vs2019 to write code injection, originally written with the naked function like this:
. 1 __declspec (Naked) void myput () 2 { . 3 { . 4 the __asm . 5 { . 6 PUSHAD . 7 Push - . 1 // unknown constant at -1 . 8 Push 2 // ID . 9 MOV EAX, 0 // coordinates X 10 Push 0 / / coordinate Y . 11 MOV EBX, DS: [ 0x6A9EC0 ] 12 is MOV EBX, DS: [EBX + 0x768 ] 13 is push ebx 14 mov edx, 0x40D120 15 call edx 16 popad 17 ret 18 } 19 } 20 }
But when I think some of the parameters passed to this function would have to abandon the bare function, with
DWORD WINAPI ThreadProc1(LPVOID lpParameter) { DWORD _id = ((ppara) lpParameter) -> id; DWORD _pos_x = ((ppara) lpParameter) -> pos_x; DWORD _pos_y = ((ppara) lpParameter) -> pos_y; __asm { Pusd push -1 // unknown, constant -1 push _id //ID mov eax, _pos_x // coordinates x push _pos_y // y coordinate mov ebx, ds: [0x6A9EC0] // This is a must plus ds vs inline assembly rules mov ebx, ds: [ebx + 0x768] // Ibid. push ebx mov edx, 0x40D120 call edx popad } return 0; }
This remote thread callback function to write, but to write this way, the original program has been a crash, could not find the cause, then see a post, go od looked in the code it writes, found the problem in a few vs2019 compiler option in the following:
The basic security check and check to run off, because maybe a few will join in the call function generates tail, and these call stack is to check the balance and the like, but after injected into the target process, and there is no target process the actual code will call a few mistakes
Another point is, vs inline assembly time, mov eax, [0xxxxxx] This assembly code must be written mov eax, ds: [0xxxxx] This form, otherwise vs compile time will be compiled into mov eax, 0xxxxx this forms, certainly not our intention.