Wow our patches are so alike its scary hehe. I believe there is a small bug here
Code:
004AF659 74 07 JE SHORT OllyDbg.004AF662
Its jumping over a needed POP
I really like that you replacing all % with a space. Congrats!
Quote:
|
Originally Posted by goggles99
here is my version...
What do you think???
Code:
JumpGate hex+asm
0043134C E9 F3E20700 JMP OllyDbg.004AF644
pastable hex
E9 F3 E2 07 00
CodeCave hex+asm
004AF644 51 PUSH ECX
004AF645 50 PUSH EAX
004AF646 57 PUSH EDI
004AF647 8B7C24 0C MOV EDI,DWORD PTR SS:[ESP+C]
004AF64B 8B4C24 14 MOV ECX,DWORD PTR SS:[ESP+14]
004AF64F B8 25000000 MOV EAX,25
004AF654 F2:AE REPNE SCAS BYTE PTR ES:[EDI]
004AF656 83F9 00 CMP ECX,0
004AF659 74 07 JE SHORT OllyDbg.004AF662
004AF65B C647 FF 20 MOV BYTE PTR DS:[EDI-1],20
004AF65F ^EB F3 JMP SHORT OllyDbg.004AF654
004AF661 5F POP EDI
004AF662 58 POP EAX
004AF663 59 POP ECX
004AF664 83C4 10 ADD ESP,10
004AF667 3BC3 CMP EAX,EBX
004AF669 ^E9 E31CF8FF JMP OllyDbg.00431351
pastable hex
51 50 57 8B 7C 24 0C 8B 4C 24 14 B8 25 00 00 00 F2 AE 83 F9 00 74 07 C6 47 FF 20 EB F3 5F 58 59
83 C4 10 3B C3 E9 E3 1C F8 FF
|