Results 1 to 2 of 2

Thread: Code Snippet Creator question

  1. #1
    Maldoror
    Guest

    Code Snippet Creator question

    Hello

    I have two questions regarding the Code Snippet Creator by Iczelion.

    Let's suppose we have a function Func1 located at(for example) VA 4091B0h in our target. We insert our snippet written in MASM32 in a new section.

    1. How to call the function at 4091B0h from the snippet?
    Here is what I do:
    The MASM32 doesn't allow just to write:

    MyProc proc
    call 4091B0h
    MyProc endp

    For that reason I use the following:
    Func1:
    ;push parameters of 4091B0h here
    push retAddr
    push 4091B0h
    ret
    retAddr:
    ret

    MyProc proc
    call Func1
    MyProc endp

    This works fine but I think this solution is not very elegant.
    So the question is:
    Is this the way to call functions in the target?

    2. If this is the way there it is still something that is not very clear to me.
    How to deal with the relocation problems that may arise with this
    push 4091B0h
    ret
    mechanism?
    Possible solutions are:
    1. Patch the target relocation table
    2. Use RVA instead of VA and calculate the real address at runtime i.e. GetModuleHandle + RVA

    What do you think?

    Regards!
    Maldoror
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17
    Hi Maldoror,

    I think the problem resides in the compiler you use, masm in this case. Infact, masm doesn't allow you to make a call with a direct address like you want to do. You have always to make a sort of indirect call using your push/ret combination or something like:
    mov eax, <address>
    call eax

    or

    address dd 4091B0h
    ...
    call address

    In this way you also should solve your relocation problem.

    There is maybe another way to solve your problem. You can try to make the call using the code segment before the address. I have tried this way sometimes with jmp instruction and it worked fine. I have not tryed calling a 'Call' (sorry) in this way but you can try to use something like:

    Call segment:address
    or
    Call dword ptr segment:address

    Hope this help you.

    ZaiRoN

Similar Threads

  1. How to use Code Snippet Creator?
    By roxaz in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: October 27th, 2009, 08:01
  2. Serial Sniffer Creator v2.0
    By Ahmed18 in forum Tools of Our Trade (TOT) Messageboard
    Replies: 9
    Last Post: September 15th, 2008, 12:00
  3. LINK: Grafting Compiled Code: The Ultimate in Code Reuse
    By Cthulhu in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: November 10th, 2007, 03:40
  4. Replies: 10
    Last Post: November 9th, 2002, 04:50
  5. Newbie-Question: How to add code with WDASM or Code Snippet Creator?
    By Nat in forum Tools of Our Trade (TOT) Messageboard
    Replies: 22
    Last Post: August 26th, 2002, 17:16

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •