How to find address bytes

[Chuck Norris]

Which we call Nopping..

And notice, those off bytes change every time!..

[Cediquer]

Thanks im saying it because i dont see the thanks button WTF???!!!!

oh and wat button to use to search the bytes? cuz i know how to NOP but idk how to search it

[Chuck Norris]

To be honest i've got no clue in ollydbg..
In ida just click on the address, then switch to the byte window(its called hex view-b i thought).. and the bytes are highlighted..

[Cediquer]

Heh i opened edit and then a hex thingy comes up but it says 90 90 90

[Chuck Norris]

cant be.. msg2short

[Cediquer]

but wat if i just add..... \x90\x90\x90

[Chuck Norris]

you dont have to add anything

Just Replace original bytes with 3x NOP = 0x90 on the addres you provided.

WriteAsm((void*)0x3738B890, (PBYTE)"\x90\x90\x90", 3); does the trick..(ON)
WriteASM((void*)0x3738B890, (PBYTE)"\xD8\x66\x58", 3); (OFF)

You provided the off bytes, make sure these are up2date..

[Cediquer]

KK thanx mate Thanks + REPPED you

@AVGN
@Disturbed
@Dave84311

/Request Close

Problems solved

[FailHacker]

doesn't rapid fire also use \x90

[Cediquer]

Don't all of them use x90?

[FailHacker]

nope! were you even paying attention to him?

[Cediquer]

Eeep!!! lol so where can i find the ON addresses?

[[MPGH]master131]

Because he is facepalming like I am and has to spoonfeed some peple.

[FailHacker]

https://www.mpgh.net/forum/334-coding...ot-me-now.html

[Chuck Norris]

There is no such thing as an ON adres.. You use one adress for both on and off..

What you basically do, is modify memory.. So when you switch it ON, you modify it.
When you switch it off, you replace it with the original piece of code..

So the modifying part is 3 x 0x90.. which just does NOTHING at all.

The part were everything gets replaced with original is with your original bytes... (this is off, hence off bytes)..