ansaurus

Question

Using __asm to call a function from hex offset.

Answer 1

+1 A:

I think you could also cast that address to a function pointer and call it that way. That might be better.

Mongoose 2009-12-18 03:01:35

So like ((*void)FuncToCal)(); ?

Demon Labs 2009-12-18 03:02:15

Yes, but i think it's UB.

Andreas Bonini 2009-12-18 03:06:50

I'm not 100% on this, so I don't want to edit my post, but if you you know the function's signature (which you should) you might be able to do something like: typedef int (*pt2Function)(float, char, char); (pt2Function)((void*)FuncToCall)( 3.0, 'a', 'b' );

Mongoose 2009-12-18 03:07:48

By using a function pointer, you won't have to code in assembly.

Thomas Matthews 2009-12-18 18:29:23

Answer 2

+2 A:

Well short answer is if you do not know assembly you should not be doing this, haha.

But, if you are so intent on wall hacking, I mean, modifying the operation of a legitimate program, you can't just take an address and call it good.

You need to look up the symbol (if in happy linux land) or use sig scanning ( or both D= ) to find the actual function.

Once you do that then its relatively simple, you just need to write a mov and jmp. Assuming you have access to the running process already, and your sig scanner found the right address, this bit of code will get you want you want

mov eax, 0×deadbeef
jmp eax

Now, if this function you want is a class method.. you need to do some more studying. But that bit of assembly will run whatever static function you want.

There is some mess to deal with different calling conventions too, so no commenters try and call me out on that, that is far to advanced for this question.

EDIT: By the way I do not use call because when using call you have to worry about stack frames and other very messing things. This code will jump to any address and start executing.

If you want to return to your code thats another story, but that WILL get your target function going as long as its the right calling convention, not a class method, etc etc

Charles 2009-12-18 03:06:21

This is an excellent intro to sig scanning http://wiki.amxmodx.org/Signature_Scanning

Charles 2009-12-18 03:10:25

Answer 3

A:

Thanks for answers, but I figured it out. This is what I'm doing:

#define FuncToCall 0x00447E5D
DWORD myfunc = FuncToCall; 
__asm call dword ptr [myfunc];

If it works don't fix it, and by golly it works.

Demon Labs 2009-12-18 03:32:45

Answer 4

A:

if you dont know what are the destination function, don't think its good idea to do assembly jump since u will possibly corrupt the stack (different calling convention aren't compatible).

YeenFei 2009-12-18 07:36:31

ansaurus

tags:

views:

answers:

Using __asm to call a function from hex offset.

related questions