What I am doing is injecting a DLL into a running process. I then proceed to check some informations about that process, such as versions etc. My problem is I cannot seem to access a string in the assembly file, that contains the revision number I want to doublecheck. Here is what I have so far:
__declspec(naked) void CheckBuild()
{
char* revision;
__asm {
sub esp, __LOCAL_SIZE
pushad
pushfd
mov revision, dword ptr 0x5F5200
}
printf("Detected revision ID: %u\n", revision);
__asm {
popfd
popad
add esp, __LOCAL_SIZE
retn
}
}
For this training stuff, the address of the string, that I get through IDA and that I checked using CheatEngine and OllyDbg, is constant.
However, no matter what I try, I always get 0x5F5200 back in decimal, which is definitely not what I expect. I almost tried everything, including lea and others, but I still don’t get the valid string.
Can anyone point me to the correct direction ?
you are missing the “dereferencing”:
mov revision, dword ptr [0x5F5200]which isn’t a valid instruction since it has two indirects, so
if the value is indeed a string, there’s something else wrong:
printf("Detected revision ID: %s\n", 0x5F5200)printf("Detected revision ID: %s\n", revision)String format
If the string is unicode, you would use
(note that with wprintf, it’s the other way ’round: %s for a wide character string, and %s for a char string).
Finally, if the string is not guaranteed to be zero-terminated but has a fixed length, you need to copy from the address to a local buffer and ensure zero termination before the print.