|
|
#1
10-05-2003, 23:49
|
|||
|
|||
|
Olly thread patching... help
I'm debugging a program in Olly and found that I wanna change some code in the exe to remove a nasty check.
But the code I wanna change is in a thread and can't be found in the exe when using hexedit. The program is pure c++ code and isn't packed. The CPU window reports: thread 00000FF4 And it displays no module anymore. It got to the code with a: :00425F3B FF15A4384900 call dword ptr [004938A4] The code I wanna patch looks like this: 003E6913 75 3F JNE SHORT 003E6954 How do I find that code in the exe or is that located outside the exe? Thanks -SvensK Last edited by SvensK; 10-06-2003 at 00:15. 
|
|
#2
10-06-2003, 03:17
|
|||
|
|||
|
Nevermind, I solved it.
|
|
#4
10-06-2003, 04:17
|
|||
|
|||
|
Yes SvensK, please let us know how you solved it.
Regards, yaa
|
|
#5
10-06-2003, 05:28
|
|||
|
|||
|
Well, I followed the call outside the code with Olly and copied the code to NotePad. Then I reinserted the code slightly modified somewhere in the exe where there was free space (bunch of zeros). And at last I re-routed the call to the new place in the exe.
Worked like a charm 
|
|
#6
10-11-2003, 11:52
|
|||
|
|||
|
Good solution!
However, I'd like to mention that code for a "thread" is still going to be in the EXE, so unless its encrypted, you should be able to find it. A thread is just code like any other piece of code, it just runs in its own context. It's still code in the code section of the EXE somewhere (although C++ will make it tougher to track it down) Nice job on the solution, thinking out of the box ! Well done -Lunar
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Thread 19765 disappeared ? | LaDidi | General Discussion | 2 | 01-19-2021 14:56 |
| Using Thread Local Storage (tls) in Olly | JuneMouse | General Discussion | 24 | 06-04-2005 19:32 |
| Debugging a thread | Numega Softice | General Discussion | 1 | 07-02-2004 19:28 |
Linear Mode
