is the following possible...

Ask for Help on Using the Language With Memory Hacking Software

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

is the following possible...

Postby mezzo » Mon Dec 03, 2007 11:45 pm

can I do the following in LSS:

-> inject a DLL with
BOOL InjectDll( const CHAR * pcPath, BOOL bAutoUninject)

-> get the address of a function with GetRemoteFuncAddress

-> inject code into a code cave that *calls* the function I just got the
address for ?

For example, could I inject an ecrypting library (DLL) into the ping.exe process, have it grab the function address of a simple xor function, auto breakpoint on the ICMP echo API, run my custom breakpoint execute LSS that creates a codecave, inject code to call the XOR routine and encrypt some stuff into the 'notyetsendpacket' and finally return to the original ICMP send api call ?

In the help file, there is a bit on how to execute code from an injected DLL, but I cant find any help on how to do this from in an LSS script.
A shove into the right direction would be nice.. (or if it's not possible for some reason, that would be nice to know too).
- No thanks, I already have a penguin -
User avatar
mezzo
El Mariachi
 
Posts: 739
Joined: Mon Apr 30, 2007 10:27 pm
Location: Antwerp

Postby L. Spiro » Tue Dec 04, 2007 1:39 am

It is currently not possible to call remote functions in L. Spiro Script, though this is planned for the future.

You can use breakpoints or injection to reroute the current process, however.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby mezzo » Tue Dec 04, 2007 2:12 am

oh okay, fair enough. Somewhere my train of thought must be off.. I haven't played with the auto assembler enough to figure stuff out for myself, perhaps you could tell me where my train of thought is off ? (sorry if this is a dumb question or if I made newbie assumptions)

- it's possible to inject a dll into a running binary
- it's possible to get the address of a function of a DLL in a processes memory
- it's possible to create a codecave in a programs memory
- it's possible to auto assemble code (and put it in a codecave in a process)

shouldn't it then be possible to assemble "call *address of function*" into a codecave ? Or am I seeing this completely wrong ? I'm probably off, but in my mind this doesn't seem like calling a function from LSS, more like calling a function in a DLL that is in the process space of something that is already running ? (Codecave would make it the program itself that calls it, not the LSS)

(again, sorry if this all sounds stupid)
- No thanks, I already have a penguin -
User avatar
mezzo
El Mariachi
 
Posts: 739
Joined: Mon Apr 30, 2007 10:27 pm
Location: Antwerp

Postby L. Spiro » Tue Dec 04, 2007 12:10 pm

All of the above is possible. You just can’t call the function from L. Spiro Script.
You can call it from the Disassembler or cause the target process to call it via injection.
If your plan is simply to inject a DLL and use injection to cause the target process to call your DLL function then all will work.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan


Return to Help

Who is online

Users browsing this forum: No registered users and 0 guests

cron