Injection

02/05/2015 02:35 yangc10#1

Not sure if this is what you call - injection opcode/asm code. Does anybody know how to replace

Code:

mov eax,[esi+00005560]

with

Code:

mov eax,[esi+00005560]
mov [esi+00005560],000270f

temporary while the process is running?

02/05/2015 20:23 alpines#2

Sure, allocate new space in the RAM for the program.
Replace your line with a jump to that new spot.
Execute the command which was replaces with the jump, execute the function you want to execute and finally jump back to the old position + 1.

That's called Detouring, Hooking. I think AutoIt even has an UDF for that but it's much easier in other languages I guess.

02/05/2015 22:19 yangc10#3

do you know of any example for other language?

02/05/2015 23:49 alpines#4

MS Detours for example provides a solid library to detour functions to execute commands at your will. Simply search for some tutorials, you can find some here too.

02/06/2015 16:31 Shadow992#5

Take a look at this udf:
[Only registered and activated users can see links. Click Here To Register...]

02/07/2015 08:55 yangc10#6

Liked that but tut isn't english...

02/07/2015 15:44 Shadow992#7

Quote:

Originally Posted by yangc10

Liked that but tut isn't english...

You should be able tounderstand UDF by having a look at the udf itself and the example script.