IDouble / Simple-Disassembly-Notes

⚙️ Simple Step to Step Tutorials for Disassembling / Code Injection & getting Pointer Addresses 🔧

assembly disassembly tutorial collection reverse-engineering pointer offsets tutorials code disassembler codeinjection code-injection memory read write simple process pointer-address disassembly-notes step-tutorials

⚙️ Simple Disassembly Notes 🔧

⚙️ Simple Step to Step Tutorials for Disassembling / Code Injection & getting Pointer Addresses 🔧

🔧 Get Pointer Address from Value 🔧

Set Value Type All
Set Value (ex. (Int 32 = 4 Byte = 32 Bit) 85 or (float/double) 85.5) you search for and press First Scan

Change Value in the Process
The Changed Value will be red, on the left is the Pointer Address

🔧 Replace the Assembly Code with Code that does Nothing 🔧

Right Click on Address Record
Select Find out what writes to this address
Press on Replace

Delete the Assembly Code and Press OK

🔍 Get the Pointer Address from the Pointer of the Value (Way 1 : easier) (level-1 pointer) 🔍

Read the Address

Check Checkbox Hex and put the Address in it
The Address to the Pointer is in this ex. 1002CBA40

🔍 Get the Pointer Address from the Pointer of the Value (Way 2 : harder) (level-1 pointer) 🔍

Select Find out what writes to this address
Press on More information

The Address to the Pointer is in this ex. 011DC7A0

🔍 Get the base Address from a multilevel pointer (level-4 pointer) 🔍

➡️ Example of a level-4 pointer ➡️

01168A78 = Address / base pointer (base ptr)

0x18 = Offset

"Tutorial-x86_64.exe" + 2CBA70 = static base address

-> = points to

01168A78 = Value = 2765

01188070 -> 1168A60 + 0x18 = 01168A78

01168A18 -> 01188070 + 0 = 01188070

011681D0 -> 1168A00 + 0x18 = 01168A18

"Tutorial-x86_64.exe" + 2CBA70 -> 11681C0 + 0x10 = 011681D0

🔍 How to find out each base pointer with its offsets until you get to the static base address 🔍

Right Click on Address Record
Select Find out what accesses this address

Calculate the Address using the Offset ex. -> (01188070 -> 1168A60 + 0x18 = 01168A78)
Calculation (hex) : (01168A78 - 18 = 01168A60 = 1168A60)
Check Checkbox Hex and put the Address in it (ex. 1168A60)
The Address to the Pointer is in this ex. 01188070
Repeat Step 1 to 5 until you get the static base Address, in this ex. "Tutorial-x86_64.exe" + 2CBA70

⚙️ Add Pointer Address manually (level-1 pointer) ⚙️

Click on Add Address Manually

Add Address, if needed with Offsets and click OK

The Result should look like this:

⚙️ Add Pointer Address manually (level-4 pointer) ⚙️

Click on Add Address Manually

Add Address, if needed with Offsets and click OK

The Result should look like this:

🛠 Code Injection 🛠

Right Click on Address Record
Select Find out what writes to this address
Press Show disassembler

Click on Tools and select Auto Assemble

Click on Template and select Code Injection

Click on OK
Comment out as an ex. //sub dword ptr [rsi+00000780],01 (value - 1)
Write as an ex. add dword ptr [rsi+00000780],01 (value + 1)

Press on Execute and then click OK and it's Done!

About

⚙️ Simple Step to Step Tutorials for Disassembling / Code Injection & getting Pointer Addresses 🔧

assembly disassembly tutorial collection reverse-engineering pointer offsets tutorials code disassembler codeinjection code-injection memory read write simple process pointer-address disassembly-notes step-tutorials

MIT License

Languages

Language:Assembly 100.0%