![[Tutorial] How to inject code into an EXE Uyeols10](https://2img.net/r/ihimizer/img697/561/uyeols10.gif)
Giriş yap
En iyi yollayıcılar
| Hello EMO |
| |||
| EMO |
| |||
| eMoStyLe |
| |||
| BesimBICER |
| |||
| GameKinG |
| |||
| Crysis |
| |||
| ~>!.DεvιLρяιεsт.!<~ |
| |||
| MeTaL |
| |||
| TrueCrime |
| |||
| djhayal3t |
|
![[Tutorial] How to inject code into an EXE I_vote_lcap](https://2img.net/s/t/16/52/15/i_vote_lcap.png){kind=small}
![[Tutorial] How to inject code into an EXE I_voting_bar](https://2img.net/s/t/16/52/15/i_voting_bar.png){kind=small}
![[Tutorial] How to inject code into an EXE I_vote_rcap](https://2img.net/s/t/16/52/15/i_vote_rcap.png){kind=small}
Istatistikler
Toplam 203 kayıtlı kullanıcımız varSon kaydolan kullanıcımız: crayzboy76
Kullanıcılarımız toplam 1186 mesaj attılar bunda 862 konu
Arama
akısı
Sosyal yer imi
Sosyal bookmarking sitesinde Emo, Emo nedir, Emo resimleri, Emo Kıyafetleri, Emo Sözleri, Emo Oyunları, EmoTurkey, Emo Nickler, Emo Avatarları, Punk, Punk Resimleri, Punk Avatarları, Rock, Rock Resimleri, Rock Avatarları, Msn Nickleri, Msn Avatarları, Müzik adresi saklayın ve paylaşın
Sosyal bookmarking sitesinde EMO Style ForumPro - Hos Geldiniz adresi saklayın ve paylaşın
Kimler hatta?
Toplam 7 kullanıcı online :: 0 Kayıtlı, 0 Gizli ve 7 Misafir :: 1 Arama motorlarıYok
Sitede bugüne kadar en çok 217 kişi C.tesi Tem. 29, 2017 1:46 am tarihinde online oldu.
En son konular
Reklam
[Tutorial] How to inject code into an EXE
1 sayfadaki 1 sayfası
![[Tutorial] How to inject code into an EXE Empty](https://2img.net/i/empty.gif)
[Tutorial] How to inject code into an EXE
tarafından Hello EMO Perş. Mart 10, 2011 3:39 am
[QUOTE=Atari.2600;24143]
Title: How to inject code into a exe file
Autor: Iman Karim
*** THIS TUTORIAL IS ONLY FOR EDUCATIONAL PURPOSES!***
(english mistakes are default
)
-Requirements-
At first we need a debugger. I prefer OLLYDBG(the best debugger on earth)
At twice we need a target application to inject our code.
I will take the windows NOTEPAD.EXE .
Make a copy if this EXE in a new folder named CodeInjectTest.
Thats all
-Getting started-
Our goal is to inject some code into the Notepad.EXE .
In our case we'll inject a simple MessageBox at Notepads start.
Start up Notepad now and validize that Notepad is the original one.
![[Tutorial] How to inject code into an EXE Notepad](https://2img.net/h/home.inf.fh-rhein-sieg.de/%7Eikarim2s/how2injectcode/img/notepad.gif)
[My Notepad screenshot]
If you're sure now that's the original Notepad open the Notepad.exe with Olly.
Yuppi! If you're ready you get this window:
[URL="http://home.inf.fh-rhein-sieg.de/%7Eikarim2s/how2injectcode/img/olly1.gif"]![[Tutorial] How to inject code into an EXE Olly1s](https://2img.net/h/home.inf.fh-rhein-sieg.de/%7Eikarim2s/how2injectcode/img/olly1s.gif)
[/URL]
[click to enlarge]
Because we're going to inject some code we've to have some space to inject it.
In a EXE file are a lot of CodeCaves were nothing is done (DB 00).
So lets scroll the CPU window a little bit down until you find a CodeCave(look below).
![[Tutorial] How to inject code into an EXE Cave](https://2img.net/h/home.inf.fh-rhein-sieg.de/%7Eikarim2s/how2injectcode/img/cave.gif)
[CodeCaves]
Do you see the red box I've drawn for you? THIS is a CodeCave!
Here we can inject some custom code without interfering the programs flow.
If you know the API call for a MessageBox you don't need to
read this lines.
***** START QUOTE FROM THE WIN32 PROGRAMMERS REFERENCE The MessageBox function creates, displays, and operates a message box.
The message box contains an application-defined message and title,
plus any combination of predefined icons and push buttons.
int MessageBox(
HWND hWnd, // handle of owner window
LPCTSTR lpText, // address of text in message box
LPCTSTR lpCaption, // address of title of message box
UINT uType // style of message box
);
***** END QUOTE FROM THE WIN32 PROGRAMMERS REFERENCE
This is all you need to know about the MessageBox.
Now its time to do something with the CodeCaves.
At first to use the MessageBox we need to create some text for output it on the
MessageBox. In the following picture I've selected some lines of the CodeCaves and
highlighted the BinaryEdit menu for you.
![[Tutorial] How to inject code into an EXE Editcave](https://2img.net/h/home.inf.fh-rhein-sieg.de/%7Eikarim2s/how2injectcode/img/editcave.gif)
If you pressed on Binary=>Edit or (CTRL+E) you will see following window.
Just fill it out like me if you want.
![[Tutorial] How to inject code into an EXE Binaryedit1](https://2img.net/h/home.inf.fh-rhein-sieg.de/%7Eikarim2s/how2injectcode/img/binaryedit1.gif)
Press OK and you'll see the modified code in red:
![[Tutorial] How to inject code into an EXE Modcode](https://2img.net/h/home.inf.fh-rhein-sieg.de/%7Eikarim2s/how2injectcode/img/modcode.gif)
Press now CTRL+A to reanalyze the code.
![[Tutorial] How to inject code into an EXE Reanalyzed](https://2img.net/h/home.inf.fh-rhein-sieg.de/%7Eikarim2s/how2injectcode/img/reanalyzed.gif)
OK! If you want to have a different MessageBox Caption than the title you can repeat this
step to make a second ASCII like the "INJECTED NOTEPAD".
-Some ASM-
Now its time for some ASM
We need to invoke a MessageBox from ASM. This is quite simple!
PUSH 0 ; BUTTONS =
PUSH 1008751 ; CAPTION = Our adress of the "INJECTED NOTEPAD"
PUSH 1008751 ; MESSAGE = Same like above.
PUSH 0 ; ICON =
CALL MessageBoxA; Run MessageBoxA with the Params above.This few lines entered in Olly should look like this:
![[Tutorial] How to inject code into an EXE Invoked](https://2img.net/h/home.inf.fh-rhein-sieg.de/%7Eikarim2s/how2injectcode/img/invoked.gif)
Do you see the arrow?! THIS IS NOW A VERY IMPORTANT STEP!
If we save it now and run it you will NOT see any effect. Why?
Because our litte routine is not called yet!
You need to write down the Offset of your first "PUSH 0" because we
need to make a jump from the programs origin to here and back again
If you noted the offset of the first PUSH down, goto the origin of the program like below.
![[Tutorial] How to inject code into an EXE Origin_goto](https://2img.net/h/home.inf.fh-rhein-sieg.de/%7Eikarim2s/how2injectcode/img/origin_goto.gif)
Now you're at the FIRST line of code which will be executed.
Do you remember that the first thing we wanted to do is to run our code?
Yehaa! We're on the right way!
Select now from the origin some lines and copy it into the Clipboard.
![[Tutorial] How to inject code into an EXE Copylines](https://2img.net/h/home.inf.fh-rhein-sieg.de/%7Eikarim2s/how2injectcode/img/copylines.gif)
Paste the clipboard into a texteditor and leave them there. We need this lines later.
If you have pasted it go to the first line of the program.
(In the picture upper it's the PUSH 70).
Double click on it and enter in the box "JMP
![[Tutorial] How to inject code into an EXE Origin_edit](https://2img.net/h/home.inf.fh-rhein-sieg.de/%7Eikarim2s/how2injectcode/img/origin_edit.gif)
Press on Assemble and you will the the again the red marked(patched) code.
![[Tutorial] How to inject code into an EXE Edited_origin](https://2img.net/h/home.inf.fh-rhein-sieg.de/%7Eikarim2s/how2injectcode/img/edited_origin.gif)
Look to the redbox! This is the address we need to jump to after our injected code.
If we jump here after the injection the program will execute like without our injection
But there is one thing we need to do at least!
Compare the "new" origin with the old one you've pasted into a clipboard.
You will see that there are a few lines overwritten! But this lines are needed to run
the programm without errors. Identify the lines which get overwritten.
In my case the overwritten lines are:
PUSH 70
PUSH NOTEPAD.01001898 Click on the first line (our JMP) and press ENTER.
You'll dropped to your MessageBox invokation!
After our CALL MessageBoxA we need to insert now the overwritten lines AND the jump back!
![[Tutorial] How to inject code into an EXE Lastfix](https://2img.net/h/home.inf.fh-rhein-sieg.de/%7Eikarim2s/how2injectcode/img/lastfix.gif)
NOW you're done!
(If you want to test the "JumpBack"-Jump just select it and press ENTER.
If you get to the right line you can be sure that's ok! If not check Offset!)
To save the "new" Notepad take a look the the following picture:
![[Tutorial] How to inject code into an EXE Save](https://2img.net/h/home.inf.fh-rhein-sieg.de/%7Eikarim2s/how2injectcode/img/save.gif)
If you press on "All modifications" a new little window will be shown.
Press on "Copy All" on this window.
A new window with the new ASM code will be shown.
Close the new window (THE CHILD WINDOW! NOT OLLY DBG WINDOW!).
Then a save dialog let you choose a new filename.
Save the file and run it. If you're successful you will get this result:
![[Tutorial] How to inject code into an EXE Done](https://2img.net/h/home.inf.fh-rhein-sieg.de/%7Eikarim2s/how2injectcode/img/done.gif)
Press on OK and Notepad will start normally
Regards,
Atari.2600
[/QUOTE]Autor: Iman Karim
*** THIS TUTORIAL IS ONLY FOR EDUCATIONAL PURPOSES!***
(english mistakes are default
)-Requirements-
At first we need a debugger. I prefer OLLYDBG(the best debugger on earth
)At twice we need a target application to inject our code.
I will take the windows NOTEPAD.EXE .
Make a copy if this EXE in a new folder named CodeInjectTest.
Thats all
-Getting started-
Our goal is to inject some code into the Notepad.EXE .
In our case we'll inject a simple MessageBox at Notepads start.
Start up Notepad now and validize that Notepad is the original one.
[My Notepad screenshot]
If you're sure now that's the original Notepad open the Notepad.exe with Olly.
Yuppi! If you're ready you get this window:
[URL="http://home.inf.fh-rhein-sieg.de/%7Eikarim2s/how2injectcode/img/olly1.gif"]
[/URL] [click to enlarge]
Because we're going to inject some code we've to have some space to inject it.
In a EXE file are a lot of CodeCaves were nothing is done (DB 00).
So lets scroll the CPU window a little bit down until you find a CodeCave(look below).
[CodeCaves]
Do you see the red box I've drawn for you?
THIS is a CodeCave!Here we can inject some custom code without interfering the programs flow.
If you know the API call for a MessageBox you don't need to
read this lines.
***** START QUOTE FROM THE WIN32 PROGRAMMERS REFERENCE The MessageBox function creates, displays, and operates a message box.
The message box contains an application-defined message and title,
plus any combination of predefined icons and push buttons.
int MessageBox(
HWND hWnd, // handle of owner window
LPCTSTR lpText, // address of text in message box
LPCTSTR lpCaption, // address of title of message box
UINT uType // style of message box
);
***** END QUOTE FROM THE WIN32 PROGRAMMERS REFERENCE
This is all you need to know about the MessageBox.
Now its time to do something with the CodeCaves.
At first to use the MessageBox we need to create some text for output it on the
MessageBox. In the following picture I've selected some lines of the CodeCaves and
highlighted the BinaryEdit menu for you.
If you pressed on Binary=>Edit or (CTRL+E) you will see following window.
Just fill it out like me if you want.
Press OK and you'll see the modified code in red:
Press now CTRL+A to reanalyze the code.
OK! If you want to have a different MessageBox Caption than the title you can repeat this
step to make a second ASCII like the "INJECTED NOTEPAD".
-Some ASM-
Now its time for some ASM
We need to invoke a MessageBox from ASM. This is quite simple!
PUSH 0 ; BUTTONS =
PUSH 1008751 ; CAPTION = Our adress of the "INJECTED NOTEPAD"
PUSH 1008751 ; MESSAGE = Same like above.
PUSH 0 ; ICON =
CALL MessageBoxA; Run MessageBoxA with the Params above.This few lines entered in Olly should look like this:
Do you see the arrow?! THIS IS NOW A VERY IMPORTANT STEP!
If we save it now and run it you will NOT see any effect. Why?
Because our litte routine is not called yet!
You need to write down the Offset of your first "PUSH 0" because we
need to make a jump from the programs origin to here and back again
If you noted the offset of the first PUSH down, goto the origin of the program like below.
Now you're at the FIRST line of code which will be executed.
Do you remember that the first thing we wanted to do is to run our code?
Yehaa! We're on the right way!
Select now from the origin some lines and copy it into the Clipboard.
Paste the clipboard into a texteditor and leave them there. We need this lines later.
If you have pasted it go to the first line of the program.
(In the picture upper it's the PUSH 70).
Double click on it and enter in the box "JMP
Press on Assemble and you will the the again the red marked(patched) code.
Look to the redbox! This is the address we need to jump to after our injected code.
If we jump here after the injection the program will execute like without our injection
But there is one thing we need to do at least!
Compare the "new" origin with the old one you've pasted into a clipboard.
You will see that there are a few lines overwritten! But this lines are needed to run
the programm without errors. Identify the lines which get overwritten.
In my case the overwritten lines are:
PUSH 70
PUSH NOTEPAD.01001898 Click on the first line (our JMP) and press ENTER.
You'll dropped to your MessageBox invokation!
After our CALL MessageBoxA we need to insert now the overwritten lines AND the jump back!
NOW you're done!
(If you want to test the "JumpBack"-Jump just select it and press ENTER.
If you get to the right line you can be sure that's ok! If not check Offset!)
To save the "new" Notepad take a look the the following picture:
If you press on "All modifications" a new little window will be shown.
Press on "Copy All" on this window.
A new window with the new ASM code will be shown.
Close the new window (THE CHILD WINDOW! NOT OLLY DBG WINDOW!).
Then a save dialog let you choose a new filename.
Save the file and run it. If you're successful you will get this result:
Press on OK and Notepad will start normally
Regards,
Atari.2600
Hello EMO- EMO Team
- Cinsiyet :
Burçlar :
Mesaj Sayısı : 935
Puan : 373993
Rep Puanı : 18
Doğum tarihi : 28/11/89
Kayıt tarihi : 21/07/09
Yaş : 34
Nerden : EMO WorlD
İş/Hobiler : RCE Student / Game Hacking / Learn Beginner C#,C++,Delphi
Lakap : EMO -
Similar topics» C++ AutoActualizar Address [Tutorial] Incl Source Code
» [C++] Anti dll inject
» Inject Into a Running Process
» [REQUEST] DLL Auto-Inject Source
» Wolfteam code's
» [C++] Anti dll inject
» Inject Into a Running Process
» [REQUEST] DLL Auto-Inject Source
» Wolfteam code's
1 sayfadaki 1 sayfası
Bu forumun müsaadesi var:
Bu forumdaki mesajlara cevap veremezsiniz
» goldenchase.net maden yaparak para kazanma
» etichal hacker görsel egitim seti
» KO TBL Source C#
» x86 Registers
» [Tutorial] Pegando Address, Pointers de WYD
» [Tutorial] Pegando Address, Pointers de CS Metodo²
» [Tutorial] Aprendendo basico deASM OLLYDBG
» Basic C# DLL injector