Using a Code Cave to load your .DLL

**purpleCRAYON** · 08-01-10

Credits to Skilinium for his tutorial, me for doing it with shitty game like Gunz.

Code:

ZPostShot: 0047DF30
Original JMP: 0047FD9C
Code-Cave Address: 005E5F64

Code-Cave:
ASCII: protection.dll
PUSH 005E5F64
CALL LoadLibraryA
JMP 0047DF30

Steps:
1) Go to 0047FD9C change "JMP 0047DF30" to "JMP 005E5F64"
2) Go to 005E5F64 and do this:

Right CLick - > Binary - > Edit change ASCII to name of .DLL
Line under that, PUSH the address
Line under that call LoadLibraryA
Line under that JMP ZPostShot (0047DF30)

So your codecave looks like this:

005E5F65   . 70 72 6F 74 65>ASCII "protection.dll",0
005E5F74     68 645F5E00    PUSH theduel.005E5F64
005E5F79     E8 FDBD217C    CALL kernel32.LoadLibraryA
005E5F7E    ^E9 AD7FE9FF    JMP theduel.0047DF30

Don't get angry that I used a ZPostShot address I was in a hurry to write this before I went to sleep... :3 ^ not tested, but it should work.

**MentaL**

**Linear88** · 08-01-10

Might be useful, thanks.

**wtfhacker** · 08-01-10

Already saw something like this, but thanks.

**cerealnp** · 08-01-10

What about doing it at the entrypoint? That way it would be called dozens and dozens of times (when ZPostShot is called)

**purpleCRAYON** · 09-01-10

Originally Posted by cerealnp

What about doing it at the entrypoint? That way it would be called dozens and dozens of times (when ZPostShot is called)

Hm.

Using a Code Cave to load your .DLL

Thread Tools

Search Thread

Using a Code Cave to load your .DLL

Re: Using a Code Cave to load your .DLL

Re: Using a Code Cave to load your .DLL

Re: Using a Code Cave to load your .DLL

Re: Using a Code Cave to load your .DLL

Advertisement