|
you're replacing say...
mov [esi+054h], eax
with a call to your caved code right
mov [esi+54h], eax is indeed 3 bytes - you should have seen this in the disassembly
its 89 46 54
you need to grab the next line(s) too, and also copy that to your cave code
until you have 5 (or more bytes) to work in
say the code is
89 46 54 mov [esi+54], eax
33 c0 xor eax, eax
40 inc eax
you need 5 bytes to put in the call, so that will be in place of the 89 46 54 33 c0
it'll be come e8 xx xx xx xx (call to your cave)
your code will then have...
mov [esi+54], 1 (your replacment)
then the other copied lines (33 c0 in this example)
and then a ret...
makes sense?
__________________
bleh
DO NOT PM me with questions, leave that in the forums...ESPECIALLY if i dont know you...
|