开发者

Using __asm to call a function from hex offset

问答 作者:

I don't know assembly so I'm not sure how to go about this.

I have a program which is hooking into another. I have obtained the offset to where the function is located within the h开发者_如何学Cooked program's .exe

#define FuncToCall 0x00447E5D

So now how can I use __asm{} to call that function?

Well short answer is if you do not know assembly you should not be doing this, haha.

But, if you are so intent on wall hacking, I mean, modifying the operation of a legitimate program, you can't just take an address and call it good.

You need to look up the symbol (if in happy linux land) or use sig scanning ( or both D= ) to find the actual function.

Once you do that then its relatively simple, you just need to write a mov and jmp. Assuming you have access to the running process already, and your sig scanner found the right address, this bit of code will get you want you want

mov eax, 0×deadbeef
jmp eax

Now, if this function you want is a class method.. you need to do some more studying. But that bit of assembly will run whatever static function you want.

There is some mess to deal with different calling conventions too, so no commenters try and call me out on that, that is far to advanced for this question.

EDIT: By the way I do not use call because when using call you have to worry about stack frames and other very messing things. This code will jump to any address and start executing.

If you want to return to your code thats another story, but that WILL get your target function going as long as its the right calling convention, not a class method, etc etc

I think you could also cast that address to a function pointer and call it that way. That might be better.

Thanks for answers, but I figured it out. This is what I'm doing:

#define FuncToCall 0x00447E5D
DWORD myfunc = FuncToCall; 
__asm call dword ptr [myfunc];

If it works don't fix it, and by golly it works.

Here is a tricky one: You can use it with parameters and return value too. It simply forwards everything to the function you intend to call that is given by a pointer (FuncToCall) to the function.

void call_FuncToCall(.......)
{
  __asm__
  ("call label1\n label1:\n"
   "pop %eax\n"
   "movl FuncToCall, %eax\n"
   "leave\n"
   "jmp *%eax");
}

继续阅读:assemblycinline-assembly

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9