09-04-2012, 03:25 PM
I suggest using 2 tutorials for learning assembly as they are the best detailed. Also always jump to your code cave and push the library onto the stack as soon as possible. Especially for important library's like anticheat. 2 is an example for loading a library with the client.
By the way there it doesnt push the library into the stack it pushes all the registry into the stack, for later use(if you know the registrys that will change will not be necessary, you can do it without pushing the registry inyo the stack).
but why did you make the Application to crash, if it does not load the dll.
00407B52 >/$ 55 PUSH EBP ;//save the base pointer
00407B53 |. 8BEC MOV EBP,ESP ;//make esp as the new base pointer
00407B55 |. 6A FF PUSH -1 ;// -1
00408550 60 PUSHAD ;save registry onto the stack
00408551 68 71854000 PUSH Nksp.00408571 ; ASCII "hook.dll"
00408556 FF15 30C74000 CALL DWORD PTR DS:[<&KERNEL32.LoadLibraryA>] ; kernel32.LoadLibraryA
0040855C 83F8 00 CMP EAX,0 ;if it didn't load the DLL
0040855F 0F84 9B7ABFFF JE 00000000 ; crash the application
00408565 61 POPAD ;Load the regystry back from the stack
00408566 55 PUSH EBP ;why would you need to save EBP again into the stack
00408567 8BEC MOV EBP,ESP ; new base pointer (I think your starting a new function here)
00408569 6A FF PUSH -1 ;save -1 into the stack
0040856B ^E9 E7F5FFFF JMP Nksp.00407B57 ; jump somewhere
There are so many problems here, first is that your starting a new function(like CALL XXXX) but at the end it shows its just a JMP, second problem you made the application crash where you could just save the handle somewhere and continue with the program(checked later if it loaded or not), third problem it it was a CALL XXXX instead of starting a new function you could just simply ended the function and instead of JMP you could use RETN.
Or simply use JMP code section, then save Registry, Load DLL, Save Handle, recover Registry, continue with the program.