VB Decompiler Hosted by TheAutomaters.com     Memberlist   How to change far Jump in P-Code ?? (brainstorm44)      VB Decompiler Forum Index -> Speak your mind Author Message golem Often here Joined: 18 Nov 2002 Posts: 73 Posted: Sun Dec 21, 2003 5:11 pm     Post subject: How to change far Jump in P-Code ?? (brainstorm44) Ì would like to change a long distance jump ,and don't know how to calculate it. There are a few tools out for changing short branch jumps . But i never read something about long jumps . For example: 763CE1: 00 LargeBos 763CE3: 0a ImpAdCallFPR4: 575738 763CE8: 00 LargeBos 763CEA: Lead1/c8 End 763CEC: 00 LargeBos 763CEE: 04 FLdRfVar local_0148 i like to change the jump at 763ce3 to another location. Please Help !! thanx ------- (Snagged from the script kiddie clubhouse ) Brainstorm44, you will find the script kiddies are of little use to any meaningful attempt at working with PCode. Post your code sample in hex format here or ?. You will find here that the MBers won't try to give you some silly local jump (1C,1D,1E) answer to a 'far jump' question. (You might want to discuss what it is you are trying to accomplish... ). Carry on! golem Back to top MrUnleaded Site Admin Joined: 21 Sep 2002 Posts: 385 Location: California Posted: Tue Dec 30, 2003 6:57 pm     Post subject: Golem: just out of curiosity how come you posted someone elses post here? Did you refer him here from the other board? As far as the question is concerned....ive never been great at modifiying apps without source code...and while i can assume that the difference between a short jump and a long jump is one that is [correct me if i am wrong] in the app/procedure[short] and one that is in another app/procedure[long] Ive never tried it, but what would stop us from just putting the proper address from a different function if all else is the same? -MrU Back to top golem Often here Joined: 18 Nov 2002 Posts: 73 Posted: Wed Dec 31, 2003 3:43 am     Post subject: Well... In lurking at the Script Kiddie MB, I ran across that post and was rather amused at those guys 'VB RE' responses. It just seemed like the guy deserved a better level of info... Read: I poached the post... (Quite predicatably the Kiddie playhouse is not an open forum... So anyone with any real knowledge about VB is not permitted there.) The 'jumps' references these guys bring to VB PCode REing is not an exact match... What these guys call 'short jumps' is really just flow control, though with a little imagination (and an understanding of the (If Not/If/Goto) can be made to work in that 'context'... This 'long jump' suffers from the same conceptual limitation. For instance, the binary block... 27 C8 FE 27 0C FF 27 30 FF F5 00 00 00 00 3A 64 FF 30 00 4E 54 FF 04 54 FF 0A 31 00 14 00 Decompiles to: MsgBox "Output file has been created." 0A 03 00 04 00 is a reference to 'Val' 0A 33 00 08 00 is for 'Shell'... A semi-observant person might recognize these '0A' opcodes as belonging to a certain family of 'calls'. >Ive never tried it, but what would stop us from just putting the proper >address from a different function if all else is the same? In theory yes, but not terribly practical, as the 'parameter stack', much like the planets, will almost never 'align'. >ive never been great at modifiying apps without source code... Absolutely true. IMO, PCode IS 'source code'... just needs a little 'formatting' so it can be read by most everyone... In keeping with the spirit of your observation (and what I presume are BrainStorms goals), I would propose what might be viewed as a more aggresive approach and just replace whatever you need... It can vary from a Zen-like 1->3 byte tweak of the flow control thru just overlaying the first block of the routine to just set and return the value you really want all the way to just rewriting the routine in its entirety (cut-n-paste from a sample program works quite well ) naturally adjusting ALL of the appropiate headers... I was hoping BrainStorm was going to respond... Doesn't seem likely. Apparently it would seem that Script Kiddies don't have much of an attention span... Carry on! golem Back to top sarge Moderator Joined: 24 Sep 2002 Posts: 194 Posted: Thu Jan 08, 2004 7:56 pm     Post subject: A simplified explanation of how this call works (how to calculate the target, etc) DID in fact exist here once (I know, 'cause I posted it), but using the "Search" function failed to find it. Perhaps it got lost in the translation/update, or perhaps I just don't remember the proper keywords to search for. I DO remember that it reference CommonApp as an example, and used the data in that program to show real numbers. Anyone got a copy of the lost emails?....oh wait, I guess "lost" means exactly that. Sarge Back to top sarge Moderator Joined: 24 Sep 2002 Posts: 194 Posted: Thu Jan 08, 2004 7:58 pm     Post subject: PS: Does Brainstorm44 even show up here? Sarge Back to top    VB Decompiler Forum Index -> Speak your mind All times are GMT Page 1 of 1   You can post new topics in this forum You can reply to topics in this forum You can edit your posts in this forum You can delete your posts in this forum You can vote in polls in this forum Powered by phpBB © 2001, 2005 phpBB Group