Harold, your
I prefer __asm to memcpy.
Basic example of __asm:
Code:
__asm mov dword ptr ds:[0x12346578],90909090h; // This would change the bytes at 0x12345678 to 90909090 (four nops)
__asm mov word ptr ds:[0x12345678],9090h //This would be two nops... Note that when you are writing two bytes, you change it to word
Doing the same thing with Harolds MemCpy:
Code:
MemCpy((void*)0x12345678,"****90****90",4); // Writes 4 nops
MemCpy((void*)0x12345678,"****90",2); // Writes 2 nops
Notes:
__asm will rarely (if ever) be detected.
memcpy/MemCpy requires API calls which are often detected.
With __asm, if you want a more easily read way of editing the bytes, you can use 0x9090 but, when using that, you will beed to reverse all the bytes. That means that to do the "ghetto hack shield bypass", you would have to do it like this:
Code:
mov dword ptr ds:[0x00505D3A],0xBA75; // oh lawds, did I just tell people how to put the bypass in a DLL?
If I have made a mistake, please point it out because, this was written off the top of my head (I was too lazy to start MSVS up...)
EDIT: (Fixed some typo's)
Just remembered, you can use __asm AND MemCpy...
Code:
void __declspec(naked) Two_Nops() {
__asm {
nop
nop
}
}
/* ... */
MemCpy((void*)0x12345678,TwoNops,2);