├── Assembly
    ├── assembly_code_after_code_injection.asm
    └── assembly_code_before_code_injection.asm
├── Images
    ├── Add_Pointer_Address_manually.png
    ├── Add_Pointer_Address_manually_2.png
    ├── Code_Injection.png
    ├── Code_Injection_2.png
    ├── Code_Injection_3.png
    ├── Code_Injection_4.png
    ├── Code_Injection_5.png
    ├── Get_Pointer_From_Value.png
    ├── Get_Pointer_From_Value_2.png
    ├── Get_the_Pointer_Address_from_the_Pointer_of_the_Value.png
    ├── Get_the_Pointer_Address_from_the_Pointer_of_the_Value_2.png
    ├── Get_the_Pointer_Address_from_the_Pointer_of_the_Value_easier_1.png
    ├── Get_the_Pointer_Address_from_the_Pointer_of_the_Value_easier_2.png
    ├── Get_the_Pointer_Address_from_the_Pointer_of_the_Value_easier_3.png
    ├── Get_the_base_Address_from_a_multilevel_pointer.png
    ├── Get_the_base_Address_from_a_multilevel_pointer_2.png
    ├── Get_the_base_Address_from_a_multilevel_pointer_3.png
    ├── Replace_the_Assembly_Code_with_Code_that_does_Nothing.png
    ├── Replace_the_Assembly_Code_with_Code_that_does_Nothing_2.png
    └── binance.jpg
├── LICENSE
└── README.md


/Assembly/assembly_code_after_code_injection.asm:
--------------------------------------------------------------------------------
 1 | alloc(newmem,2048,"Tutorial-x86_64.exe"+2D31B) 
 2 | label(returnhere)
 3 | label(originalcode)
 4 | label(exit)
 5 | 
 6 | newmem: //this is allocated memory, you have read,write,execute access
 7 | add dword ptr [rsi+00000780],01
 8 | 
 9 | originalcode:
10 | //sub dword ptr [rsi+00000780],01
11 | 
12 | exit:
13 | jmp returnhere
14 | 
15 | "Tutorial-x86_64.exe"+2D31B:
16 | jmp newmem
17 | nop
18 | nop
19 | returnhere:
20 | 


--------------------------------------------------------------------------------
/Assembly/assembly_code_before_code_injection.asm:
--------------------------------------------------------------------------------
 1 | alloc(newmem,2048,"Tutorial-x86_64.exe"+2D31B) 
 2 | label(returnhere)
 3 | label(originalcode)
 4 | label(exit)
 5 | 
 6 | newmem: //this is allocated memory, you have read,write,execute access
 7 | //place your code here
 8 | 
 9 | originalcode:
10 | sub dword ptr [rsi+00000780],01
11 | 
12 | exit:
13 | jmp returnhere
14 | 
15 | "Tutorial-x86_64.exe"+2D31B:
16 | jmp newmem
17 | nop
18 | nop
19 | returnhere:
20 | 


--------------------------------------------------------------------------------
/Images/Add_Pointer_Address_manually.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Add_Pointer_Address_manually.png


--------------------------------------------------------------------------------
/Images/Add_Pointer_Address_manually_2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Add_Pointer_Address_manually_2.png


--------------------------------------------------------------------------------
/Images/Code_Injection.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Code_Injection.png


--------------------------------------------------------------------------------
/Images/Code_Injection_2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Code_Injection_2.png


--------------------------------------------------------------------------------
/Images/Code_Injection_3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Code_Injection_3.png


--------------------------------------------------------------------------------
/Images/Code_Injection_4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Code_Injection_4.png


--------------------------------------------------------------------------------
/Images/Code_Injection_5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Code_Injection_5.png


--------------------------------------------------------------------------------
/Images/Get_Pointer_From_Value.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Get_Pointer_From_Value.png


--------------------------------------------------------------------------------
/Images/Get_Pointer_From_Value_2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Get_Pointer_From_Value_2.png


--------------------------------------------------------------------------------
/Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value.png


--------------------------------------------------------------------------------
/Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value_2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value_2.png


--------------------------------------------------------------------------------
/Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value_easier_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value_easier_1.png


--------------------------------------------------------------------------------
/Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value_easier_2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value_easier_2.png


--------------------------------------------------------------------------------
/Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value_easier_3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value_easier_3.png


--------------------------------------------------------------------------------
/Images/Get_the_base_Address_from_a_multilevel_pointer.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Get_the_base_Address_from_a_multilevel_pointer.png


--------------------------------------------------------------------------------
/Images/Get_the_base_Address_from_a_multilevel_pointer_2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Get_the_base_Address_from_a_multilevel_pointer_2.png


--------------------------------------------------------------------------------
/Images/Get_the_base_Address_from_a_multilevel_pointer_3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Get_the_base_Address_from_a_multilevel_pointer_3.png


--------------------------------------------------------------------------------
/Images/Replace_the_Assembly_Code_with_Code_that_does_Nothing.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Replace_the_Assembly_Code_with_Code_that_does_Nothing.png


--------------------------------------------------------------------------------
/Images/Replace_the_Assembly_Code_with_Code_that_does_Nothing_2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/Replace_the_Assembly_Code_with_Code_that_does_Nothing_2.png


--------------------------------------------------------------------------------
/Images/binance.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/IDouble/Simple-Disassembly-Notes/5346543a8e968eb705832b1566b3bb607def77c2/Images/binance.jpg


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2019 Alpay Yildirim
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # ⚙️ Simple Disassembly Notes 🔧
  2 | ⚙️ Simple Step to Step Tutorials for Disassembling / Code Injection & getting Pointer Addresses 🔧
  3 | 
  4 | ## 🔧 Get Pointer Address from Value 🔧
  5 | 
  6 | 1. Set Value Type **All**
  7 | 2. Set Value (ex. (Int 32 = 4 Byte = 32 Bit) 85 or (float/double) 85.5) you search for and press **First Scan**
  8 | 
  9 | ![Get_Pointer Address_From_Value](Images/Get_Pointer_From_Value.png)
 10 | 
 11 | 3. Change Value in the Process
 12 | 4. The Changed Value will be red, on the left is the **Pointer Address**
 13 | 
 14 | ![Get_Pointer Address_From_Value](Images/Get_Pointer_From_Value_2.png)
 15 | 
 16 | ## 🔧 Replace the Assembly Code with Code that does Nothing  🔧
 17 | 
 18 | 1. Right Click on Address Record
 19 | 2. Select **Find out what writes to this address**
 20 | 3. Press on **Replace**
 21 | 
 22 | ![Replace the Assembly Code with Code that does Nothing](Images/Replace_the_Assembly_Code_with_Code_that_does_Nothing.png)
 23 | 
 24 | 4. **Delete the Assembly Code** and Press **OK**
 25 | 
 26 | ![Get the Pointer Address from the Pointer of the Value](Images/Replace_the_Assembly_Code_with_Code_that_does_Nothing_2.png)
 27 | 
 28 | ## 🔍 Get the Pointer Address from the Pointer of the Value (Way 1 : easier) (level-1 pointer) 🔍
 29 | 
 30 | 1. Read the Address
 31 | 
 32 | ![Get the Pointer Address from the Pointer of the Value easier](Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value_easier_1.png)
 33 | 
 34 | 2. **Check Checkbox Hex** and put the Address in it
 35 | 3. The **Address** to the Pointer is in this ex. 1002CBA40
 36 | 
 37 | ![Get the Pointer Address from the Pointer of the Value easier](Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value_easier_2.png)
 38 | 
 39 | ## 🔍 Get the Pointer Address from the Pointer of the Value (Way 2 : harder) (level-1 pointer) 🔍
 40 | 
 41 | 1. Select **Find out what writes to this address**
 42 | 2. Press on **More information**
 43 | 
 44 | ![Get the Pointer Address from the Pointer of the Value](Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value.png)
 45 | 
 46 | 3. The **Address** to the Pointer is in this ex. 011DC7A0
 47 | 
 48 | ![Get the Pointer Address from the Pointer of the Value](Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value_2.png)
 49 | 
 50 | ## 🔍 Get the base Address from a multilevel pointer (level-4 pointer) 🔍
 51 | 
 52 | ### ➡️ Example of a level-4 pointer ➡️
 53 | 
 54 | ![Get the base Address from a multilevel pointer level-4 Example](Images/Get_the_base_Address_from_a_multilevel_pointer_2.png)
 55 | 
 56 | *01168A78* = Address / base pointer (base ptr)
 57 | 
 58 | **0x18** = Offset
 59 | 
 60 | ***"Tutorial-x86_64.exe" + 2CBA70*** = static base address
 61 | 
 62 | -> = points to
 63 | 
 64 | *01168A78* = Value = 2765
 65 | 
 66 | *01188070* -> *1168A60* + **0x18** = *01168A78*
 67 | 
 68 | *01168A18* -> *01188070* + **0** = *01188070*
 69 | 
 70 | *011681D0* -> *1168A00* + **0x18** = *01168A18*
 71 | 
 72 | ***"Tutorial-x86_64.exe" + 2CBA70*** -> *11681C0* + **0x10** = *011681D0*
 73 | 
 74 | ![Get the base Address from a multilevel pointer level-4 Example](Images/Get_the_base_Address_from_a_multilevel_pointer_3.png)
 75 | 
 76 | ### 🔍 How to find out each base pointer with its offsets until you get to the static base address 🔍
 77 | 
 78 | 1. Right Click on Address Record
 79 | 2. Select **Find out what accesses this address**
 80 | 
 81 | ![Get the base Address from a multilevel pointer level-4](Images/Get_the_base_Address_from_a_multilevel_pointer.png)
 82 | 
 83 | 3. Calculate the Address using the Offset ex. -> (***01188070*** -> **1168A60** + 0x18 = 01168A78)</br> 
 84 | Calculation (hex) : (01168A78 - 18 = 01168A60 = **1168A60**)
 85 | 4. **Check Checkbox Hex** and put the Address in it (ex. **1168A60**)
 86 | 5. The **Address** to the Pointer is in this ex. ***01188070***
 87 | 6. **Repeat Step 1 to 5** until you get the static base Address, in this ex. ***"Tutorial-x86_64.exe" + 2CBA70***
 88 | 
 89 | ## ⚙️ Add Pointer Address manually (level-1 pointer) ⚙️
 90 | 
 91 | 1. Click on **Add Address Manually**
 92 | 
 93 | ![Add Pointer Address manually](Images/Add_Pointer_Address_manually.png)
 94 | 
 95 | 2. Add Address, if needed with Offsets and click **OK**
 96 | 
 97 | ![Add Pointer Address manually](Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value_easier_3.png)
 98 | 
 99 | 3. The Result should look like this:
100 | 
101 | ![Add Pointer Address manually](Images/Add_Pointer_Address_manually_2.png)
102 | 
103 | ## ⚙️ Add Pointer Address manually (level-4 pointer) ⚙️
104 | 
105 | 1. Click on **Add Address Manually**
106 | 
107 | ![Add Pointer Address manually](Images/Add_Pointer_Address_manually.png)
108 | 
109 | 2. Add Address, if needed with Offsets and click **OK**
110 | 
111 | ![Add Pointer Address manually](Images/Get_the_base_Address_from_a_multilevel_pointer_2.png)
112 | 
113 | 3. The Result should look like this:
114 | 
115 | ![Add Pointer Address manually](Images/Get_the_base_Address_from_a_multilevel_pointer_3.png)
116 | 
117 | ## 🛠 Code Injection 🛠
118 | 
119 | 1. Right Click on Address Record
120 | 2. Select **Find out what writes to this address**
121 | 3. Press **Show disassembler**
122 | 
123 | ![Code Injection](Images/Code_Injection.png)
124 | 
125 | 4. Click on **Tools** and select **Auto Assemble**
126 | 
127 | ![Code Injection](Images/Code_Injection_2.png)
128 | 
129 | 5. Click on **Template** and select **Code Injection**
130 | 
131 | ![Code Injection](Images/Code_Injection_3.png)
132 | 
133 | 6. Click on **OK**
134 | 7. **Comment out** as an ex. //sub dword ptr [rsi+00000780],01 (value - 1)
135 | 8. **Write** as an ex. add dword ptr [rsi+00000780],01 (value + 1)
136 | 
137 | ![Code Injection](Images/Code_Injection_4.png)
138 | 
139 | 9. Press on **Execute** and then click OK and it's Done!
140 | 
141 | ![Binance Ready to give crypto a try ? buy bitcoin and other cryptocurrencies on binance](Images/binance.jpg)
142 | 


--------------------------------------------------------------------------------