Highest Voted 'codecave' Questions

27

votes

9 answers

What is a code cave, and is there any legitimate use for one?

I encountered this word for the first time in the StackOverflow question "C# Theoretical: Write a JMP to a codecave in asm." I see that according to Wiktionary, a code cave is: an unused block of memory that someone, typically a software cracker,…

asked Apr 24 '09 at 18:50

Eddie

53,828
22
125
145

6

votes

2 answers

C# Theoretical: Write a JMP to a codecave in asm

Lets assume I've allocated the address where my codecave is placed using VirtualAllocEx (it returns the address) and I write my code into that address using WriteProcessMemory(). Here's the question: How do I write a jump to my codecave? I know that…

c# assembly codecave

asked Apr 24 '09 at 18:19

Ivan Prodanov

34,634
78
176
248

3

votes

1 answer

Calling a function from a remote process using injected DLL

I saw a similar, but still different question to this, so just to clarify this is not a dupe of 13428881 (Calling a function in an injected DLL). What I have at the minute: A DLL, injected into a target process, displaying a message box and…

c++ dll code-injection dll-injection codecave

asked Nov 05 '13 at 21:02

XtrmJosh

889
2
14
33

2

votes

0 answers

C# - Coding a codecave (aobinjection)

lately I've been learning how to work with injections and cheat engine to disassemble potential malware and locked programs. I am making fast progress but am stuck on one thing now. Cheat engine itself has a feature named "AOB Injection" which…

c# code-injection codecave

asked Nov 10 '21 at 20:01

Discord Programs

43
4

2

votes

2 answers

How to hook MANAGED(.NET) Processes and collect information inside that process?

I need to hook managed (C#,C++/CLI) processes, I need to find and send information about how many windows it has(its associated controls and their properties)to the target application which is written in C# managed code. For that What I need to…

.net dll hook code-injection codecave

asked Mar 13 '11 at 16:51

Usman

2,742
4
44
82

2

votes

3 answers

VirtualAlloc C++ , injected dll, asm

I want to reserve space for my codecave in application. I use VirtualAlloc function to reserve this space. I have X questions. What parameters (sllocation type and protection) should I use to allocate memory for code-cave? As return value I get…

c++ memory dll assembly codecave

asked Mar 09 '11 at 07:39

Hooch

28,817
29
102
161

2

votes

1 answer

Addresses in OllyDbg Change on Program reload

This is my first post, and I am new to assembly and debugging, so bear with me please. I was trying to inject some code (a little call to MessageBoxA) into the Windows 7 Notepad executable. However, I ran into the problem of addresses. First, I…

windows assembly x86 memory-address codecave

asked Dec 23 '16 at 15:58

DD314

59
1
5

1

vote

0 answers

How to serialize the data from hooked process for injector in C# and C++/CLI?

I am facing a strange problem while serializing the data from hooked process for injector (which injected the spy dll into some other process). I am successfully landing spy dll into other managed process. But when there I want to serialize custom…

c# c++-cli hook dll-injection codecave

asked May 09 '11 at 22:04

Usman

2,742
4
44
82

1

vote

1 answer

Why does injecting code caves with thread injection crash my target win32 EXE?

I am currently trying to inject a code cave with thread injection to a remote win32 EXE running on my win7 (x64) system. To achieve this, I am using Microsoft VB6, through which I do the following: OpenProcess, to get a handle to the remote process…

assembly vb6 shellcode createremotethread codecave

asked Mar 03 '19 at 09:41

Mike

11
2

1

vote

1 answer

Calculate 64bit jmp for code cave in c#

i cannot solve my problem. Any help appreciated. I want to create a jmp to my allocated memory. If i check my calculation with cheat engine allocated memory it is fine. Cause Cheat Engine allocates memory in a higher region. My allocated memory…

c# codecave

asked Mar 28 '17 at 12:19

Markus

11
1

1

vote

1 answer

Managed Dll Injection without C/C++ or Assembly

How to inject managed dll in remote process using VB/C# without using any C/C++ bootstrap dll or any code cave written in assembly.

c# vb.net dll-injection codecave

asked Oct 23 '15 at 15:30

Nauman Mustafa

103
2
9

1

vote

2 answers

Problem with a trainer I'm trying to create (for educational purposes)

I'm trying to create a trainer for Icy Tower 1.4 for educational purposes. I wrote a function that shorten the WriteProcessMemory function like that: void WPM(HWND hWnd,int address,byte data[]) { DWORD proc_id; GetWindowThreadProcessId(hWnd,…

c++ codecave

asked Jan 15 '10 at 22:35

Alon Gubkin

56,458
54
195
288

1

vote

0 answers

WPF code cave looping with timers

I run into a problem with a code cave code trying to do a loop using timers instead of "while". It's just writing one time a value then writes only 0 value. What i want is to write to an address every second based on timers and after reading some…

c# wpf timer codecave

asked Nov 15 '13 at 14:26

noAddiction

81
1
11

0

votes

0 answers

Inserting new code caves inside sections of windows PE malware files

I am trying to insert the new code caves inside windows malware PE files by expanding the size of existing sections. I was able to dig out the existing code caves in the file but expanding the size of existing sections to insert code caves (just the…

windows reverse-engineering portable-executable malware codecave

asked Jun 27 '22 at 14:54

Kshitiz Aryal

1
1

0

votes

1 answer

IDA patching, How to add new code, create new variable?

I have a very basic knowledge about IDA and patching. From my understanding, I can change a line of code by doing Edit -> Patch program -> Assembly. But how to I go about adding new lines of code into program? The existing variable can also be…

assembly ida codecave

asked May 17 '21 at 06:11

E spir

23
4

Questions tagged [codecave]