Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Help - I Need some direction
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #3  
Old 06-30-2004, 03:00
acidx
 
Posts: n/a
that wouldn't do me any good, i'm trying to write a program in c++ that can scan executables(same one just different versions) for the location of a call to an imported function from kernel32 and then patch the jump instruction following the compare instruction thats right after the call to the imported function.

Heres an example:

Call [00605AC0] - FindWindowA
cmp eax, ebx
je 0047e8c4

Now lets say FindWindowA was only in one part of the program but over different revisions this position changed offset wise but the overall assembled code was always the same. I want to be able to scan the file for this one call to FindWindowA and then patch the je instruction to a jmp instruction. This isn't the exact api call or section of code i want to change its just an example so you can better understand what i mean a little better.
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 21:29.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )