#1
|
|||
|
|||
Unwanted code added while assembling on Olly
In the executable provided in chapter 6 of Lena's tutorials I see the following code which is responsible of setting the variable that will be used for checking if the app is registered or not:
Code:
; AL contains 0 from a previous call to a custom function, ; which is the one that checks if the app is registered or not. 005C2BF6 . 8B15 8CEB6000 MOV EDX,DWORD PTR DS:[60EB8C] 005C2BFC . 8802 MOV BYTE PTR DS:[EDX],AL 005C2BFE . A1 8CEB6000 MOV EAX,DWORD PTR DS:[60EB8C] 005C2C03 . 8038 00 CMP BYTE PTR DS:[EAX],0 005C2C06 . 75 0D JNZ SHORT pcsurgeo.005C2C15 005C2C08 . E8 6307EEFF CALL pcsurgeo.004A3370 In the tutorial file I see Lena changing this: Code:
005C2C03 . 8038 00 CMP BYTE PTR DS:[EAX],0 005C2C06 . 75 0D JNZ SHORT pcsurgeo.005C2C15 Code:
005C2C03 . 8038 00 MOV BYTE PTR DS:[EAX],1 005C2C06 . 75 0D JMP SHORT pcsurgeo.005C2C15 So i thought that i could achieve the same by fixing the MOV that is before those two lines like this: Code:
005C2BFC . 8802 MOV BYTE PTR DS:[EDX],1 ; Force it to be 1 Code:
005C2BF6 . 8B15 8CEB6000 MOV EDX,DWORD PTR DS:[60EB8C] 005C2BFC C602 01 MOV BYTE PTR DS:[EDX],1 ; Changed line 005C2BFF 8CEB MOV BX,GS ; automatically added 005C2C01 60 PUSHAD ; automatically added 005C2C02 0080 3800750D ADD BYTE PTR DS:[EAX+D750038],AL |
#2
|
|||
|
|||
That's because you are replacing the opcodes 88 02 with C6 02 01 which is longer and overwrites the MOV EAX,DWORD PTR DS:[60EB8C] instruction by one byte.
|
#3
|
|||
|
|||
Ok that makes sense, in part...
Im still not sure why changing AL to 1 changes "8802" to "C6 02 01" I thought the change to the opcode would be minimal since I am "removing" instead of adding characters. I will go and read about opcodes in a sec. |
#4
|
|||
|
|||
Here you go:
Quote:
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Unwanted Software Site! | ranadharm | General Discussion | 17 | 11-29-2018 13:51 |
Unpacking, Olly Code display | bgrimm | General Discussion | 1 | 02-23-2004 07:00 |