I wanted to log them straight out i mean like in row not as separated like my log functions does it, but if that is impossible then its ok for me.
nah1337
Posts
-
Hello i hooked readprocessmemory and have some problems logging its lpBuffer -
Hello i hooked readprocessmemory and have some problems logging its lpBufferHi, it did not make any difference the log is still same: Here is the output lpBuffer: 4d lpBuffer: 5a lpBuffer: 90 lpBuffer: 0 lpBuffer: 3 lpBuffer: 0 lpBuffer: 0 lpBuffer: 0 lpBuffer: 4 lpBuffer: 0 lpBuffer: 0 lpBuffer: 0
-
Hello i hooked readprocessmemory and have some problems logging its lpBufferHi, the problem is that the bytes what i get logged are disordered and not in proper row and somehow they are even splited. I used apimonitorig software and monitored readprocessmemory and sawed that it holds byte rows for sure this was the output from apimonitorig software : lpBuffer 0x014D0020: {4D 5A 90 00 03 00 00 00 04 00 00 00 This is my hooked readprocessmemory where i am trying to log the lpBuffer what is holding byte rows.
BOOL (__stdcall* pReadProcessMemory)(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);
BOOL __stdcall hookedReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead)
{bool returning = pReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead); char\* mybytes = (char\*)lpBuffer; for (int i = 0; i < nSize; i++) Log( "lpBuffer: %x \\n", mybytes\[i\]); return returning;
}
And the log output is like this:
lpBuffer: 4d lpBuffer: 5a lpBuffer: ffffff90 lpBuffer: 0 lpBuffer: 3 lpBuffer: 0 lpBuffer: 0 lpBuffer: 0 lpBuffer: 4 lpBuffer: 0 lpBuffer: 0 lpBuffer: 0 lpBuffer: ffffffff lpBuffer: ffffffff lpBuffer: 0 lpBuffer: 0 lpBuffer: ffffffb8
Please help what i am doing wrong im out of ideas
-
hello how to make a injector that reinjects everytime the dll if specified process reloads and changes hes pidwell everything works fine i mean the dll injector works fine if i inject the dll only once but if i use if statement to check if pid == pid it will crash injector ... mybe im checking wrongly if the process is running ...
-
hello how to make a injector that reinjects everytime the dll if specified process reloads and changes hes pidHi, ive searched this forum and google and found many tutorials and dll injector sources but i want to modifie injector to reinject everytime when a specified process reloads itself and changes hes process id. I tryed for checking the process id like this if(Pid==Pid) { hModule = OpenProcess( PROCESS_ALL_ACCESS, true, Pid ); InjectDll(hModule, DLL_Name); return 0; } But it alwyas crashes the injector ....
-
Hello calling function between two different processesWell i looked a solution to call function from a process that is complitly different from another process so i readed about Interprocess Communication. Now i have only seen some data moving data copying and some text show up tutorials but there is nothing about how to call a function from another process can anyone point me somewhere...?
-
hello question about Interprocess Communication how to call functions between 2 different processWell i looked a solution to call function from a process that is complitly different from another process so i readed about Interprocess Communication. Now i have only seen some data moving data copying and some text show up tutorials but there is nothing about how to call a function from another process can anyone point me somewhere...?
-
Still problem with a class and functionwow now i can compile it thnx for your help, i hadnt tryed it and this shows my knowledge of c++ is still weak much to learn.
-
Still problem with a class and functionNo i want to hook the function and return the crypto char in the class.
-
Still problem with a class and functionbecause the function that i dissasembled does have void * pointer and it is also __thiscall Here is how the dissasembled func looks like:
void *__thiscall sub_402355(void *this)
{
void *v1; // ebx@1
signed int v2; // edi@1
void *v3; // esi@1v3 = this;
*(_BYTE *)this = 0;
v2 = 0;
v1 = this;
do
{
sub_401462(*((_BYTE *)v3 + v2++ + 188), v1);
v1 = (char *)v1 + 2;
}
while ( v2 < 16 );
return v3;
} -
Still problem with a class and functionHi im trying to return char with the function but it gives error, anhy help
struct random_class {
char \*crypto\_buf; void \_\_thiscall classfunction (void \*pParam);
};
random_class* pParam;void (__thiscall* classfunction)(void *pParam );
void __thiscall myclassfunction(void *pParam )
{
classfunction(pParam->crypto_buf);
}error C2227: left of '->crypto_buf' must point to class/struct/union/generic type 1> type is 'void *'
-
Some help needed with class and this pointerYeah was mine mistake it should look like this:
struct random_class {
char \*crypto\_buf; void \_\_thiscall classfunction (void \*pParam);
};
random_class* pParam;void (__thiscall* classfunction)(void *pParam );
void __thiscall myclassfunction(void *pParam )
{
classfunction(pParam->crypto_buf);
}error C2227: left of '->crypto_buf' must point to class/struct/union/generic type 1> type is 'void *'
-
Some help needed with class and this pointerHello , why i cant return the char* something using the class like that.
struct random_class {
char \*something; void \_\_thiscall classfunction (void \*pParam);
};
random_class* pParam;void (__thiscall* classfunction)(void *pParam );
void __thiscall myclassfunction(void *pParam )
{
classfunction(pParam->something);
}error C2227: left of '->crypto_buf' must point to class/struct/union/generic type 1> type is 'void *'
-
Hello how should i use the this pointer if it is a function param as void *thisIm trying to return the char using the thispointer.
-
Hello how should i use the this pointer if it is a function param as void *thisWell the reversed class looks something like it:
struct random_class {
char \*something; void \_\_thiscall classfunction (void \*this);
};
So i wanna hook it like this
void (__thiscall* classfunction)(void *this );
void __thiscall myclassfunction(void *this )
{
return classfunction(this->something);
}But i get 8 errors it says syntax error : missing ';' before 'this' Did i use it correctly or wrongly i didnt find on google any function that uses param as void*this???
-
question hooking virtual table / class functionsNo, no i mean sub_4594F5() is the function that has virtualtable inside it, so i hooked it with micorsoft detours and inside sub_4594F5()i want to do vtable hooking like that
int dword_4B006C; dword_4B006C = (unsigned int)testmy_sub_438213 ^ 0xD6C45DD7;
But function sub_438213 wont get hooked and that function is second function from the vtable -
question hooking virtual table / class functionsHello community, ive got a problem i hooked a function that has virtual table inside it and calls other functions: Decompailed with hex rayz :
signed int __cdecl sub_4594F5() { signed int result; // eax@1 result = -691773993; dword_4B0068 = (unsigned int)sub_40511C ^ 0xD6C45DD7; // i suppouse 0 dword_4B006C = (unsigned int)sub_438213 ^ 0xD6C45DD7; // 1 dword_4B0070 = (unsigned int)sub_424041 ^ 0xD6C45DD7; // 2 dword_4B0074 = (unsigned int)sub_42A4FC ^ 0xD6C45DD7; // 3 dword_4B0078 = (unsigned int)sub_410B73 ^ 0xD6C45DD7; // 4 dword_4B02F8 = (unsigned int)((char *)sub_416A34 + 4) ^ 0xD6C45DD7; // 5 // the function list goes alot more on there like this around 50-60 funcs or more... return result; }
This is second function from the virtual table that i want to hookint (__cdecl* pointermy_sub_438213)(int, int, int, int); int __cdecl testmy_sub_438213(int a, int b, int c, int d) { return pointermy_sub_438213(a, b, c, d); }
This is the hooked vtable func i used ms detours to hook it :int (__cdecl* pPBVTBLsub_4594F5)(); int __cdecl myPBVTBLsub_4594F5() { int dword_4B006C; dword_4B006C = (unsigned int)testmy_sub_438213 ^ 0xD6C45DD7; return pPBVTBLsub_4594F5(); }
So in shortly the testmy_sub_438213 wont get hooked, so anyone knows what im doing wrong or mybe my aproach is false and this way cant be done vtable hooking any input is really welcome. -
How to return the original page protection flagsHello Well what i want to do is restore original page protection flags, searching on google i readed that virtualquery and virtualqueryeax are used to do this but no detailed info or example could anyone point me somewhere or post a sample with some random address will really apriciate it thnx
-
Hello question about visual studio 2008, that wont even build a empty dll project correctlyWell i got installed visual studio 6.0 and with that i can creat a dynamic dll, i have all there librarys and include fails. So i added all the include fails and librarys to visual studio 2008 and that ____ still wont build even standard dll fail correctly gives some linking errors instead.... Note that thous librarys are from windows xp sdk and some others they should work on bouth compailer i belive... :\Program Files\Microsoft Visual Studio 9.0\VC\include\utility(81) : warning C4346: '_It::iterator_category' : dependent name is not a type 1> prefix with 'typename' to indicate a type 1> C:\Program Files\Microsoft Visual Studio 9.0\VC\include\utility(84) : see reference to class template instantiation 'std::iterator_traits<_It>' being compiled 1>C:\Program Files\Microsoft Visual Studio 9.0\VC\include\utility(81) : error C2146: syntax error : missing ';' before identifier 'iterator_category' 1>C:\Program Files\Microsoft Visual Studio 9.0\VC\include\utility(81) : error C4430: missing type specifier - int assumed. Note: C++ does not support default-int 1>C:\Program Files\Microsoft Visual Studio 9.0\VC\include\utility(82) : warning C4346: '_It::value_type' : dependent name is not a type 1> prefix with 'typename' to indicate a type 1>C:\Program Files\Microsoft Visual Studio 9.0\VC\include\utility(82) : error C2146: syntax error : missing ';' before identifier 'value_type' 1>C:\Program Files\Microsoft Visual Studio 9.0\VC\include\utility(82) : error C4430: missing type specifier - int assumed. Note: C++ does not support default-int 1>C:\Program Files\Microsoft Visual Studio 9.0\VC\include\utility(83) : warning C4346: '_It::distance_type' : dependent name is not a type 1> prefix with 'typename' to indicate a type 1>C:\Program Files\Microsoft Visual Studio 9.0\VC\include\utility(83) : error C2146: syntax error : missing ';' before identifier 'distance_type' 1>C:\Program Files\Microsoft Visual Studio 9.0\VC\include\utility(83) : error C4430: missing type specifier - int assumed. Note: C++ does not support default-int 1>C:\Program Files\Microsoft Visual Studio 9.0\VC\include\utility(224) : warning C4348: 'std::istreambuf_iterator' : redefinition of default parameter : parameter 2 1> C:\Program Files\Microsoft Visual Studio 9.0\VC\include\utility(226) : see declaration of 'std::istreambuf_iterator' 1>C:\Program Files\Microsoft Visual Studio 9.0\VC\include\utility(226) : warning C4346: '_Tr::off_type' : dependent n
-
patching operation code known as opcodesthnx very informative il start following you tips, thnx much !!!