×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

"inserting code into a dll"

"inserting code into a dll"

"inserting code into a dll"

(OP)
im not realy sure if this should be posted in visual c++ or here, but this is the scenario.

(note: i am no assembly programmer, i just understand the basics)

i have a project which loads a DLL (win32). this dll manages connections to a server.

anyway. i dont have access to the code of this dll, only the compiled release.

what i want to do is insert a simple ip check into the DLL because some nice people on the internet are filling the server with "fake players".

i have read articles on code injection (such as http://www.codeproject.com/threads/winspy.asp) but was wondering if there was a simpler way to "patch" the dll itself.

ie can i simply write some code to check the ip and insert it into the dll and modify a few calls?

i can post the function if it would help the understanding of my question but in a pseudo code way.

CODE

void somefunction(..some params)
{
    len=recvfrom(..some params)
    if(len && len!=ERROR)
        if(buff[0]=0x00)
            //before i process the requested feature
            //i want to check ip address for being banned
            //if so i want to return
            if(buff[1]=0x01)
            else(buff[1]=0x03)
            else()
        else
            //not interested in this section
    return
}

hope that makes sense.

if any more info is needed to post an answer ask away :D

thnx in advance

If somethings hard to do, its not worth doing - Homer Simpson

RE: "inserting code into a dll"

Since a DLL is just a Library, you could extract the object
you wanted to change, write your one, and insert that
in the DLL.

For all those people that ask this question in this forum
I will once tell what DLL stands for.

DLL == Dynamic Link Library,

It can be build by almost anly linker that handles 32 bit
code and the linker is included with your assembly
program.

So there is one for MASM, NASM, TASM, etc

Tessa

RE: "inserting code into a dll"

(OP)
im not sure i follow you.

Quote:

you could extract the object
you wanted to change, write your one, and insert that
in the DLL.

since the additional code would be larger than the original i simply cannot just insert it? or can i?

(im not actualy trying to change anything. i want to add to the existing code)

i dont know if this will help but ill post the code (apologies.. this next section is long)

CODE

/*    This file was automatically created by
 *    Reverse Engineering Compiler 2.0 (C) Giampiero Caprino (Sep 19 2005)
 *    Input file: 'T:\REC\ServerDLL\server.dll'
 */

/*    Procedure: 0x1004270C - 0x10042819
 *    Argument size: 4
 *    Local size: 0
 *    Save regs size: 0
 */

L1004270c(A4, A8, A10)
/* unknown */ void  A4;
/* unknown */ void  A8;
/* unknown */ void  A10;
{

    (save)ebp;
    ebp = esp;
    esp = esp - 0x10;
    (save)esi;
    (save)edi;
    edi = ecx;
    edx = *(edi + 0x90);
    if(edx != 0) {
        esi = *(ebp + 8);
        (save)ebx;
        ebx = ebp - 0x10;
        eax = *(esi + 0x58);
        eax = L10041450(edi, edx, *(esi + 0x54), eax, ebx);
        for((restore)ebx; eax != -1 && eax != 0; eax = L10041450(edi, *(edi + 0x90), ecx, eax, ebp - 0x10)) {
            *(esi + 0x34) = ax;
            eax = *(esi + 0x54);
            ecx = edi;
            (save)ebp - 0x10;
            if(*eax != 0) {
                eax = L1004171C();
                if(eax != 0) {
                    goto L100427dc;
                }
                if(*( *(edi + 0x48) + 0xb4) != 0) {
                    (save) *(ebp - 0xe);
                    *(ebp + 8) = *(ebp - 0xc);
                    *(ebp + 9) = *(ebp - 0xb);
                    *(ebp + 0xa) = *(ebp - 0xa);
                    *(ebp + 0xb) = *(ebp - 9);
                    ecx = *(edi + 0x48);
                    (save) *L100691bc();
                    eax = ebp + 8;
                    (save)eax;
                    (save)esi;
                    *( *( *(ecx + 0xb4)) + 0xc)();
                }
            } else {
            //this is the bit we are interested in//
                (save)esi;
                L100422FA();
            }
            eax = *(esi + 0x58);
            ecx = *(esi + 0x54);
        }
    }
    eax = 0;
L100427d6:
    (restore)edi;
    (restore)esi;
    esp = ebp;
    (restore)ebp;
    return;
L100427dc:
    *(esi + 0x3c) = eax;
    eax = 1;
    goto L100427d6;
    eax = A10;
    if(eax != 0) {
        edx = *(ecx + 0x90);
        if(edx == 0 || *(eax + 0xdc) == 0) {
            goto L10042815;
        }
        eax = L100416BC(edx, A4, A8, eax + 0xbc);
    } else {
L10042815:
        eax = 0;
    }
}


 Address  Mnemonic                                 SP In  SP Out  SP offs  Intermediate Representation
1004270c: push ebp                                     0      28      0   (save)ebp
1004270d: mov ebp,esp                                                 4   ebp = esp
1004270f: sub esp,+0x10                                               4   esp = esp - 0x10
10042712: push esi                                                   20   (save)esi
10042713: push edi                                                   24   (save)edi
10042714: mov edi,ecx                                                28   edi = ecx
10042716: mov edx,[edi+0x90]                                         28   edx = *(edi + 0x90)
1004271c: test edx,edx                                               28   edx :: 0
1004271e: jz 0x100427d4                                              28   == ? L100427d4 :
10042724: mov esi,[ebp+0x8]                           28      28     28   esi = *(ebp + 8)
10042727: push ebx                                                   28   (save)ebx
10042728: lea ebx,[ebp-0x10]                                         32   ebx = ebp - 0x10
1004272b: mov eax,[esi+0x58]                                         32   eax = *(esi + 0x58)
1004272e: mov ecx,[esi+0x54]                                         32   ecx = *(esi + 0x54)
10042731: push ebx                                                   32   (save)ebx
10042732: push eax                                                   36   (save)eax
10042733: push ecx                                                   40   (save)ecx
10042734: push edx                                                   44   (save)edx
10042735: push edi                                                   48   (save)edi
10042736: call 0x10041450                                            52   eax = L10041450()
1004273b: add esp,+0x14                                              52   esp = esp + 0x14
1004273e: pop ebx                                                    32   (restore)ebx
1004273f: jmp 0x100427cb                                             28   goto L100427cb
10042744: test eax,eax                                28      28     28   eax :: 0
10042746: jz 0x100427d4                                              28   == ? L100427d4 :
1004274c: mov [esi+0x34],ax                            0       4      0   *(esi + 0x34) = ax
10042750: mov eax,[esi+0x54]                                          0   eax = *(esi + 0x54)
10042753: mov ecx,edi                                                 0   ecx = edi
10042755: cmp byte [eax],0x0                                          0   *eax :: 0
10042758: lea eax,[ebp-0x10]                                          0   eax = ebp - 0x10
1004275b: push eax                                                    0   (save)eax
1004275c: jnz 0x10042766                                              4   != ? 0x10042766 :
1004275e: push esi                                     4      28      4   (save)esi
1004275f: call 0x100422fa                                             8   eax = L100422FA()
10042764: jmp short 0x100427b0                                       28   goto L100427b0
10042766: call 0x1004171c                              4       0      4   eax = L1004171C()
1004276b: test eax,eax                                                0   eax :: 0
1004276d: jnz 0x100427dc                                              0   != ? 0x100427dc :
1004276f: mov eax,[edi+0x48]                           0       0      0   eax = *(edi + 0x48)
10042772: cmp dword [eax+0xb4],+0x0                                   0   *(eax + 0xb4) :: 0
10042779: jz 0x100427b0                                               0   == ? L100427b0 :
1004277b: mov al,[ebp-0xc]                             0      16      0   al = *(ebp - 0xc)
1004277e: push dword [ebp-0xe]                                        0   (save) *(ebp - 0xe)
10042781: mov [ebp+0x8],al                                            4   *(ebp + 8) = al
10042784: mov al,[ebp-0xb]                                            4   al = *(ebp - 0xb)
10042787: mov [ebp+0x9],al                                            4   *(ebp + 9) = al
1004278a: mov al,[ebp-0xa]                                            4   al = *(ebp - 0xa)
1004278d: mov [ebp+0xa],al                                            4   *(ebp + 0xa) = al
10042790: mov al,[ebp-0x9]                                            4   al = *(ebp - 9)
10042793: mov [ebp+0xb],al                                            4   *(ebp + 0xb) = al
10042796: call [0x100691bc]                                           4   eax = *L100691bc()
1004279c: mov ecx,[edi+0x48]                                          4   ecx = *(edi + 0x48)
1004279f: push eax                                                    4   (save)eax
100427a0: lea eax,[ebp+0x8]                                           8   eax = ebp + 8
100427a3: mov ecx,[ecx+0xb4]                                          8   ecx = *(ecx + 0xb4)
100427a9: push eax                                                    8   (save)eax
100427aa: push esi                                                   12   (save)esi
100427ab: mov edx,[ecx]                                              16   edx = *ecx
100427ad: call [edx+0xc]                                             16   eax = *(edx + 0xc)()
100427b0: mov eax,[esi+0x58]                          28      28     28   eax = *(esi + 0x58)
100427b3: mov ecx,[esi+0x54]                                         28   ecx = *(esi + 0x54)
100427b6: lea edx,[ebp-0x10]                                         28   edx = ebp - 0x10
100427b9: push edx                                                   28   (save)edx
100427ba: push eax                                                   32   (save)eax
100427bb: push ecx                                                   36   (save)ecx
100427bc: push dword [edi+0x90]                                      40   (save) *(edi + 0x90)
100427c2: push edi                                                   44   (save)edi
100427c3: call 0x10041450                                            48   eax = L10041450()
100427c8: add esp,+0x14                                              48   esp = esp + 0x14
100427cb: cmp eax,-0x1                                28      28     28   eax :: 0 - 1
100427ce: jnz 0x10042744                                             28   != ? 0x10042744 :
100427d4: xor eax,eax                                 28      28     28   eax = eax ^ eax
100427d6: pop edi                                     28       0     28   (restore)edi
100427d7: pop esi                                                    24   (restore)esi
100427d8: leave                                                      -8   esp = ebp
100427d9: ret 0x4                                                     0   return
100427dc: mov [esi+0x3c],eax                           0       0      0   *(esi + 0x3c) = eax
100427df: xor eax,eax                                                 0   eax = eax ^ eax
100427e1: inc eax                                                     0   eax = eax + 1
100427e2: jmp short 0x100427d6                                        0   goto L100427d6
100427e4: mov eax,[esp+0x10]                           0       0      0   eax = *(esp + 0x10)
100427e8: test eax,eax                                                0   eax :: 0
100427ea: jz 0x10042815                                               0   == ? L10042815 :
100427ec: mov edx,[ecx+0x90]                           0       0      0   edx = *(ecx + 0x90)
100427f2: test edx,edx                                                0   edx :: 0
100427f4: jz 0x10042815                                               0   == ? L10042815 :
100427f6: cmp dword [eax+0xdc],+0x0                    0       0      0   *(eax + 0xdc) :: 0
100427fd: jz 0x10042815                                               0   == ? L10042815 :
100427ff: add eax,0xbc                                 0       0      0   eax = eax + 0xbc
10042804: push eax                                                    0   (save)eax
10042805: push dword [esp+0xc]                                        4   (save) *(esp + 0xc)
10042809: push dword [esp+0xc]                                        8   (save) *(esp + 0xc)
1004280d: push edx                                                   12   (save)edx
1004280e: call 0x100416bc                                            16   eax = L100416BC()
10042813: jmp short 0x10042817                                        0   goto L10042817
10042815: xor eax,eax                                  0       0      0   eax = eax ^ eax
10042817: ret 0x10                                     0       0      0   return



/*    Procedure: 0x100422FA - 0x100426C2
 *    Argument size: -48
 *    Local size: 28
 *    Save regs size: 0
 *    Called by:
 *        L1004270C()
 */

L100422fa(A8, Ab, Ac)
/* unknown */ void  A8;
/* unknown */ void  Ab;
/* unknown */ void  Ac;  
{
    /* unknown */ void  Vffffffe4;
    /* unknown */ void  Vfffffff4;
    /* unknown */ void  Vfffffff8;
    /* unknown */ void  Vfffffffc;

    Vfffffffc = 0;
    (save)ebx;
    (save)esi;
    (save)edi;
    edi = A8;
    ebx = ecx;
    ecx = edi;
    *(edi + 0x38) = 1;
    Ab = L10017F65(0);    <<--read next byte
    if(!( *(edi + 0x40) & 2)) {
        esi = Ac;
        if(*(ebx + 0x7c) == 0) {
            goto L10042622;
        }
        (save)esi;
        eax = L100426C3(ebx); <<--is this checking the guiid??
        (restore)ecx;
        if(eax == 0) {
            if(Ab != 1) {    <<--this is the query 0x01 (\x00\x01 + {guiid} 19 bytes total)
                goto L1004243c;
            }
            ecx = edi;
            L1002EA1E( & Vffffffe4, 0x10);  <<--no idea?!
            eax = L10059860( & Vffffffe4, *(ebx + 0x48) + 0xf0, 0x10);
            if(eax == 0) {
                //this is where i want to check the IP
                if(M1007f6a8 != eax) {    <<--frig this code so we get the debug (offset 00042382: change 74 to 75)
                    (save) *(esi + 2);
                    *L100691bc();
                    (save)ax & 65535;
                    (save) *(esi + 7) & 0xff;
                    (save) *(esi + 6) & 0xff;
                    (save) *(esi + 5) & 0xff;
                    (save) *(esi + 4) & 0xff;
                    (save)"IP: Received query from %d.%d.%d.%d:%d, sending response";
                    L10011A1F();
                }
                ecx = edi;
                L10017F65(0); <<--read next byte?
                A8 = al;
                ecx = & Vfffffffc;
                L100121DE(L1002E963( & Ac, 0x44c, 0x44c));
                ecx = Ac;
                if(ecx != 0) {
                    *( *ecx + 8)();
                }
                *( *(Vfffffffc + 0x54)) = 0;
                ecx = Vfffffffc;
                L10017FCD(2);
                eax = *(ebx + 0x98);
                if(eax == 0) {
                    eax = 0x1007b534;
                }
                ecx = Vfffffffc;
                L1002EA7C(eax);
                ecx = Vfffffffc;
                L10017FCD(A8);    <<--check if packet too long?
                eax = Vfffffffc;
                ecx = ebx;
                eax = L100416BC( *(ebx + 0x90), *(eax + 0x54), *(eax + 0x34) & 65535, esi); <<--leads to wsock32.sendto
                goto L100426b0;
L1004243c:
                if(Ab != 3) {    <<--this is the join 0x03 (\x00\x03\x00 + {guiid} 19 bytes total)
                    goto L10042622;
                }
                //this is where i want to check the IP
                if(M1007f6a8 != 0) {    <<--frig this code so we get the debug (offset 0004244D: change 74 to 75)
                    (save) *(esi + 2);
                    *L100691bc();
                    (save)ax & 65535;
                    (save) *(esi + 7) & 0xff;
                    (save) *(esi + 6) & 0xff;
                    (save) *(esi + 5) & 0xff;
                    (save) *(esi + 4) & 0xff;
                    (save)"IP: Received conn request from %d.%d.%d.%d:%d, sending response";
                    L10011A1F();
                }
                ecx = edi;
                L10017F65(0);
                ecx = edi;
                eax = L1002EA1E( & Vffffffe4, 0x10);
                if(!( *(edi + 0x40) & 2)) {
                    Vfffffff4 = 0;
                    if(L10059860( *(ebx + 0x48) + 0xf0, & Vffffffe4, 0x10) != 0) {
                        Vfffffff4 = 1;
                    } else {
                        if(*(ebx + 0x9c) < *(ebx + 0x94)) {
                            edi = L1003150D(0xe0);
                            if(edi != 0) {
                                ecx = edi;
                                L1002908D();
                                *(edi + 0xd8) = 0;
                                eax = edi;
                                Vfffffff8 = eax;
                            } else {
                                Vfffffff8 = 0;
                                eax = Vfffffff8;
                            }
                            edi = eax + 0xbc;
                            *edi = *esi;
                            edi = edi + 4;
                            esi = esi + 4;
                            *edi = *esi;
                            edi = edi + 4;
                            esi = esi + 4;
                            *edi = *esi;
                            edi = edi + 4;
                            esi = esi + 4;
                            *edi = *esi;
                            edi = edi + 4;
                            esi = esi + 4;
                            *(eax + 0xdc) = 0;
                            *(eax + 0x30) = ebx;
                            ecx = *(ebx + 0x48);
                            if(L1002AB44(eax) != 0) {
                                esi = Vfffffff8;
                                ecx = ebx + 0x9c;
                                L10043463(esi, esi + 0xcc);
                                ecx = & Vfffffffc;
                                L100121DE(L1002E963( & A8, 0x44c, 0x44c));
                                ecx = A8;
                                if(ecx != 0) {
                                    *( *ecx + 8)();
                                }
                                edi = 5;    <<--the 0x05 reply
                                *( *(Vfffffffc + 0x54)) = 0;
                                ecx = Vfffffffc;
                                L10017FCD(5);
                                do {
                                    eax = Vfffffffc;
                                    ecx = ebx;
                                    L100416BC( *(ebx + 0x90), *(eax + 0x54), *(eax + 0x34) & 65535, Ac); <<--leads to wsock32.sendto
                                } while(edi = edi - 1);
                                *(esi + 0xdc) = 1;
                                ecx = *(ebx + 0x48);
                                eax = L1002A9B7(esi);
                                goto L100426b0;
                            }
                            ecx = Vfffffff8;
                            L100421C2(1);
                            esi = Ac;
                        }
                    }
                    ecx = & Vfffffffc;
                    L100121DE(L1002E963( & Ac, 0x44c, 0x44c));
                    ecx = Ac;
                    if(ecx != 0) {
                        *( *ecx + 8)();
                    }
                    *( *(Vfffffffc + 0x54)) = 0;
                    ecx = Vfffffffc;
                    if(Vfffffff4 != 0) {
                        (save)7;
                    } else {
                        (save)6;
                    }
                    L10017FCD();
                    eax = Vfffffffc;
                    ecx = ebx;
                    eax = L100416BC( *(ebx + 0x90), *(eax + 0x54), *(eax + 0x34) & 65535, esi);
L10042622:
                    if(Ab == 0) {
                        ecx = ebx;
                        eax = L1004171C(esi);
                        edi = eax;
                        if(edi != 0) {
                            if(M1007f6a8 != 0) {
                                (save) *(esi + 2);
                                *L100691bc();
                                (save)ax & 65535;
                                (save) *(esi + 7) & 0xff;
                                (save) *(esi + 6) & 0xff;
                                (save) *(esi + 5) & 0xff;
                                (save) *(esi + 4) & 0xff;
                                (save)"Got TCPSUB_DISCONNECT from %d.%d.%d.%d:%d";
                                L10011A1F();
                            }
                            ecx = *( *(ebx + 0x48) + 0xb4);
                            if(ecx != 0) {
                                (save)0x1007b534;
                                (save)4;
                                *( *ecx + 0x10)();
                            }
                            ecx = *(ebx + 0x48);
                            L1002AC2E(edi);
                            eax = edi + 0xcc;
                            ecx = ebx + 0x9c;
                            L100434A5(eax);
                            ecx = edi;
                            eax = L100421C2(1);
                        }
                    }
                }
            }
        }
    }
L100426b0:
    ecx = Vfffffffc;
    if(ecx != 0) {
        eax = *( *ecx + 8)();
    }
    (restore)edi;
    (restore)esi;
    (restore)ebx;
}



 Address  Mnemonic                                 SP In  SP Out  SP offs  Intermediate Representation
100422fa: push ebp                                     0      44      0   (save)ebp
100422fb: mov ebp,esp                                                 4   ebp = esp
100422fd: sub esp,+0x1c                                               4   esp = esp - 0x1c
10042300: and dword [ebp-0x4],+0x0                                   32   *(ebp - 4) = *(ebp - 4) & 0
10042304: push ebx                                                   32   (save)ebx
10042305: push esi                                                   36   (save)esi
10042306: push edi                                                   40   (save)edi
10042307: mov edi,[ebp+0x8]                                          44   edi = *(ebp + 8)
1004230a: mov ebx,ecx                                                44   ebx = ecx
1004230c: push +0x0                                                  44   (save)0
1004230e: mov ecx,edi                                                48   ecx = edi
10042310: mov word [edi+0x38],0x1                                    48   *(edi + 0x38) = 1
10042316: call 0x10017f65                                            48   eax = L10017F65()
1004231b: test byte [edi+0x40],0x2                                   44   *(edi + 0x40) & 2
1004231f: mov [ebp+0xb],al                                           44   *(ebp + 0xb) = al
10042322: jnz 0x100426b0                                             44   != ? 0x100426b0 :
10042328: cmp dword [ebx+0x7c],+0x0                   44      44     44   *(ebx + 0x7c) :: 0
1004232c: mov esi,[ebp+0xc]                                          44   esi = *(ebp + 0xc)
1004232f: jz 0x10042622                                              44   == ? L10042622 :
10042335: push esi                                    44      44     44   (save)esi
10042336: push ebx                                                   48   (save)ebx
10042337: call 0x100426c3                                            52   eax = L100426C3()
1004233c: pop ecx                                                    52   (restore)ecx
1004233d: test eax,eax                                               48   eax :: 0
1004233f: pop ecx                                                    48   (restore)ecx
10042340: jnz 0x100426b0                                             44   != ? 0x100426b0 :
10042346: cmp byte [ebp+0xb],0x1                      44      44     44   *(ebp + 0xb) :: 1
1004234a: jnz 0x1004243c                                             44   != ? 0x1004243c :
10042350: lea eax,[ebp-0x1c]                          44      44     44   eax = ebp - 0x1c
10042353: push +0x10                                                 44   (save)0x10
10042355: push eax                                                   48   (save)eax
10042356: mov ecx,edi                                                52   ecx = edi
10042358: call 0x1002ea1e                                            52   eax = L1002EA1E()
1004235d: mov eax,[ebx+0x48]                                         44   eax = *(ebx + 0x48)
10042360: push +0x10                                                 44   (save)0x10
10042362: add eax,0xf0                                               48   eax = eax + 0xf0
10042367: push eax                                                   48   (save)eax
10042368: lea eax,[ebp-0x1c]                                         52   eax = ebp - 0x1c
1004236b: push eax                                                   52   (save)eax
1004236c: call 0x10059860                                            56   eax = L10059860()
10042371: add esp,+0xc                                               56   esp = esp + 0xc
10042374: test eax,eax                                               44   eax :: 0
10042376: jnz 0x100426b0                                             44   != ? 0x100426b0 :
1004237c: cmp [0x1007f6a8],eax                        44      44     44   M1007f6a8 :: eax
10042382: jz 0x100423b4                                              44   == ? L100423b4 :
10042384: mov ax,[esi+0x2]                            44      48     44   ax = *(esi + 2)
10042388: push eax                                                   44   (save)eax
10042389: call [0x100691bc]                                          48   eax = *L100691bc()
1004238f: movzx eax,ax                                               48   eax = ax & 65535
10042392: push eax                                                   48   (save)eax
10042393: movzx eax,byte [esi+0x7]                                   52   eax = *(esi + 7) & 0xff
10042397: push eax                                                   52   (save)eax
10042398: movzx eax,byte [esi+0x6]                                   56   eax = *(esi + 6) & 0xff
1004239c: push eax                                                   56   (save)eax
1004239d: movzx eax,byte [esi+0x5]                                   60   eax = *(esi + 5) & 0xff
100423a1: push eax                                                   60   (save)eax
100423a2: movzx eax,byte [esi+0x4]                                   64   eax = *(esi + 4) & 0xff
100423a6: push eax                                                   64   (save)eax
100423a7: push dword 0x10074fb8                                      68   (save)"IP: Received query from %d.%d.%d.%d:%d, sending response"
100423ac: call 0x10011a1f                                            72   eax = L10011A1F()
100423b1: add esp,+0x18                                              72   esp = esp + 0x18
100423b4: push +0x0                                   44      44     44   (save)0
100423b6: mov ecx,edi                                                48   ecx = edi
100423b8: call 0x10017f65                                            48   eax = L10017F65()
100423bd: mov [ebp+0x8],al                                           44   *(ebp + 8) = al
100423c0: mov eax,0x44c                                              44   eax = 0x44c
100423c5: push eax                                                   44   (save)eax
100423c6: push eax                                                   48   (save)eax
100423c7: lea eax,[ebp+0xc]                                          52   eax = ebp + 0xc
100423ca: push eax                                                   52   (save)eax
100423cb: call 0x1002e963                                            56   eax = L1002E963()
100423d0: add esp,+0xc                                               56   esp = esp + 0xc
100423d3: lea ecx,[ebp-0x4]                                          44   ecx = ebp - 4
100423d6: push eax                                                   44   (save)eax
100423d7: call 0x100121de                                            48   eax = L100121DE()
100423dc: mov ecx,[ebp+0xc]                                          44   ecx = *(ebp + 0xc)
100423df: test ecx,ecx                                               44   ecx :: 0
100423e1: jz 0x100423e8                                              44   == ? L100423e8 :
100423e3: mov eax,[ecx]                               44      44     44   eax = *ecx
100423e5: call [eax+0x8]                                             44   eax = *(eax + 8)()
100423e8: mov eax,[ebp-0x4]                           44      44     44   eax = *(ebp - 4)
100423eb: push +0x2                                                  44   (save)2
100423ed: mov eax,[eax+0x54]                                         48   eax = *(eax + 0x54)
100423f0: and byte [eax],0x0                                         48   *eax = *eax & 0
100423f3: mov ecx,[ebp-0x4]                                          48   ecx = *(ebp - 4)
100423f6: call 0x10017fcd                                            48   eax = L10017FCD()
100423fb: mov eax,[ebx+0x98]                                         44   eax = *(ebx + 0x98)
10042401: test eax,eax                                               44   eax :: 0
10042403: jnz 0x1004240a                                             44   != ? 0x1004240a :
10042405: mov eax,0x1007b534                          44      44     44   eax = 0x1007b534
1004240a: mov ecx,[ebp-0x4]                           44      44     44   ecx = *(ebp - 4)
1004240d: push eax                                                   44   (save)eax
1004240e: call 0x1002ea7c                                            48   eax = L1002EA7C()
10042413: push dword [ebp+0x8]                                       44   (save) *(ebp + 8)
10042416: mov ecx,[ebp-0x4]                                          48   ecx = *(ebp - 4)
10042419: call 0x10017fcd                                            48   eax = L10017FCD()
1004241e: mov eax,[ebp-0x4]                                          44   eax = *(ebp - 4)
10042421: push esi                                                   44   (save)esi
10042422: movzx ecx,word [eax+0x34]                                  48   ecx = *(eax + 0x34) & 65535
10042426: push ecx                                                   48   (save)ecx
10042427: mov ecx,ebx                                                52   ecx = ebx
10042429: push dword [eax+0x54]                                      52   (save) *(eax + 0x54)
1004242c: push dword [ebx+0x90]                                      56   (save) *(ebx + 0x90)
10042432: call 0x100416bc                                            60   eax = L100416BC()
10042437: jmp 0x100426b0                                             44   goto L100426b0
1004243c: cmp byte [ebp+0xb],0x3                      44      44     44   *(ebp + 0xb) :: 3
10042440: jnz 0x10042622                                             44   != ? 0x10042622 :
10042446: cmp dword [0x1007f6a8],+0x0                 44      44     44   M1007f6a8 :: 0
1004244d: jz 0x1004247f                                              44   == ? L1004247f :
1004244f: mov ax,[esi+0x2]                            44      48     44   ax = *(esi + 2)
10042453: push eax                                                   44   (save)eax
10042454: call [0x100691bc]                                          48   eax = *L100691bc()
1004245a: movzx eax,ax                                               48   eax = ax & 65535
1004245d: push eax                                                   48   (save)eax
1004245e: movzx eax,byte [esi+0x7]                                   52   eax = *(esi + 7) & 0xff
10042462: push eax                                                   52   (save)eax
10042463: movzx eax,byte [esi+0x6]                                   56   eax = *(esi + 6) & 0xff
10042467: push eax                                                   56   (save)eax
10042468: movzx eax,byte [esi+0x5]                                   60   eax = *(esi + 5) & 0xff
1004246c: push eax                                                   60   (save)eax
1004246d: movzx eax,byte [esi+0x4]                                   64   eax = *(esi + 4) & 0xff
10042471: push eax                                                   64   (save)eax
10042472: push dword 0x10074f78                                      68   (save)"IP: Received conn request from %d.%d.%d.%d:%d, sending response"
10042477: call 0x10011a1f                                            72   eax = L10011A1F()
1004247c: add esp,+0x18                                              72   esp = esp + 0x18
1004247f: push +0x0                                   44      44     44   (save)0
10042481: mov ecx,edi                                                48   ecx = edi
10042483: call 0x10017f65                                            48   eax = L10017F65()
10042488: lea eax,[ebp-0x1c]                                         44   eax = ebp - 0x1c
1004248b: push +0x10                                                 44   (save)0x10
1004248d: push eax                                                   48   (save)eax
1004248e: mov ecx,edi                                                52   ecx = edi
10042490: call 0x1002ea1e                                            52   eax = L1002EA1E()
10042495: test byte [edi+0x40],0x2                                   44   *(edi + 0x40) & 2
10042499: jnz 0x100426b0                                             44   != ? 0x100426b0 :
1004249f: and dword [ebp-0xc],+0x0                    44      44     44   *(ebp - 0xc) = *(ebp - 0xc) & 0
100424a3: lea eax,[ebp-0x1c]                                         44   eax = ebp - 0x1c
100424a6: push +0x10                                                 44   (save)0x10
100424a8: push eax                                                   48   (save)eax
100424a9: mov eax,[ebx+0x48]                                         52   eax = *(ebx + 0x48)
100424ac: add eax,0xf0                                               52   eax = eax + 0xf0
100424b1: push eax                                                   52   (save)eax
100424b2: call 0x10059860                                            56   eax = L10059860()
100424b7: add esp,+0xc                                               56   esp = esp + 0xc
100424ba: test eax,eax                                               44   eax :: 0
100424bc: jz 0x100424ca                                              44   == ? L100424ca :
100424be: mov dword [ebp-0xc],0x1                     44      44     44   *(ebp - 0xc) = 1
100424c5: jmp 0x100425c4                                             44   goto L100425c4
100424ca: mov eax,[ebx+0x9c]                          44      44     44   eax = *(ebx + 0x9c)
100424d0: cmp eax,[ebx+0x94]                                         44   eax :: *(ebx + 0x94)
100424d6: jnc 0x100425c4                                             44   >= ? L100425c4 :
100424dc: push dword 0xe0                             44      44     44   (save)0xe0
100424e1: call 0x1003150d                                            48   eax = L1003150D()
100424e6: mov edi,eax                                                48   edi = eax
100424e8: pop ecx                                                    48   (restore)ecx
100424e9: test edi,edi                                               44   edi :: 0
100424eb: jz 0x10042502                                              44   == ? L10042502 :
100424ed: mov ecx,edi                                 44      44     44   ecx = edi
100424ef: call 0x1002908d                                            44   eax = L1002908D()
100424f4: and dword [edi+0xd8],+0x0                                  44   *(edi + 0xd8) = *(edi + 0xd8) & 0
100424fb: mov eax,edi                                                44   eax = edi
100424fd: mov [ebp-0x8],eax                                          44   *(ebp - 8) = eax
10042500: jmp short 0x10042509                                       44   goto L10042509
10042502: and dword [ebp-0x8],+0x0                    44      44     44   *(ebp - 8) = *(ebp - 8) & 0
10042506: mov eax,[ebp-0x8]                                          44   eax = *(ebp - 8)
10042509: lea edi,[eax+0xbc]                          44      44     44   edi = eax + 0xbc
1004250f: push eax                                                   44   (save)eax
10042510: movsd                                                      48   *edi = *esi
10042511: movsd                                                      48   *edi = *esi
10042512: movsd                                                      48   *edi = *esi
10042513: movsd                                                      48   *edi = *esi
10042514: and dword [eax+0xdc],+0x0                                  48   *(eax + 0xdc) = *(eax + 0xdc) & 0
1004251b: mov [eax+0x30],ebx                                         48   *(eax + 0x30) = ebx
1004251e: mov ecx,[ebx+0x48]                                         48   ecx = *(ebx + 0x48)
10042521: call 0x1002ab44                                            48   eax = L1002AB44()
10042526: test eax,eax                                               44   eax :: 0
10042528: jz 0x100425b7                                              44   == ? L100425b7 :
1004252e: mov esi,[ebp-0x8]                           44      44     44   esi = *(ebp - 8)
10042531: lea ecx,[ebx+0x9c]                                         44   ecx = ebx + 0x9c
10042537: lea eax,[esi+0xcc]                                         44   eax = esi + 0xcc
1004253d: push eax                                                   44   (save)eax
1004253e: push esi                                                   48   (save)esi
1004253f: call 0x10043463                                            52   eax = L10043463()
10042544: mov eax,0x44c                                              44   eax = 0x44c
10042549: push eax                                                   44   (save)eax
1004254a: push eax                                                   48   (save)eax
1004254b: lea eax,[ebp+0x8]                                          52   eax = ebp + 8
1004254e: push eax                                                   52   (save)eax
1004254f: call 0x1002e963                                            56   eax = L1002E963()
10042554: add esp,+0xc                                               56   esp = esp + 0xc
10042557: lea ecx,[ebp-0x4]                                          44   ecx = ebp - 4
1004255a: push eax                                                   44   (save)eax
1004255b: call 0x100121de                                            48   eax = L100121DE()
10042560: mov ecx,[ebp+0x8]                                          44   ecx = *(ebp + 8)
10042563: test ecx,ecx                                               44   ecx :: 0
10042565: jz 0x1004256c                                              44   == ? L1004256c :
10042567: mov eax,[ecx]                               44      44     44   eax = *ecx
10042569: call [eax+0x8]                                             44   eax = *(eax + 8)()
1004256c: mov eax,[ebp-0x4]                           44      44     44   eax = *(ebp - 4)
1004256f: push +0x5                                                  44   (save)5
10042571: pop edi                                                    48   (restore)edi
10042572: mov eax,[eax+0x54]                                         44   eax = *(eax + 0x54)
10042575: push edi                                                   44   (save)edi
10042576: and byte [eax],0x0                                         48   *eax = *eax & 0
10042579: mov ecx,[ebp-0x4]                                          48   ecx = *(ebp - 4)
1004257c: call 0x10017fcd                                            48   eax = L10017FCD()
10042581: mov eax,[ebp-0x4]                           44      44     44   eax = *(ebp - 4)
10042584: push dword [ebp+0xc]                                       44   (save) *(ebp + 0xc)
10042587: movzx ecx,word [eax+0x34]                                  48   ecx = *(eax + 0x34) & 65535
1004258b: push ecx                                                   48   (save)ecx
1004258c: mov ecx,ebx                                                52   ecx = ebx
1004258e: push dword [eax+0x54]                                      52   (save) *(eax + 0x54)
10042591: push dword [ebx+0x90]                                      56   (save) *(ebx + 0x90)
10042597: call 0x100416bc                                            60   eax = L100416BC()
1004259c: dec edi                                                    44   edi = edi - 1
1004259d: jnz 0x10042581                                             44   != ? 0x10042581 :
1004259f: mov dword [esi+0xdc],0x1                    44      44     44   *(esi + 0xdc) = 1
100425a9: mov ecx,[ebx+0x48]                                         44   ecx = *(ebx + 0x48)
100425ac: push esi                                                   44   (save)esi
100425ad: call 0x1002a9b7                                            48   eax = L1002A9B7()
100425b2: jmp 0x100426b0                                             44   goto L100426b0
100425b7: mov ecx,[ebp-0x8]                           44      44     44   ecx = *(ebp - 8)
100425ba: push +0x1                                                  44   (save)1
100425bc: call 0x100421c2                                            48   eax = L100421C2()
100425c1: mov esi,[ebp+0xc]                                          44   esi = *(ebp + 0xc)
100425c4: mov eax,0x44c                               44      44     44   eax = 0x44c
100425c9: push eax                                                   44   (save)eax
100425ca: push eax                                                   48   (save)eax
100425cb: lea eax,[ebp+0xc]                                          52   eax = ebp + 0xc
100425ce: push eax                                                   52   (save)eax
100425cf: call 0x1002e963                                            56   eax = L1002E963()
100425d4: add esp,+0xc                                               56   esp = esp + 0xc
100425d7: lea ecx,[ebp-0x4]                                          44   ecx = ebp - 4
100425da: push eax                                                   44   (save)eax
100425db: call 0x100121de                                            48   eax = L100121DE()
100425e0: mov ecx,[ebp+0xc]                                          44   ecx = *(ebp + 0xc)
100425e3: test ecx,ecx                                               44   ecx :: 0
100425e5: jz 0x100425ec                                              44   == ? L100425ec :
100425e7: mov eax,[ecx]                               44      44     44   eax = *ecx
100425e9: call [eax+0x8]                                             44   eax = *(eax + 8)()
100425ec: mov eax,[ebp-0x4]                           44      44     44   eax = *(ebp - 4)
100425ef: mov eax,[eax+0x54]                                         44   eax = *(eax + 0x54)
100425f2: and byte [eax],0x0                                         44   *eax = *eax & 0
100425f5: cmp dword [ebp-0xc],+0x0                                   44   *(ebp - 0xc) :: 0
100425f9: mov ecx,[ebp-0x4]                                          44   ecx = *(ebp - 4)
100425fc: jz 0x10042602                                              44   == ? L10042602 :
100425fe: push +0x7                                   44      48     44   (save)7
10042600: jmp short 0x10042604                                       48   goto L10042604
10042602: push +0x6                                   44      48     44   (save)6
10042604: call 0x10017fcd                             48      44     48   eax = L10017FCD()
10042609: mov eax,[ebp-0x4]                                          44   eax = *(ebp - 4)
1004260c: push esi                                                   44   (save)esi
1004260d: movzx ecx,word [eax+0x34]                                  48   ecx = *(eax + 0x34) & 65535
10042611: push ecx                                                   48   (save)ecx
10042612: mov ecx,ebx                                                52   ecx = ebx
10042614: push dword [eax+0x54]                                      52   (save) *(eax + 0x54)
10042617: push dword [ebx+0x90]                                      56   (save) *(ebx + 0x90)
1004261d: call 0x100416bc                                            60   eax = L100416BC()
10042622: cmp byte [ebp+0xb],0x0                      44      44     44   *(ebp + 0xb) :: 0
10042626: jnz 0x100426b0                                             44   != ? 0x100426b0 :
1004262c: push esi                                    44      44     44   (save)esi
1004262d: mov ecx,ebx                                                48   ecx = ebx
1004262f: call 0x1004171c                                            48   eax = L1004171C()
10042634: mov edi,eax                                                44   edi = eax
10042636: test edi,edi                                               44   edi :: 0
10042638: jz 0x100426b0                                              44   == ? L100426b0 :
1004263a: cmp dword [0x1007f6a8],+0x0                 44      44     44   M1007f6a8 :: 0
10042641: jz 0x10042673                                              44   == ? L10042673 :
10042643: mov ax,[esi+0x2]                            44      48     44   ax = *(esi + 2)
10042647: push eax                                                   44   (save)eax
10042648: call [0x100691bc]                                          48   eax = *L100691bc()
1004264e: movzx eax,ax                                               48   eax = ax & 65535
10042651: push eax                                                   48   (save)eax
10042652: movzx eax,byte [esi+0x7]                                   52   eax = *(esi + 7) & 0xff
10042656: push eax                                                   52   (save)eax
10042657: movzx eax,byte [esi+0x6]                                   56   eax = *(esi + 6) & 0xff
1004265b: push eax                                                   56   (save)eax
1004265c: movzx eax,byte [esi+0x5]                                   60   eax = *(esi + 5) & 0xff
10042660: push eax                                                   60   (save)eax
10042661: movzx eax,byte [esi+0x4]                                   64   eax = *(esi + 4) & 0xff
10042665: push eax                                                   64   (save)eax
10042666: push dword 0x10074f4c                                      68   (save)"Got TCPSUB_DISCONNECT from %d.%d.%d.%d:%d"
1004266b: call 0x10011a1f                                            72   eax = L10011A1F()
10042670: add esp,+0x18                                              72   esp = esp + 0x18
10042673: mov eax,[ebx+0x48]                          44      44     44   eax = *(ebx + 0x48)
10042676: mov ecx,[eax+0xb4]                                         44   ecx = *(eax + 0xb4)
1004267c: test ecx,ecx                                               44   ecx :: 0
1004267e: jz 0x1004268c                                              44   == ? L1004268c :
10042680: mov eax,[ecx]                               44      52     44   eax = *ecx
10042682: push dword 0x1007b534                                      44   (save)0x1007b534
10042687: push +0x4                                                  48   (save)4
10042689: call [eax+0x10]                                            52   eax = *(eax + 0x10)()
1004268c: mov ecx,[ebx+0x48]                          44      44     44   ecx = *(ebx + 0x48)
1004268f: push edi                                                   44   (save)edi
10042690: call 0x1002ac2e                                            48   eax = L1002AC2E()
10042695: lea eax,[edi+0xcc]                                         44   eax = edi + 0xcc
1004269b: lea ecx,[ebx+0x9c]                                         44   ecx = ebx + 0x9c
100426a1: push eax                                                   44   (save)eax
100426a2: call 0x100434a5                                            48   eax = L100434A5()
100426a7: push +0x1                                                  44   (save)1
100426a9: mov ecx,edi                                                48   ecx = edi
100426ab: call 0x100421c2                                            48   eax = L100421C2()
100426b0: mov ecx,[ebp-0x4]                           44      44     44   ecx = *(ebp - 4)
100426b3: test ecx,ecx                                               44   ecx :: 0
100426b5: jz 0x100426bc                                              44   == ? L100426bc :
100426b7: mov eax,[ecx]                               44      44     44   eax = *ecx
100426b9: call [eax+0x8]                                             44   eax = *(eax + 8)()
100426bc: pop edi                                     44       0     44   (restore)edi
100426bd: pop esi                                                    40   (restore)esi
100426be: pop ebx                                                    36   (restore)ebx
100426bf: leave                                                     -12   esp = ebp
100426c0: ret 0x8                                                     0   return

If somethings hard to do, its not worth doing - Homer Simpson

RE: "inserting code into a dll"

(OP)
hmm.. seem to have lost the end

Full Listing

If somethings hard to do, its not worth doing - Homer Simpson

RE: "inserting code into a dll"

Like any library you can replace the existing object code in it with your own.
But be carefull that your code is errorless.

Assemble the source --> build an object file and
link it into the existing library.

If you don't know how check the manual that come's with your compiler/assembler.

Succes, Tessa

RE: "inserting code into a dll"

(OP)
slightly more complex than i had hoped. for now ill go back to the code injection.

thanx for the information :)

If somethings hard to do, its not worth doing - Homer Simpson

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close