1

I want to hook a game function and inject my code in it's cave code, but when I try to send the value of my variables with the addresses I want to jump and return, it mess it up.

Example:

DWORD returnAddress = 0x12345678; //the static address in game that I have to return after my function

_declspec(naked) void asmfunc()
{
    __asm
    {
      ...
      jmp returnAddress //I already tried [returnAddress] with same result
    }
}

As you know, it sends the address of returnAddress in my process to the jmp instruction that will be converted in the target process address whose value has, obviously, nothing to do with mine. I want to do a jmp to the game address 0x12345678 but if I do jmp 0x12345678 the compiler accuses syntax error.

Of course it works fine with dll injection, but I want to do it with simple code injection. Is there a way to achieve it?

Ðаn
  • 10,934
  • 11
  • 59
  • 95
Eduardo M
  • 229
  • 5
  • 14
  • Pro tip: don't write inline ASM in C++ programs, *at all*. – Jesper Juhl Feb 17 '20 at 17:52
  • 1
    @JesperJuhl so what's the best approach to inject assembly code in a target process in your opinion? – Eduardo M Feb 17 '20 at 17:56
  • 1
    Tried `jmp dword ptr [returnAddress]`? – user253751 Feb 17 '20 at 18:05
  • @user253751 yeah, same behavior. – Eduardo M Feb 17 '20 at 18:11
  • 1
    Can someone explain me why the question was downvoted? – Eduardo M Feb 17 '20 at 18:16
  • 1
    @EduardoM "so what's the best approach to inject assembly code in a target process in your opinion?" - finding a way to avoid having to do it in the first place. – Jesper Juhl Feb 17 '20 at 18:26
  • 1
    Oh wait, I see now. You don't even *have* the variable `returnAddress` in the target process, so you can't read that. You have to put the actual number in the assembly code. I suggest you stop trying to use C for this. Learn basic assembly and machine code and build your own jump instruction. – user253751 Feb 17 '20 at 18:30
  • @user253751 Yeah, that's why it works only via dll injection. My workaround was to inject the raw shellcode in the process, but I thought there was a more elegant way to do it. Seems like this is a VS compiler limitation. – Eduardo M Feb 17 '20 at 18:40
  • Use immediate values that are part of the machine code you inject – Peter Cordes Feb 17 '20 at 23:59
  • @EduardoM I think it's just a limitation of how assemblers work. They aren't designed to make code that changes itself at runtime. – user253751 Feb 18 '20 at 10:51

0 Answers0