First of all, why using inline asm?
It's faster, and you can actually see what you're doing
I understand that some of you don't have the least intention of learning asm
That's why I'm posing this code, since this is an improvement over the memcpy() api
The function:
Note: The only thing you have to do is supplying the address and how many bytes you want to patch (gg)
Usage:Code:int NopPatch(LPVOID address, int gg){ { __declspec( naked ); __asm{ push eax push esi mov eax, address xor esi, esi nopp: mov [eax], 0x90 add eax, 1d add esi, 1d cmp esi, gg jnz nopp pop esi pop eax } } return 0; }
The address used, is one of 5 no-recoil addresses
If you chose to use my code, please give proper credits for itCode:NopPatch((LPVOID)0x3745FCE0, 3);
Thank you, and happy hacking
-SCHiM
I'm SCHiM
Morals derive from the instinct to survive. Moral behavior is survival behavior above the individual level.
Polymorphic engine
Interprocess callback class
SIN
Infinite-precision arithmetic
Hooking dynamic linkage
(sloppy)Kernel mode Disassembler!!!
Semi debugger
nice schim, but what if you want to set it back to original
I'm SCHiM
Morals derive from the instinct to survive. Moral behavior is survival behavior above the individual level.
Polymorphic engine
Interprocess callback class
SIN
Infinite-precision arithmetic
Hooking dynamic linkage
(sloppy)Kernel mode Disassembler!!!
Semi debugger
I'm SCHiM
Morals derive from the instinct to survive. Moral behavior is survival behavior above the individual level.
Polymorphic engine
Interprocess callback class
SIN
Infinite-precision arithmetic
Hooking dynamic linkage
(sloppy)Kernel mode Disassembler!!!
Semi debugger
omg why i dnt understand asm xD
Good idea man Like it
it's nop to /x90 /x90 but the Glass wall want /x01
and we can't back it for the Main Bytes
just if we used the Old one to back and this way to Nop it
Sarcasm?
I acctually made a complete hack in asm just now
ps: You have one hell of a scary avatar :O
Yea but that wouldn't be nopping*, that's changing valuesGood idea man Like it
it's nop to /x90 /x90 but the Glass wall want /x01
and we can't back it for the Main Bytes
just if we used the Old one to back and this way to Nop it
I might add that though
*nopping or nop stands for the machine no-operation op-code (operating code...)
if the processor encounters a nop (0x90 or 90h) it knows that it doesn't have to do anything, and just changes the eip to the next command (it goes to the next opcode, and sees what it has to do next)
I don't know, maybe you should learn itomg why i dnt understand asm xD
It's really easy actually, once you understand sizes and hex, this isn't much of a deal
Last edited by .::SCHiM::.; 10-25-2010 at 10:00 AM.
I'm SCHiM
Morals derive from the instinct to survive. Moral behavior is survival behavior above the individual level.
Polymorphic engine
Interprocess callback class
SIN
Infinite-precision arithmetic
Hooking dynamic linkage
(sloppy)Kernel mode Disassembler!!!
Semi debugger
You could just use it this way:
If this is not correct : SCHIM please correct meCode:int NopPatch(LPVOID address, int gg, int value){ { __declspec( naked ); __asm{ push eax push esi mov eax, address xor esi, esi nopp: mov [eax], value add eax, 1d add esi, 1d cmp esi, gg jnz nopp pop esi pop eax } } return 0; }
_____________________________________________
READING TUTORIAL:
1. READ MY POST
2. THINK ABOUT MY POST
3. PRESS THANKS
4. MAYBE CORRECT MY POSTS :P
Dijkstra:
"Computer Science is no more about computers than astronomy is about
telescopes."
THANKS BUTTON RIGHT DOWN --->
Hmm, Maybe you could, but there is an error (altough I'm not sure. I cannot test it now, since some of my current programs are eating cpu time like it's pizza)
1. The value you're going to expect is only 1 byte long, well it would be 4 bytes long, but you're only going to write 1 byte, which is useless since most on/off features require the full 3 or 6 bytes
It would probably (not sure again)
work like this:
I don't think it'll work, but you can tryCode:int NopPatch(LPVOID address, int gg, char* value){ { __declspec( naked ); __asm{ push eax push esi push edx mov eax, address mov edx, [value] xor esi, esi nopp: mov [eax], [value + esi] add eax, 1d add esi, 1d cmp esi, gg jnz nopp pop esi pop eax } }
I'm SCHiM
Morals derive from the instinct to survive. Moral behavior is survival behavior above the individual level.
Polymorphic engine
Interprocess callback class
SIN
Infinite-precision arithmetic
Hooking dynamic linkage
(sloppy)Kernel mode Disassembler!!!
Semi debugger
hmm OK xD
But when you say MOV expects a 1Byte value I would like to advice you not to use a char*
but instead a BYTE* cuz sometimes a char is 2Bytes (UNICODE)
But please notice that I don't want to flame you but it is meant as constructive critic
_____________________________________________
READING TUTORIAL:
1. READ MY POST
2. THINK ABOUT MY POST
3. PRESS THANKS
4. MAYBE CORRECT MY POSTS :P
Dijkstra:
"Computer Science is no more about computers than astronomy is about
telescopes."
THANKS BUTTON RIGHT DOWN --->
Mov doesn't expect one byte
But a sole integer only holds one value (ranging from -2147483648 to 2147483648 or from 0 to 42944967295)
And an ansi char is always one byte big:
Note: char as it should be
type: char
size(bytes): 1
range of values: -128 to 127
Add that to the fact that a character is acctualy a byte for the machine
And I see no reason not to use a char
Your turn
Last edited by .::SCHiM::.; 10-27-2010 at 01:39 PM.
I'm SCHiM
Morals derive from the instinct to survive. Moral behavior is survival behavior above the individual level.
Polymorphic engine
Interprocess callback class
SIN
Infinite-precision arithmetic
Hooking dynamic linkage
(sloppy)Kernel mode Disassembler!!!
Semi debugger
if you want it work i don't think ! maybe you should do
Code:int NopPatch(LPVOID address, char* value ,int gg){ { __declspec( naked ); __asm{ push eax push esi push edx mov eax, address mov edx, [value] xor esi, esi nopp: mov [eax], value add eax, 1d add esi, 1d cmp esi, gg jnz nopp pop esi pop eax } }