[Help] ASM "db" to C++

03/01/2013 14:05 iCraziE#1
I am having a little trouble converting my asm script into C++ for dll injection.

Here is the ASM code.

Code:
mov ecx,[Value]
mov [eax+08],ecx
mov edx, [eax+04]
jmp return

Value:
db 00 00 42 43
Now in C++ i have it written like this..

Code:
	{ 
		__asm
		{
			mov ecx,[Value]
			mov [eax+0x08],ecx
			mov edx,[eax+0x04]
			jmp [Return]
                       
                        Value:
                        db 00 00 42 43
		}
	}
but it tells me that "db" is not recognized. I did some research and I found that C++ inline asm can't recognize some operands such as "db".

But how do I go around this. I also tried using this.

Code:
#define Value __asm _emit 0x00 __asm _emit 0x00 __asm _emit 0x42 __asm _emit 0x43
But that results in a crash on the target process.

If anyone has an alternative solution, or some way I could directly write the bytes at a codecave that would be great.
03/01/2013 16:59 Jeoni#2
Code:
		__asm
		{
			mov ecx, 0x43420000
			mov [eax+0x08],ecx
			mov edx,[eax+0x04]
			jmp [Return]
		}
I hope that's it ;)
With best regards
Jeoni
03/01/2013 18:58 iCraziE#3
Thanks, but no that is not it. :( Still resulted in a crash.
03/01/2013 18:58 Raz9r#4
Inline Assembly is kinda limited:
You may do something like
Code:
char value[4] = { 0x00, 0x00, 0x42, 0x43 };
and then refer to that using inline assembly.

Another way to do this is using the _emit keyword together with LEA (load effective address), which is supported by inline assembly using __asm.

For further information: [Only registered and activated users can see links. Click Here To Register...]
03/02/2013 12:38 iCraziE#5
It worked out for me, with some minor moderations.

I had to declare it as

Code:
DWORD Value[] = { 42, 43 }
and the reference had to be

Code:
mov ecx,([Value] - 8)
For some reason the data it filled at the address was 3000 but if i went back 8 bytes, I could see the code i wanted, 00 00 42 43

i tried it your way, but it seemed to make each one 4 bytes. and i would get.

Code:
00 00 00 00 00 00 00 00 00 00 00 42 00 00 00 43
03/02/2013 17:08 Ende!#6
Quote:
Originally Posted by iCraziE View Post
i tried it your way, but it seemed to make each one 4 bytes. and i would get.
That's cuz you changed the 'char' from __underScores's post to 'DWORD' ..

sizeof(DWORD) = 4, sizeof(char) = 1

Edit: In case you prefer the WinAPI-typedefs for whatever reason, you might want to use 'BYTE' instead of 'char'.
03/02/2013 17:41 iCraziE#7
no i mean when it was char, it gave me that result. I only changed it to dword after words.
03/02/2013 18:39 Ende!#8
Quote:
Originally Posted by iCraziE View Post
no i mean when it was char, it gave me that result. I only changed it to dword after words.
Seems like I misunderstood your post. I didn't read the full thread before, which I did now.

Any idea, if the assembler the original source was supposed to be assembled with, handles values without an explicit specifier as decimal or hex? In the former case, you'd have to write:

Code:
mov eax, 0x2B2A0000
instead of the
Code:
mov ecx, 0x43420000
mentioned by Jeoni (who obviously expected the latter case).