{"id":15654651,"url":"https://github.com/idouble/simple-disassembly-notes","last_synced_at":"2025-05-01T02:52:26.357Z","repository":{"id":130708737,"uuid":"201409724","full_name":"IDouble/Simple-Disassembly-Notes","owner":"IDouble","description":"āš™ļø Simple Step to Step Tutorials for Disassembling / Code Injection \u0026 getting Pointer Addresses šŸ”§","archived":false,"fork":false,"pushed_at":"2024-02-29T16:55:09.000Z","size":1435,"stargazers_count":46,"open_issues_count":1,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-05-01T02:52:21.435Z","etag":null,"topics":["assembly","code","code-injection","codeinjection","collection","disassembler","disassembly","disassembly-notes","memory","offsets","pointer","pointer-address","process","read","reverse-engineering","simple","step-tutorials","tutorial","tutorials","write"],"latest_commit_sha":null,"homepage":"","language":"Assembly","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/IDouble.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2019-08-09T06:55:35.000Z","updated_at":"2025-03-31T07:07:32.000Z","dependencies_parsed_at":"2024-02-25T11:27:46.471Z","dependency_job_id":"81254913-c829-4afb-bb58-4eb49a4d55fe","html_url":"https://github.com/IDouble/Simple-Disassembly-Notes","commit_stats":null,"previous_names":["idouble/simple-disassembly-notes"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IDouble%2FSimple-Disassembly-Notes","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IDouble%2FSimple-Disassembly-Notes/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IDouble%2FSimple-Disassembly-Notes/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/IDouble%2FSimple-Disassembly-Notes/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/IDouble","download_url":"https://codeload.github.com/IDouble/Simple-Disassembly-Notes/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251815443,"owners_count":21648367,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["assembly","code","code-injection","codeinjection","collection","disassembler","disassembly","disassembly-notes","memory","offsets","pointer","pointer-address","process","read","reverse-engineering","simple","step-tutorials","tutorial","tutorials","write"],"created_at":"2024-10-03T12:53:05.567Z","updated_at":"2025-05-01T02:52:26.337Z","avatar_url":"https://github.com/IDouble.png","language":"Assembly","readme":"# āš™ļø Simple Disassembly Notes šŸ”§\nāš™ļø Simple Step to Step Tutorials for Disassembling / Code Injection \u0026 getting Pointer Addresses šŸ”§\n\n## šŸ”§ Get Pointer Address from Value šŸ”§\n\n1. Set Value Type **All**\n2. Set Value (ex. (Int 32 = 4 Byte = 32 Bit) 85 or (float/double) 85.5) you search for and press **First Scan**\n\n![Get_Pointer Address_From_Value](Images/Get_Pointer_From_Value.png)\n\n3. Change Value in the Process\n4. The Changed Value will be red, on the left is the **Pointer Address**\n\n![Get_Pointer Address_From_Value](Images/Get_Pointer_From_Value_2.png)\n\n## šŸ”§ Replace the Assembly Code with Code that does Nothing šŸ”§\n\n1. Right Click on Address Record\n2. Select **Find out what writes to this address**\n3. Press on **Replace**\n\n![Replace the Assembly Code with Code that does Nothing](Images/Replace_the_Assembly_Code_with_Code_that_does_Nothing.png)\n\n4. **Delete the Assembly Code** and Press **OK**\n\n![Get the Pointer Address from the Pointer of the Value](Images/Replace_the_Assembly_Code_with_Code_that_does_Nothing_2.png)\n\n## šŸ” Get the Pointer Address from the Pointer of the Value (Way 1 : easier) (level-1 pointer) šŸ”\n\n1. Read the Address\n\n![Get the Pointer Address from the Pointer of the Value easier](Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value_easier_1.png)\n\n2. **Check Checkbox Hex** and put the Address in it\n3. The **Address** to the Pointer is in this ex. 1002CBA40\n\n![Get the Pointer Address from the Pointer of the Value easier](Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value_easier_2.png)\n\n## šŸ” Get the Pointer Address from the Pointer of the Value (Way 2 : harder) (level-1 pointer) šŸ”\n\n1. Select **Find out what writes to this address**\n2. Press on **More information**\n\n![Get the Pointer Address from the Pointer of the Value](Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value.png)\n\n3. The **Address** to the Pointer is in this ex. 011DC7A0\n\n![Get the Pointer Address from the Pointer of the Value](Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value_2.png)\n\n## šŸ” Get the base Address from a multilevel pointer (level-4 pointer) šŸ”\n\n### āž”ļø Example of a level-4 pointer āž”ļø\n\n![Get the base Address from a multilevel pointer level-4 Example](Images/Get_the_base_Address_from_a_multilevel_pointer_2.png)\n\n*01168A78* = Address / base pointer (base ptr)\n\n**0x18** = Offset\n\n***\"Tutorial-x86_64.exe\" + 2CBA70*** = static base address\n\n-\u003e = points to\n\n*01168A78* = Value = 2765\n\n*01188070* -\u003e *1168A60* + **0x18** = *01168A78*\n\n*01168A18* -\u003e *01188070* + **0** = *01188070*\n\n*011681D0* -\u003e *1168A00* + **0x18** = *01168A18*\n\n***\"Tutorial-x86_64.exe\" + 2CBA70*** -\u003e *11681C0* + **0x10** = *011681D0*\n\n![Get the base Address from a multilevel pointer level-4 Example](Images/Get_the_base_Address_from_a_multilevel_pointer_3.png)\n\n### šŸ” How to find out each base pointer with its offsets until you get to the static base address šŸ”\n\n1. Right Click on Address Record\n2. Select **Find out what accesses this address**\n\n![Get the base Address from a multilevel pointer level-4](Images/Get_the_base_Address_from_a_multilevel_pointer.png)\n\n3. Calculate the Address using the Offset ex. -\u003e (***01188070*** -\u003e **1168A60** + 0x18 = 01168A78)\u003c/br\u003e \nCalculation (hex) : (01168A78 - 18 = 01168A60 = **1168A60**)\n4. **Check Checkbox Hex** and put the Address in it (ex. **1168A60**)\n5. The **Address** to the Pointer is in this ex. ***01188070***\n6. **Repeat Step 1 to 5** until you get the static base Address, in this ex. ***\"Tutorial-x86_64.exe\" + 2CBA70***\n\n## āš™ļø Add Pointer Address manually (level-1 pointer) āš™ļø\n\n1. Click on **Add Address Manually**\n\n![Add Pointer Address manually](Images/Add_Pointer_Address_manually.png)\n\n2. Add Address, if needed with Offsets and click **OK**\n\n![Add Pointer Address manually](Images/Get_the_Pointer_Address_from_the_Pointer_of_the_Value_easier_3.png)\n\n3. The Result should look like this:\n\n![Add Pointer Address manually](Images/Add_Pointer_Address_manually_2.png)\n\n## āš™ļø Add Pointer Address manually (level-4 pointer) āš™ļø\n\n1. Click on **Add Address Manually**\n\n![Add Pointer Address manually](Images/Add_Pointer_Address_manually.png)\n\n2. Add Address, if needed with Offsets and click **OK**\n\n![Add Pointer Address manually](Images/Get_the_base_Address_from_a_multilevel_pointer_2.png)\n\n3. The Result should look like this:\n\n![Add Pointer Address manually](Images/Get_the_base_Address_from_a_multilevel_pointer_3.png)\n\n## šŸ›  Code Injection šŸ› \n\n1. Right Click on Address Record\n2. Select **Find out what writes to this address**\n3. Press **Show disassembler**\n\n![Code Injection](Images/Code_Injection.png)\n\n4. Click on **Tools** and select **Auto Assemble**\n\n![Code Injection](Images/Code_Injection_2.png)\n\n5. Click on **Template** and select **Code Injection**\n\n![Code Injection](Images/Code_Injection_3.png)\n\n6. Click on **OK**\n7. **Comment out** as an ex. //sub dword ptr [rsi+00000780],01 (value - 1)\n8. **Write** as an ex. add dword ptr [rsi+00000780],01 (value + 1)\n\n![Code Injection](Images/Code_Injection_4.png)\n\n9. Press on **Execute** and then click OK and it's Done!\n\n![Binance Ready to give crypto a try ? buy bitcoin and other cryptocurrencies on binance](Images/binance.jpg)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fidouble%2Fsimple-disassembly-notes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fidouble%2Fsimple-disassembly-notes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fidouble%2Fsimple-disassembly-notes/lists"}