Quote:
|
Originally Posted by britedream
pop ebx,pop ecx, pop ebp, are restoring what is pushed at the beginning,eax is xored right after retun, so by changing push ebp, to return is equal in effect to your nopping.
and I see no differnce between what I did ,and your nopping. 
regards. |
I admit that I never looked at the code CALLing 57890C in that example, so I was unaware that EAX was XORed immediately after the procedure returned. So, my assumption that the value in EAX was important was incorrect.
Also, upon rereading what you first posted here, when you said 'so change 55 "push ebp", to c3 " retn"', for some reason I thought you were referring to the instruction at 410419, not the one at 41040C. Hence my comments about corrupting the stack (which now turn out are entirely irrelevant)...
Sorry, my misunderstanding, my fault.
Maybe I should slow down when reading next time, so I don't get confused so easily and throw off the whole thread.
Regards,
Satyric0n