question about exe.

[franken6tain]

hey guyz, i have a question about raising action limit. i looked over the tuts in here, but my exe differs so i wana ask how to find which codes i have to change, im kinda new to ollydb and im still learning how to use it. any help is apreciated

[Godricc]

I don't know much about asm, but I know its already been done and the completed files are here on the forums already.

[.Genome.]

Quote:

Originally Posted by Godricc

I don't know much about asm, but I know its already been done and the completed files are here on the forums already.

But just taking it is kinda leeching. I think it's cool that he wants to do something for himself. Sadly I can't say what to look for either though.

[Godricc]

Well, don't forget it's not entirely leeching. It was a release. Open for anyone to use.

[HellSpider]

You can search for specific instructions with Ctrl+F. Usually it's better to search for a certain hex pattern using Ctrl+B.

[franken6tain]

well hell im using your bmr exe, but searching the offsets used in the tut released didnt go well, so ill try this but i think i already did it that way thanks for help ill see what i can do

[HellSpider]

Quote:

Originally Posted by franken6tain

well hell im using your bmr exe, but searching the offsets used in the tut released didnt go well, so ill try this but i think i already did it that way thanks for help ill see what i can do

Yeah, the addresses are different in that exe. To use the pattern search, you must remember that you should not create patterns that have any relative instructions (calls and long jumps). Ex:

PUSH 0x1234 -> 68 34 12 00 00
CALL ADDR -> E8 + 4 bytes defining the address
ADD ESP,0x4 -> 83 C4 04

In this case the call should be skipped and the pattern will look like this:

68 34 12 00 00 E8 ?? ?? ?? ?? 83 C4 04

So you should replace all things that can vary with wildcard characters (??).

[franken6tain]

thanks to hellspider and conquer93 ofc for helping with the exes

[conquer93]

the exes i sended you did they work ?