By ro0ted | April 1, 2015 - 01:38 | Posted in /b/ | 6 Comments
#ro0ted #OpNewblood What the blackhats don’t want you to know: ASM Injecting Part 2

This is a part 2 of codecaves. In the last tutorial I showed you a partial tutorial on how to inject code but I also let you complete the tutorial but now I will finished it to see if you learned anything. – https://twitter.com/ro0ted/

 

Load any .exe in Ollydbg:
I’m using Notepad++ for this

2

Look for a codecave
DB:OO
2

Highlight the codecave and edit the binary:

2

Put whatever you want:

2

It should look like this:

2

Only focus on the red text.
Right click select Analysis: Analyze Code:

2

Now it looks like this:

2

Now right under it click click assemble as we need to create a message box.
This is the format:

PUSH 0                 ; BUTTONS = <OK ONLY>
PUSH 1008751      ; CAPTION  = Our address of the binary we edited.
PUSH 1008751      ; MESSAGE  = Same like above.
PUSH 0                 ; ICON        = <NO ICON>
CALL MessageBoxA; Run MessageBoxA with the Params above.

So one by one:

2

2

2

2

Now it looks like this:

2

This is our offset:

2

Your first Push 0 is your offset right it down.
Now right click>Go to> Origin:

2

Now we are at the beginning of where the code executes:

2

Now since under CALL the JMP; jumps to Push 0x14 so we click assemble and change it to our offset so JMP 012E641E. Now press play:

2

That’s about it. Easy !

 

ro0ted

 


 

 

Check out my tutorials in my series…. “What the Blackhats don’t want you to know”

 

(In order)

Why am I teaching Reverse Engineering to inexperienced new Anons in OpNewblood?

Whitehat Lab

ASM Programming

Introduction Part 1 Ollydbg 

Introduction Part 2 Using Ollydbg and Tracing Botnets

Analyzing Botnets

 Introduction Part 3 Ollydbg: Cheating a Crackme

Introduction Part 4 Ollydbg: Your first Patch

Encryption 101

Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com

Introduction to Honeydrive: A Brief Walk Through

Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up

Resource Hacker

Dll Injection the Easy Way

Visual Basic Binaries Walk Through Part 1

Ollydbg on Steroids

Creating Patchers Part 1

Have you supported the gas mask campaign over the years?

Crack to win a gas mask gift pack

How to edit a register me crack me Pre Part 1

Unwinding Delphi Binaries Walk Through if not Preview

Cracking Delphi Part 2

Reversing Timed Trials: Ollydbg Tricks Part 3

Analyzing Adware

Preview Against Debugging

Bypassing Registering 101

Bypassing Part 2

Android/iOS Reversing

Introducing IDA Pro: Static Analyzing

Hacker’s Disassembler

Ripping Apart Adware

Never trust Warez or Cracked Programs: Reversing a Crypted IRC bot infected file

IDA PRO Book

Unpacking & Crypting there is a difference

Covert Debugging whitepaper from blackhat.com

Manually Unpacking with Ollydbg

Manually Unpacking Part 2

Manually Unpacking 101

ASM Injecting

ASM Injecting Part 2 +

(Visited 416 times, 1 visits today)


Trackbacks:

  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.