⚙️ Simple Disassembly Notes 🔧

⚙️ Simple Step to Step Tutorials for Disassembling / Code Injection & getting Pointer Addresses 🔧

🔧 Get Pointer Address from Value 🔧

Set Value Type All
Set Value (ex. (Int 32 = 4 Byte = 32 Bit) 85 or (float/double) 85.5) you search for and press First Scan

Change Value in the Process
The Changed Value will be red, on the left is the Pointer Address

🔧 Replace the Assembly Code with Code that does Nothing 🔧

Right Click on Address Record
Select Find out what writes to this address
Press on Replace

Delete the Assembly Code and Press OK

🔍 Get the Pointer Address from the Pointer of the Value (Way 1 : easier) (level-1 pointer) 🔍

Read the Address

Check Checkbox Hex and put the Address in it
The Address to the Pointer is in this ex. 1002CBA40

🔍 Get the Pointer Address from the Pointer of the Value (Way 2 : harder) (level-1 pointer) 🔍

Select Find out what writes to this address
Press on More information

The Address to the Pointer is in this ex. 011DC7A0

🔍 Get the base Address from a multilevel pointer (level-4 pointer) 🔍

➡️ Example of a level-4 pointer ➡️

01168A78 = Address / base pointer (base ptr)

0x18 = Offset

"Tutorial-x86_64.exe" + 2CBA70 = static base address

-> = points to

01168A78 = Value = 2765

01188070 -> 1168A60 + 0x18 = 01168A78

01168A18 -> 01188070 + 0 = 01188070

011681D0 -> 1168A00 + 0x18 = 01168A18

"Tutorial-x86_64.exe" + 2CBA70 -> 11681C0 + 0x10 = 011681D0

🔍 How to find out each base pointer with its offsets until you get to the static base address 🔍

Right Click on Address Record
Select Find out what accesses this address

Calculate the Address using the Offset ex. -> (01188070 -> 1168A60 + 0x18 = 01168A78)
Calculation (hex) : (01168A78 - 18 = 01168A60 = 1168A60)
Check Checkbox Hex and put the Address in it (ex. 1168A60)
The Address to the Pointer is in this ex. 01188070
Repeat Step 1 to 5 until you get the static base Address, in this ex. "Tutorial-x86_64.exe" + 2CBA70

⚙️ Add Pointer Address manually (level-1 pointer) ⚙️

Click on Add Address Manually

Add Address, if needed with Offsets and click OK

The Result should look like this:

⚙️ Add Pointer Address manually (level-4 pointer) ⚙️

Click on Add Address Manually

Add Address, if needed with Offsets and click OK

The Result should look like this:

🛠 Code Injection 🛠

Right Click on Address Record
Select Find out what writes to this address
Press Show disassembler

Click on Tools and select Auto Assemble

Click on Template and select Code Injection

Click on OK
Comment out as an ex. //sub dword ptr [rsi+00000780],01 (value - 1)
Write as an ex. add dword ptr [rsi+00000780],01 (value + 1)

Press on Execute and then click OK and it's Done!

idouble / simple-disassembly-notes Goto Github PK

simple-disassembly-notes's Introduction

⚙️ Simple Disassembly Notes 🔧

🔧 Get Pointer Address from Value 🔧

🔧 Replace the Assembly Code with Code that does Nothing 🔧

🔍 Get the Pointer Address from the Pointer of the Value (Way 1 : easier) (level-1 pointer) 🔍

🔍 Get the Pointer Address from the Pointer of the Value (Way 2 : harder) (level-1 pointer) 🔍

🔍 Get the base Address from a multilevel pointer (level-4 pointer) 🔍

➡️ Example of a level-4 pointer ➡️

🔍 How to find out each base pointer with its offsets until you get to the static base address 🔍

⚙️ Add Pointer Address manually (level-1 pointer) ⚙️

⚙️ Add Pointer Address manually (level-4 pointer) ⚙️

🛠 Code Injection 🛠

simple-disassembly-notes's People

Contributors

Stargazers

Watchers

Forkers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent