm(Co2PID, CodeCaveAddy);
Replace Co2PID with the process ID of the Conquer Window
If you want the PID worked out for you:

Code:
            Process[] pro = Process.GetProcessesByName("Conquer");
            int conquer = pro[0].Id;
For the 1st active conquer window.


And last but not least, the ASM.cs file! (Attached)
Good contribution id say :) Keep it up!
10/28/2008 01:05 high6#3
I see you used my disconnect thing as an example XD.

This probably shouldn't be used without changes because anything complicated will be raped by the fact that it stores the data in a string.

Nice idea though.
10/28/2008 02:09 _fobos_#4
Quote:
Originally Posted by high6 View Post
I see you used my disconnect thing as an example XD.

This probably shouldn't be used without changes because anything complicated will be raped by the fact that it stores the data in a string.

Nice idea though.
true
10/28/2008 16:39 null#5
Quote:
Originally Posted by high6 View Post
I see you used my disconnect thing as an example XD.

This probably shouldn't be used without changes because anything complicated will be raped by the fact that it stores the data in a string.

Nice idea though.

Heh, I discovered the disconnect thing long before it was posted here, by hooking MessageBoxA ect.. but yeah, to whoever uses this class should really tweak it.
10/28/2008 16:48 high6#6
Quote:
Originally Posted by null View Post
Heh, I discovered the disconnect thing long before it was posted here, by hooking MessageBoxA ect.. but yeah, to whoever uses this class should really tweak it.
I mean you posted this after I posted the CreateRemoteThread example of it.
10/29/2008 16:31 tanelipe#7
And from now on we shall stay on topic. :p
10/29/2008 17:11 MushyPeas#8
Quote:
Originally Posted by tanelipe View Post
And from now on we shall stay on topic. :p
Psh mean mod, you deleted my post.

Nice topic for anyone using C# who isn't too stupid to use it :rolleyes: