Quote:
|
Originally Posted by britedream
my address is slightly different due to my pc setup, but codes look right , so change 55 "push ebp", to c3 " retn"
|
I am sorry, but I disagree with this advice. It seems to me that if you do this, you will corrupt the stack, as the POP EBX, POP ECX, and (most importantly) POP EBP at the end of the procedure will not be executed.
My suggestion here is to NOP two instructions:
- The PUSH at 410419
- The POP at 41041E
@Pompeyfan: As to understanding what this procedure is doing (this is just as important, if not more important, than merely fixing it), I describe this in my TweakRAM mini-tut. I also describe exactly how to fix this procedure in the mini-tut, which you claim to have read... So have you read it or not??
Regards,
Satyric0n