SUBSIM Radio Room Forums - View Single Post - [TEC] SH5.exe patches to fix bugs and add functionality

TheDarkWraith · 05-26-12, 01:05 PM

v1.0.33.0 released. See post #1

This version allows you to inject a file (ANY type of file) into a process. You also have the option of executing the file you loaded

You can inject ANY file into a process (bmp, hex, txt, etc, dll, exe).

If you elect to execute the file you injected, the last command HAS to be a RETN statement (or a RETN x if you need to pop temp variables off the stack). If you forget this the process WILL CRASH! You don't have to add the RETN statement if you are going to branch to somewhere else in the process but in doing so don't forget to pop the return value pushed onto the stack by the stub!

The execution will begin at the first byte found in the file. I'll add a way for you to specify beginning execution point in next version.

I've included a little file (TestFile(retn).hex) that you can inject into the SH5 process. When it asks if you want to execute it say yes. SH5 will never know anything every happened! The file is just one command, RETN, which means return to caller. Here's how the inject file works:
- the app allocates memory in the process in a multiple of pagesize to fit the file being injected
- the file contents are copied into this memory
- if the user selected execute then:
- a stub is made that will branch execution to the injected file. The first thing the stub does is push the EIP to the stack. This way when the injected code issues a RETN statement execution goes back to it's original place

There are two new buttons - Inject file and Remove file. They do just as they sound. To remove a file select the file from the Injections listview and then press Remove file.

Working on dumping process memory and reloading it now so user can modify it. Also adding a way to set watches on memory and letting you define the update time interval on them

The LoadLibraryA and FreeLibray offsets are still hardcoded for kernel32.dll. If you get failed to inject or failed to remove it's probably because you have older version of kernel32.dll installed on your computer. I should have these hard codes removed in next version.

05-26-12, 01:05 PM	#505
TheDarkWraith Black Magic Join Date: Jun 2007 Posts: 11,962 Downloads: 147 Uploads: 5	v1.0.33.0 released. See post #1 This version allows you to inject a file (ANY type of file) into a process. You also have the option of executing the file you loaded You can inject ANY file into a process (bmp, hex, txt, etc, dll, exe). If you elect to execute the file you injected, the last command HAS to be a RETN statement (or a RETN x if you need to pop temp variables off the stack). If you forget this the process WILL CRASH! You don't have to add the RETN statement if you are going to branch to somewhere else in the process but in doing so don't forget to pop the return value pushed onto the stack by the stub! The execution will begin at the first byte found in the file. I'll add a way for you to specify beginning execution point in next version. I've included a little file (TestFile(retn).hex) that you can inject into the SH5 process. When it asks if you want to execute it say yes. SH5 will never know anything every happened! The file is just one command, RETN, which means return to caller. Here's how the inject file works: - the app allocates memory in the process in a multiple of pagesize to fit the file being injected - the file contents are copied into this memory - if the user selected execute then: - a stub is made that will branch execution to the injected file. The first thing the stub does is push the EIP to the stack. This way when the injected code issues a RETN statement execution goes back to it's original place There are two new buttons - Inject file and Remove file. They do just as they sound. To remove a file select the file from the Injections listview and then press Remove file. Working on dumping process memory and reloading it now so user can modify it. Also adding a way to set watches on memory and letting you define the update time interval on them The LoadLibraryA and FreeLibray offsets are still hardcoded for kernel32.dll. If you get failed to inject or failed to remove it's probably because you have older version of kernel32.dll installed on your computer. I should have these hard codes removed in next version.