|
Post by Webagent007 on May 28, 2003 13:36:59 GMT -5
I think it's called hex edit, not even sure.. here's a printscreen to make it more clear br] www.webagent007.org/hexedit.jpgnow the selection in there probably has something to do with the class id inside my msnkit grabber (comment sais so), now what are you supposed to do if you want to change the class in via that way? or is that a too tricky question?
|
|
FooK
New Member
Posts: 44
|
Post by FooK on May 29, 2003 11:57:24 GMT -5
No not hard at all web , glad to see you taking an intrest in my bread and butter ( asm & Reversal) More than happy to help you with this stuff any time! And not hard to edit at all web! Only problem being its a VB exe , and i dont know if you do know but VB exes are so very diff from Normal PE ( Portable Executable) When you edit bytes in a Visual basic exe , but what i will do for you seeing as you kindly posted A pic of the dissasembly, ill throw together a patcher in Assembly and post it along with a Tut on how to do it manualy! give me a day web, im abit run off my feet at the second working on stuff in IDA pro, PS: theres a little prezzy in your msg box [glow=red,2,300]Keep it real with me, ill keep it real with you[/glow] Peace " Fook"
|
|
|
Post by Webagent007 on May 29, 2003 14:37:09 GMT -5
Thanks thats verry sweet, what I did is compare it with same sort of program but with right class id, and its not just that selected line thats changed (the 0040477A) but there are a few above and below changed, so I dont exactly know what this "PUSH" or "CALL" thing is. (I seen it in C++ source codes before though) I just wonder is it sort of C++ translated to hex or something? I mean you must be able to read it and be able to say what it says right? MOV EAX,DWORD PTR SS EBX*2][EDI+10.] is equivalent to MOV EAX,[DWORD SS:EBX*2+EDI+10.] ^^ what does that say or mean?
|
|
z00ey
New Member
return is the movement of sense..
Posts: 2,309
|
Post by z00ey on May 29, 2003 15:33:42 GMT -5
it s assembly, not c++ .. ..and i guess he just wanted to say that both lines do the same job..
..i ll try to explain, fook prolly can better and i hope he does later, lolbr] MOV - one piece of data shall be moved from one place to another (mov poo,meep moves meep to poo) DWORD - is the type of data that is moved (consists up to 32 bits) SS:etc.. - segment register (location of the data that is moved EAX,EBX,EDI - extended registers (32bit registers) that are used (hence dword, 32bit)
..fook, wth is PTR ?
|
|
FooK
New Member
Posts: 44
|
Post by FooK on May 30, 2003 14:49:16 GMT -5
PTR , its to identify the size of operand being used , 'dword ptr' 'byte ptr' 'word ptr' etc and as you know a DWORD is 4 bytes ect Goes back to more boring Java Byte code
|
|