By ro0ted | March 29, 2015 - 20:36 | Posted in /b/ | 1 Comment
#ro0ted #OpNewblood What the blackhats don’t want you to know: ASM Injection

Nice lil injection with ASM in Ollydbg – https://twitter.com/ro0ted/

 

Open Notepad in Olly:

 

Untitled

 

Find a codecave

Untitled

Then we highlight the codecave right click Binary> Edit:

Untitled

Untitled

Press okay:

Untitled

Then press ctrl + A:

Untitled

Now if you saved it won’t run because it’s not being called. Right click each value and select assemble.

PUSH 0                 ; BUTTONS = <OK ONLY>
PUSH 1008751      ; CAPTION  = Our adress of the binary we edited.
PUSH 1008751      ; MESSAGE  = Same like above.
PUSH 0                 ; ICON        = <NO ICON>
CALL MessageBoxA; Run MessageBoxA with the Params above.

Untitled

If you been reading my tuts. The next step is for you. Get the offset and the right jump. Then you should see this:

Untitled

 

ro0ted

 


 

 

Check out my tutorials in my series…. “What the Blackhats don’t want you to know”

 

(In order)

Why am I teaching Reverse Engineering to inexperienced new Anons in OpNewblood?

Whitehat Lab

ASM Programming

Introduction Part 1 Ollydbg 

Introduction Part 2 Using Ollydbg and Tracing Botnets

Analyzing Botnets

 Introduction Part 3 Ollydbg: Cheating a Crackme

Introduction Part 4 Ollydbg: Your first Patch

Encryption 101

Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com

Introduction to Honeydrive: A Brief Walk Through

Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up

Resource Hacker

Dll Injection the Easy Way

Visual Basic Binaries Walk Through Part 1

Ollydbg on Steroids

Creating Patchers Part 1

Have you supported the gas mask campaign over the years?

Crack to win a gas mask gift pack

How to edit a register me crack me Pre Part 1

Unwinding Delphi Binaries Walk Through if not Preview

Cracking Delphi Part 2

Reversing Timed Trials: Ollydbg Tricks Part 3

Analyzing Adware

Preview Against Debugging

Bypassing Registering 101

Bypassing Part 2

Android/iOS Reversing

Introducing IDA Pro: Static Analyzing

Hacker’s Disassembler

Ripping Apart Adware

Never trust Warez or Cracked Programs: Reversing a Crypted IRC bot infected file

IDA PRO Book

Unpacking & Crypting there is a difference

Covert Debugging whitepaper from blackhat.com

Manually Unpacking with Ollydbg

Manually Unpacking Part 2

Manually Unpacking 101

ASM Injecting

(Visited 861 times, 1 visits today)


  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.