Auto Dll injecting (Asm) matchserver and client
well ive seen a few people useing really crap methods this way is quite easy.
Client(Gunz.exe)
first goto line "574255" without quotes (ctrl + G)
you should see
Code:
00574255 > $ 6A 60 PUSH 60
00574257 . 68 48916000 PUSH theduel.00609148
nop them two lines then it should look like this
Code:
00574252 |. 59 POP ECX
00574253 |. 59 POP ECX
00574254 \. C3 RETN
00574255 > 90 NOP
00574256 90 NOP
00574257 90 NOP
00574258 90 NOP
00574259 90 NOP
0057425A 90 NOP
0057425B 90 NOP
0057425C . E8 871D0000 CALL theduel.00575FE8
00574261 . BF 94000000 MOV EDI,94
Now make a jmp to code cave ill use the line "5E5F31"
so now you make the jmp 5E5F31 on line 574255
it now should look like this
Code:
00574252 |. 59 POP ECX
00574253 |. 59 POP ECX
00574254 \. C3 RETN
00574255 > E9 D71C0700 JMP theduel.005E5F31
0057425A 90 NOP
0057425B 90 NOP
0057425C . E8 871D0000 CALL theduel.00575FE8
00574261 . BF 94000000 MOV EDI,94
then goto line "5E5F31" without quotes (ctrl + G)
then you will see 5E5F22 just up from 5E5F31 so select that line right click -> Binary -> Edit
untick keep size and where it says ASCII Put your dll name
ill use "test.dll" the look where it says hex and add two 0's
picture:
http://i50.tinypic.com/333fh36.jpg
then press ok then press ctrl + A
then go to 5E5F31 again
and double click on the DB 00
and type "push 60" in the box that pops up
the press assemble then type in "PUSH 609148"
and press assemble then type in "PUSH 5E5F22"
and press assemble then type in "CALL DWORD PTR DS:[5E6168]"
and press assemble then type in "TEST EAX,EAX"
and press assemble then jmp back by typeing in "JMP 0057425C"
and press assemble.
press ctrl + a
you should now have something like this:
Code:
005E5F22 . 74 65 73 74 2E>ASCII "test.dll",0
005E5F2B 00 DB 00
005E5F2C 00 DB 00
005E5F2D 00 DB 00
005E5F2E 00 DB 00
005E5F2F 00 DB 00
005E5F30 00 DB 00
005E5F31 > 6A 60 PUSH 60
005E5F33 . 68 48916000 PUSH theduel.00609148
005E5F38 . 68 225F5E00 PUSH theduel.005E5F22 ; /FileName = "test.dll"
005E5F3D . FF15 68615E00 CALL DWORD PTR DS:[<&KERNEL32.LoadLibrar>; \LoadLibraryA
005E5F43 . 85C0 TEST EAX,EAX
005E5F45 .^E9 12E3F8FF JMP theduel.0057425C
and your done.
MatchServer
first go to line "417180" Nop that
should look like:
Code:
0041717E |. 8BCE MOV ECX,ESI
00417180 90 NOP
00417181 90 NOP
00417182 90 NOP
00417183 90 NOP
00417184 90 NOP
00417185 |. 84C0 TEST AL,AL
then make a JMP 5043E3 on line 00417180
then follow that 5043E3 (Ctrl + G)
remmeber that line and now go up to 005043CE and binary edit again then type in your dll name ill use test.dll look above on the client part of the dll if you need help then press ctrl + A
now go back to line 005043E3 and type double click on DB 00
and then type in "PUSHAD" press assemble then type "PUSH 5043CE"
press assemble then type in "CALL DWORD PTR DS:[5052CC]" press assemble then type in "POPAD" press assemble then type in "CALL 00418860" press assemble then type in "JMP 00417185" and press assemble
press ctrl + a
you should get something like this
Code:
005043CE . 74 65 73 74 2E>ASCII "test.dll",0
005043D7 90 NOP
005043D8 90 NOP
005043D9 90 NOP
005043DA 90 NOP
005043DB 90 NOP
005043DC 90 NOP
005043DD 90 NOP
005043DE 90 NOP
005043DF 90 NOP
005043E0 90 NOP
005043E1 90 NOP
005043E2 90 NOP
005043E3 > 60 PUSHAD
005043E4 . 68 CE435000 PUSH MatchSer.005043CE ; /FileName = "test.dll"
005043E9 . FF15 CC525000 CALL DWORD PTR DS:[<&KERNEL32.LoadLibrar>; \LoadLibraryA
005043EF . 61 POPAD
005043F0 . E8 6B44F1FF CALL MatchSer.00418860
005043F5 .^E9 8B2DF1FF JMP MatchSer.00417185
and your done
i take no credit to this apart from making the tut
Re: Auto Dll injecting (Asm) matchserver and client
Re: Auto Dll injecting (Asm) matchserver and client
good tut steven has been looking for one link this
Re: Auto Dll injecting (Asm) matchserver and client
Lol, you managed to work out for matchserver :D
Re: Auto Dll injecting (Asm) matchserver and client
yeah finnaly it was done differntly thanks for trying to help i just looked though my old fatalgunz matchserver lol
Re: Auto Dll injecting (Asm) matchserver and client
101 views no thanks or anything except the ppl i sent the link too
Re: Auto Dll injecting (Asm) matchserver and client
If I get this to work, then I'll be sure to thank you. This is something I've been looking a while for now :P. Thanks :)
Re: Auto Dll injecting (Asm) matchserver and client
ok thanks it works fine btw
Re: Auto Dll injecting (Asm) matchserver and client
-_-'. I'm confused, so what does this do?
Re: Auto Dll injecting (Asm) matchserver and client
This is the exact same thing everyone else has released just your method, in my honest opinion, is not as good as changing the OEP to run the dll before GunZ. Reguardless, nice release, it has been done before and also you preform a check on the return of "LoadLibraryA" but you're using a conventional jump (JMP) when you should use a jump if equal (JE) then some type of error handling method. Like, for instance a call to MessageBoxA.
~Iceman
Re: Auto Dll injecting (Asm) matchserver and client
Re: Auto Dll injecting (Asm) matchserver and client
Hey, are you Welsh Steven, the guy I talked to some time ago ?
If so; hey - long time no speak man.
Re: Auto Dll injecting (Asm) matchserver and client
yes but i was born in england and i hate 99% of welsh people
Re: Auto Dll injecting (Asm) matchserver and client
Quote:
Originally Posted by
steven1234
yes but i was born in england and i hate 99% of welsh people
Nice to see you again.
Re: Auto Dll injecting (Asm) matchserver and client
Nice tut, trying to do it and its my first time asm-ing :P
