guys I'm having same issues....
ferrari, I know exactlly what you are talking about..... I ended up exactlly as you ....
I got here:
Code:
00405214 FF DB FF
00405215 25 DB 25 ; CHAR '%'
00405216 DC DB DC
00405217 91 DB 91
00405218 43 DB 43 ; CHAR 'C'
00405219 00 DB 00
0040521A 8B DB 8B
so I used CTRL "A"
Code:
00405214 $-FF25 DC914300 JMP DWORD PTR DS:[4391DC] - we HERE
0040521A 8BC0 MOV EAX,EAX
0040521C $-FF25 D8914300 JMP DWORD PTR DS:[4391D8]
all good...
F8 one time and here:
Code:
00D91C64 55 PUSH EBP
00D91C65 8BEC MOV EBP,ESP
00D91C67 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00D91C6A 85C0 TEST EAX,EAX
00D91C6C 75 13 JNZ SHORT 00D91C81
F8 til ret then here:
Code:
0040531C . BA 9C804300 MOV EDX,ACopy.0043809C
00405321 . 52 PUSH EDX
00405322 . 8905 B8944300 MOV DWORD PTR DS:[4394B8],EAX
00405328 . 8942 04 MOV DWORD PTR DS:[EDX+4],EAX
0040532B . E8 98FFFFFF CALL ACopy.004052C8
00405330 . 5A POP EDX
00405331 . 58 POP EAX
00405332 . E8 15E1FFFF CALL ACopy.0040344C
00405337 . C3 RETN
OK dump then F8 til after retn....
You got here.......
Code:
00437589 8B DB 8B
0043758A 1D DB 1D
0043758B 90 NOP
0043758C 8A DB 8A
0043758D 43 DB 43 ; CHAR 'C'
0043758E 00 DB 00
I got here
Code:
00437555 8B DB 8B
00437556 1D DB 1D
00437557 90 NOP
00437558 8A DB 8A
00437559 43 DB 43 ; CHAR 'C'
0043755A 00 DB 00
0043755B 8B DB 8B
looks same address is different....the TuT say with XP I'm on 2K ... Hmmmmm
seems my test subject is also version 1.6.1
what I'm really trying to get figured out is Advanced Serial Port Monitor and Advanced Serial Data Logger.....
both targets are at h**p://www.aggsoft.com/download
funny thing both these targets are updated from where I started, took me a good part of the day to Un-Fook my registry so I could re-start testing because the targets both expired the trial
well I have that much beat so far LOL ... so off I go again, I'm just glad there are TuTs like this to at least give ideas.
I know all will be a bit different as JMI says