In an asm code,for injection, i found something like


AppendedStr db ' Some String to be used inside proggie:)"',0
NewMsgTitle db 100 + (lbl2 - lbl1) dup(0) ;buf = 100 + Len(AppendedStr) + 1inject_code_start:


And in the code these strings are used like below,

mov eax,[ ebp + pLstrcat ] ;eax -> lstrcat API function's address

lea ebx,[ ebp + AppendedStr ] ;ebx -> the string we wanna append
lea ecx,[ ebp + NewMsgTitle ] ;ecx -> the buffer

push ebx ;arg 2
push ecx ;arg 1
call eax ;lstrcat API is called

Doubt is...why the string is used like it.?
What's the Magic of that labels.(lbl1 & lbl2)?.
Please, clarify the theory behind it?.
Posted on 2003-11-09 00:15:50 by zakham
labels are calcuated as RVA of a PE file. With that in mind, that's how your code works. (Too lazy to explain it in details) Hope you do not get into trouble with the rules of the forum.
Posted on 2003-11-09 00:40:28 by roticv