[Help] How to use ASM in-process

[teufel123]

Tried searching but found nothing...
I'm running my C# hack trough CLR hosting and I want to be able to execute ASM like I did with blackmagic.
Do I still have to use BM if im inprocess or is there an easier way?

[Bananenbrot]

Why would you want to use asm injection when you are injected?
You can just GetDelegateForFunctionPointer Method .

[teufel123]

No, you missunderstood me. I want to be able to use asm like in c++ in a C#y way

Code:

 	_asm {
 		 mov eax, dword ptr ds:[esp+8]
 		 ...
 	}

I was able to to this in strings and then inject with BM but i want to know if there is an easier method without external libaries if im in-process

[streppel]

he answered exactly that
you are IN-Process,in wows adress space,where you can just create a new integer and pass that to a method you got via a pointer with GetDelegateForFunctionPointer

[teufel123]

aw no... I want to be able to do something like this. I would be able to do this as a string with BM.

Code:

	__asm
	{
		MOV EDI,iWeaponID;
		MOV EAX,EDI;
		AND EAX,0xFF;
		ADD EAX,EAX;
		MOV ECX,0xA00D94[EAX+EAX];
		MOV dwShaderName,ECX;
	}

[sitnspinlock]

lol managed ;p

use masm unpack the bytes somewhere, unset NX

[lanman92]

If you really need access that fine, you could probably use unsafe pointers from C#. It'll be slightly slower, but you can do the same thing as you would with raw assembly.

[MaiN]

lol managed ;p

use masm unpack the bytes somewhere, unset NX

I assume you mean unset NX on the page (ie. give it PAGE_EXECUTE*), not actually disabling DEP?

If you really need access that fine, you could probably use unsafe pointers from C#. It'll be slightly slower, but you can do the same thing as you would with raw assembly.

I don't think using pointers in C# is any slower than using them from C or ASM? Is there really any overhead (That is, overhead of using them, not other overhead like GC)?

[Bananenbrot]

aw no... I want to be able to do something like this. I would be able to do this as a string with BM.

Code:

    __asm
    {
        MOV EDI,iWeaponID;
        MOV EAX,EDI;
        AND EAX,0xFF;
        ADD EAX,EAX;
        MOV ECX,0xA00D94[EAX+EAX];
        MOV dwShaderName,ECX;
    }

Code:

...
int arrayOffset = (iWeaponId & 0xFF) * 4;
int shaderName = Memory.Read<int>(new IntPtr(0xa00d94) + arrayOffset); // should dwShaderName actually be pszShaderName? Else name it dwShaderId or sth...
...

Often you stuff is already present in an function internal to WoW in which case you use GetDelegateForFunctionPointer.

[teufel123]

That peace of code wasnt Wow related but I found a solution. I didn't know that fasm had a function ( fasm.Assemble() ) which would return the byte-codeof a sent asm string. I'll call the byte-code after it hase been allocated with a delegate.

[namreeb]

I don't think using pointers in C# is any slower than using them from C or ASM? Is there really any overhead (That is, overhead of using them, not other overhead like GC)?

I don't think so. IntPtr is a value type. You can't get much simpler than that. As for GC, that is in a separate thread anyways (one which is usually mostly idle), so even that shouldn't add any significant overhead.

[MaiN]

I don't think so. IntPtr is a value type. You can't get much simpler than that. As for GC, that is in a separate thread anyways (one which is usually mostly idle), so even that shouldn't add any significant overhead.

Yes, but depending on the GC type all other threads are suspended while the GC thread does its work. But yeah, that's what I thought (and I actually checked the ASM generated by the JIT'ter when using IntPtr's once - there are no remnants of the actual usage of IntPtr!).

[namreeb]

For me I remember that when you export an IntPtr via C++/CLI it'll show up in C# as a ValueType, rather than IntPtr, or some such thing.