THIS HACK NOT WORK !!!

[Yu-Haxx..]

THIS HACK NOT WORK:
it's give crash!

Code:

#INCLUDE ETC...
 DWORD execute(DWORD HERE )
{
	__asm
	{
push command
push 0x00
call dword ptr ds:[HERE]
	}
}
DWORD WINAPI Watek( LPVOID )
{
/////////
	while(1)
	{
              DWORD HERE = 0x0055011;
			 execute(HERE);	
			 Sleep(300);
	}
        return 1;
}
int  DllMain(_In_ void * _HDllHandle, _In_ unsigned _Reason, _In_opt_ void * _Reserved)
{
        if(DLL_PROCESS_ATTACH== _Reason)
        {
              CreateThread(NULL, NULL, Watek, NULL, NULL, NULL);
        }
 
        return 1;
}

/////
BUT THIS ONE WORK

Code:

#INCLUDE ETC...
 DWORD execute()
{
	__asm
	{
push command
push 0x00
call dword ptr ds:[0x0055011]
	}
}
DWORD WINAPI Watek( LPVOID )
{
/////////
	while(1)
	{
 
			 execute();	
			 Sleep(300);
	}
        return 1;
}
int  DllMain(_In_ void * _HDllHandle, _In_ unsigned _Reason, _In_opt_ void * _Reserved)
{
        if(DLL_PROCESS_ATTACH== _Reason)
        {
              CreateThread(NULL, NULL, Watek, NULL, NULL, NULL);
        }
 
        return 1;
}

WHY ?

[Jeoni]

To understand that, you have to understand what exactly you're doing in your assembler part of the code. First, let us take a look at what does not work:

Code:

call dword ptr ds:[0x0055011]

Here you're dereferencing the address 0x00055011 and call to whatever value you get from that. Now, let's take a look at the "working" code:

Code:

call dword ptr ds:[HERE]

Here you're dereferencing your local variable "HERE" (which will assemble to esp or ebp relative addressing) and call to whatever value you get from that. Because you always choose "HERE" to be 0x00055011, you'll always call the code at 0x00055011, which seems to be what you want (regarding that this works).
You can use this code if you want it working without having to pass a constant to the function:

Code:

__asm
{
push command
push 0x00
mov eax, 0x00055011
call eax
}

Or, to avoid using inline assembler since it's just not necessary here, something like that:

Code:

reinterpret_cast<void(__stdcall*)(int, int)>(0x00055011)(command, 0);

With best regards
Jeoni

[vaynz]

Quote:

Originally Posted by Jeoni

Or, to avoid using inline assembler since it's just not necessary here, something like that:

Code:

reinterpret_cast<void(__stdcall*)(int, int)>(0x00055011)(command, 0);

With best regards
Jeoni

Wrong parameter sequence, hehe.

@OP:
Dereferencing a parameter will yield its value because, internally, a parameter is nothing more than a pointer on the stack (or registers). I think you want the value of the value of the parameter, which points to a pointer.

[Devsome]

#closed user is banned. @ just write a private message to the user and ask for Skype.