I need a tutorial on bypassing ASLR/DEP in either Assembly (any type of asm), C or C++..
Anyone got any?
Reason:
Injecting anything into the RSClient on Windows 8 is impossible without bypassing ASLR. Not just RS but injecting into any process on Windows 8 is impossible without bypassing it :S..
I tried the following and it prints:

However it is NOT successful.. It returns all the wrong addresses so there is no way for me to actually know where to load stuff because nothing returns NULL or 0.. The ONLY process I seem to be able to inject into or debug (randomly works sometimes for some reason) is Notepad. -__-
After googling it seems to be because of Microsoft! http://www.insanitybit.com/2012/11/0...he-next-level/
I tried hackforums, google, stackoverflow.. No good tutorials on bypassing ASLR. All they keep telling me is "It's extremly hard on 64-bit.." Any ideas or links?
My code:
C++ Code:
#include <winsock2.h>#include <windows.h>#include <ws2tcpip.h>#include "Defines.hpp"#include "Strings.hpp"#include "System.hpp"using namespace std
;bool Inject
(std
::string File
, std
::string Process
){ if (IsProcessRunning
(Process.
c_str())) { HANDLE ProcessHandle
= nullptr
; char FilePath
[MAX_PATH
+ 1] = {0}; void* LoadLibraryHandle
= nullptr
, *RemoteAddress
= nullptr
; PrintProcessInfo
(Process.
c_str()); PROCESSENTRY32 ProcessInfo
= GetProcessInfo
(Process.
c_str()); _snprintf
(FilePath
, MAX_PATH
, File.
c_str()); if ((ProcessHandle
= OpenProcess
(PROCESS_ALL_ACCESS
, false, ProcessInfo.
th32ProcessID))) { ErrorMessage
(GetLastError
()); LoadLibraryHandle
= reinterpret_cast
<void*>(GetProcAddress
(GetModuleHandle
("kernel32.dll"), "LoadLibraryA")); std
::cout<<"LoadLibraryHandle: "<<LoadLibraryHandle
<<std
::endl; ErrorMessage
(GetLastError
()); RemoteAddress
= VirtualAllocEx
(ProcessHandle
, nullptr
, strlen(FilePath
), MEM_RESERVE
| MEM_COMMIT
, PAGE_READWRITE
); std
::cout<<"RemoteAddress: "<<RemoteAddress
<<std
::endl; ErrorMessage
(GetLastError
()); WriteProcessMemory
(ProcessHandle
, reinterpret_cast
<void*>(RemoteAddress
), FilePath
, strlen(FilePath
), nullptr
); ErrorMessage
(GetLastError
()); std
::cout<<"Remote Thread: "<<CreateRemoteThread
(ProcessHandle
, nullptr
, 0, reinterpret_cast
<LPTHREAD_START_ROUTINE
>(LoadLibraryHandle
), reinterpret_cast
<void*>(RemoteAddress
), 0, nullptr
); std
::cout<<std
::endl; ErrorMessage
(GetLastError
()); CloseHandle
(ProcessHandle
); return true; } } return false;}int main
(int argc
, char* argv
[]){ if (!Inject
("C:/Users/Brandon/Desktop/DontWorry;).dll", "JagexLauncher.exe")) { std
::cout<<"Injection Failed"<<std
::endl; ErrorMessage
(GetLastError
()); std
::cout<<std
::endl; std
::cin.
get(); return 0; } std
::cout<<"Injection Successful"<<std
::endl; std
::cin.
get(); return 0;}