Scale Posted November 9, 2007 Posted November 9, 2007 (edited) I wrote these 2 tiny functions and they work perfectly when its running in olly but if i try to run it stand alone it crashes :SNow the only thing i can think off that might be causing it are the MOV ECX's they used to be like MOV ECX,DWORD PTR SS:[EBP+0x144]I had to hard code that value becuase EBP isnt set correctly since i call the function from different locations that they should.But if thats the case how work it does work when olly runs and doesnt when its not.function 1: PUSH 0x7 //default MOV ECX,0x147740 //hard coded value CALL 0x04EC933 //default PUSH 0x0 //default PUSH 0x0 //default PUSH 0x0 //default PUSH 0x0 //default PUSH 0x1F //hard coded value PUSH 0x0 //default PUSH 0xA0A //default PUSH 0xFA314DC //default MOV ECX,0x147740 //hard coded value CALL 0x0428F0D //default MOV ECX,DWORD PTR SS:[EBP+0x8] //restore orginal function PUSH ECX //restore orginal function MOV ECX,DWORD PTR SS:[EBP-0x4] //restore orginal function JMP 0x04EC847 //jmp back from cave//nvm function 2 it doesnt even reach itfunction 2: PUSHAD PUSH 0x14771F //default MOV ECX,0x147740 //hard coded value CALL 0x04ECB68 //default POPAD ADD ESP,0xC //restore orginal function PUSH 0x1 //restore orginal function JMP 0x04DCB2B //jmp back from cave Edited November 10, 2007 by Scale
Scale Posted November 10, 2007 Author Posted November 10, 2007 Oke totaly nvm,I was just about to write something that would write away the address i literaly fell over the MOV that set the ECX properly without hard coding it runs perfectly now
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now