How to read text from a eax

i make hook by c++ to copy string from eax

0F881E5 | A3 B84C8B0F | mov dword ptr ds:[<void *__ChatMsg>],eax

xdb64

1
2

dword ptr ds:[0F8B4CB8 &L"xarafa"]=0018E98C L"xarafa"
How to print this text [xarafa]

My Code

#include <Windows.h>
#include <iostream>
#include <string>
#include <TCHAR.H>
#include <fstream>
#include <vector>
 
 
 
using namespace std;
#pragma comment( lib, "psapi.lib" )
 
Memory memory;
DWORD jmpBackAddy;
 
 
//const wchar_t *__ChatMsg = L"A";
LPVOID __ChatMsg ;
 
 
 
bool Hook(void * toHook, void * ourFunct, int len)
{
	if (len < 5)
	{
		return false;
	}
	else
	{
 
	}
 
	DWORD curProtection;
	VirtualProtect(toHook, len, PAGE_EXECUTE_READWRITE, &curProtection);
 
	memset(toHook, 0x90, len);
 
	DWORD relativeAddress = ((DWORD)ourFunct - (DWORD)toHook) - 5;
 
	*(BYTE*)toHook = 0xE9;
	*(DWORD*)((DWORD)toHook + 1) = relativeAddress; // <-- I DID NOT UNDERSTAND THIS
 
	DWORD temp;
	VirtualProtect(toHook, len, curProtection, &temp);
 
	return true;
}
//
 
 
 
//
void __declspec(naked) ourFunct()
{
 
	
	__asm
	{
 
		 mov eax, dword ptr ss : [ebp + 0x10]
	
		 mov __ChatMsg,eax
		 lea ecx, dword ptr ss : [ebp - 0x74] 
		 jmp jmpBackAddy
	}
 
 
 
}
 
 
 
 
 
DWORD WINAPI MainThread(LPVOID param)
{
 
 
	int hookLength = 6;//5 for jump + 3 remaining
	DWORD hookAddress = 0x00AE4A99; // it's right
	jmpBackAddy = hookAddress + hookLength;
	Hook((void*)hookAddress, ourFunct, hookLength);
 
 
	
	//-------------------------------------------//
	AllocConsole();
	FILE* f;
	freopen_s(&f, "CONOUT$", "w", stdout);
		//end console
 
	while (true) {
 
 
		if (GetAsyncKeyState(VK_ESCAPE)) {
 
			
 
			cout << __ChatMsg << endl;
		
 
		
 
		}
 
			Sleep(10);
		
 
	}
	 fclose(f);
	 FreeConsole();
	FreeLibraryAndExitThread((HMODULE)param, 0);
 
 
 
	return false;
 
 
	//endconsole
 
 
 
 
 
}
 
 
 
BOOL WINAPI DllMain(HINSTANCE hModule, DWORD dwReason, LPVOID lpReserved) {
	switch (dwReason) {
	case DLL_PROCESS_ATTACH:
 
		CreateThread(0, 0, MainThread, hModule, 0, 0);
		break;
	}
 
	return TRUE;
}

Last edited on

jonnin (11333)

*(DWORD*)((DWORD)toHook + 1) = relativeAddress; // <-- I DID NOT UNDERSTAND THIS

that says
dereference the pointer
that has been cast to a dword pointer
from the address of tohook+1 (tohook[1]) (where 1 means sizeof(dword) in bytes)

and finally at that dereferenced value, assign it relative address.

--------
not sure what you want but generally if you have a "string" in a register, its going to be the address of the first location of a C style string. This is a weird mashup of windows specific gibberish & assembly, and its a bit much for my brain today to tell you what else to do if simply casting out the pointer in eax back to a char* and seeing if it is what you want does not work.

Hawlong (120)

Thanks for replay ,
*(DWORD*)((DWORD)toHook + 1) = relativeAddress
i understand this code thanks so much.

i have a string in a register , all i need copy the string from register to value , But I don't know how to do it by c++ .

jonnin (11333)

c++ does not talk to registers directly. you have to use embedded assembly, which varies from compiler to compiler and system to system, to get at it.
assuming its a pointer, you need something like
char *cp;
__asm
{
mov cp, EAX;
}
string s{cp}; //optional convert c-string to c++ string

if its a short string and the actual letters are in the register, the easiest thing to do is copy the register into an integer and cast the integer to a char* in c++

Last edited on

Hawlong (120)

Thanks for answer jonnin ,
When printing, strange letters appear, knowing that the word is "hi"

ب┐(

#include <Windows.h>
#include <iostream>
#include <string>
#include <TCHAR.H>
#include "Header.h";
#include <fstream>
#include <vector>



using namespace std;
#pragma comment( lib, "psapi.lib" )

Memory memory;
DWORD jmpBackAddy;




char *__ChatMsg;



bool Hook(void * toHook, void * ourFunct, int len)
{
	if (len < 5)
	{
		return false;
	}
	else
	{

	}

	DWORD curProtection;
	VirtualProtect(toHook, len, PAGE_EXECUTE_READWRITE, &curProtection);

	memset(toHook, 0x90, len);

	DWORD relativeAddress = ((DWORD)ourFunct - (DWORD)toHook) - 5;

	*(BYTE*)toHook = 0xE9;
	*(DWORD*)((DWORD)toHook + 1) = relativeAddress; 

	DWORD temp;
	VirtualProtect(toHook, len, curProtection, &temp);

	return true;
}
//



//
void __declspec(naked) ourFunct()
{

	
	__asm
	{

		 mov eax, dword ptr ss : [ebp + 0x10]
		 mov __ChatMsg,eax
		 lea ecx, dword ptr ss : [ebp - 0x74] 
		 jmp jmpBackAddy
	}



}





DWORD WINAPI MainThread(LPVOID param)
{


	int hookLength = 6;//5 for jump + 3 remaining
	DWORD hookAddress = 0x00AE4A99; // it's right
	jmpBackAddy = hookAddress + hookLength;
	Hook((void*)hookAddress, ourFunct, hookLength);


	
	//-------------------------------------------//
	AllocConsole();
	FILE* f;
	freopen_s(&f, "CONOUT$", "w", stdout);
		//end console

	while (true) {


		if (GetAsyncKeyState(VK_ESCAPE)) {



			string myCppString = __ChatMsg;
			string s{ __ChatMsg };
			cout << __ChatMsg << endl;
			cout << s << endl;


		}

			Sleep(10);
		

	}
	 fclose(f);
	 FreeConsole();
	FreeLibraryAndExitThread((HMODULE)param, 0);



	return false;


	//endconsole





}



BOOL WINAPI DllMain(HINSTANCE hModule, DWORD dwReason, LPVOID lpReserved) {
	switch (dwReason) {
	case DLL_PROCESS_ATTACH:

		CreateThread(0, 0, MainThread, hModule, 0, 0);
		break;
	}

	return TRUE;
}

Topic archived. No new replies allowed.

How to read text from a eax

C++

Forum