[Help] ASM "db" to C++

iCraziE · 03/01/2013, 14:05

I am having a little trouble converting my asm script into C++ for dll injection.

Here is the ASM code.

Code:

mov ecx,[Value]
mov [eax+08],ecx
mov edx, [eax+04]
jmp return

Value:
db 00 00 42 43

Now in C++ i have it written like this..

Code:

	{ 
		__asm
		{
			mov ecx,[Value]
			mov [eax+0x08],ecx
			mov edx,[eax+0x04]
			jmp [Return]
                       
                        Value:
                        db 00 00 42 43
		}
	}

but it tells me that "db" is not recognized. I did some research and I found that C++ inline asm can't recognize some operands such as "db".

But how do I go around this. I also tried using this.

Code:

#define Value __asm _emit 0x00 __asm _emit 0x00 __asm _emit 0x42 __asm _emit 0x43

But that results in a crash on the target process.

If anyone has an alternative solution, or some way I could directly write the bytes at a codecave that would be great.

Jeoni · 03/01/2013, 16:59

Code:

		__asm
		{
			mov ecx, 0x43420000
			mov [eax+0x08],ecx
			mov edx,[eax+0x04]
			jmp [Return]
		}

I hope that's it

With best regards
Jeoni

iCraziE · 03/01/2013, 18:58

Thanks, but no that is not it.

Still resulted in a crash.

Raz9r · 03/01/2013, 18:58

Inline Assembly is kinda limited:
You may do something like

Code:

char value[4] = { 0x00, 0x00, 0x42, 0x43 };

and then refer to that using inline assembly.

Another way to do this is using the _emit keyword together with LEA (load effective address), which is supported by inline assembly using __asm.

For further information:

iCraziE · 03/02/2013, 12:38

It worked out for me, with some minor moderations.

I had to declare it as

Code:

DWORD Value[] = { 42, 43 }

and the reference had to be

Code:

mov ecx,([Value] - 8)

For some reason the data it filled at the address was 3000 but if i went back 8 bytes, I could see the code i wanted, 00 00 42 43

i tried it your way, but it seemed to make each one 4 bytes. and i would get.

Code:

00 00 00 00 00 00 00 00 00 00 00 42 00 00 00 43

Ende! · 03/02/2013, 17:08

Quote:

Originally Posted by iCraziE

i tried it your way, but it seemed to make each one 4 bytes. and i would get.

That's cuz you changed the 'char' from __underScores's post to 'DWORD' ..

sizeof(DWORD) = 4, sizeof(char) = 1

Edit: In case you prefer the WinAPI-typedefs for whatever reason, you might want to use 'BYTE' instead of 'char'.

iCraziE · 03/02/2013, 17:41

no i mean when it was char, it gave me that result. I only changed it to dword after words.

Ende! · 03/02/2013, 18:39

Quote:

Originally Posted by iCraziE

no i mean when it was char, it gave me that result. I only changed it to dword after words.

Seems like I misunderstood your post. I didn't read the full thread before, which I did now.

Any idea, if the assembler the original source was supposed to be assembled with, handles values without an explicit specifier as decimal or hex? In the former case, you'd have to write:

Code:

mov eax, 0x2B2A0000

instead of the

Code:

mov ecx, 0x43420000

mentioned by Jeoni (who obviously expected the latter case).