Author Message
ParkourPenguin
PostPosted: Wed Aug 05, 2020 6:25 pm    Post subject:
CE is generally used on running software- i.e. dynamic analysis vs static analysis. If that's fine, figure out where the new addresses are after the OS loads the dll into the process's memory and change it with an AA script like this:
Code:
[ENABLE]
foo.dll+538A:
  db 90 90

foo.dll+7190:
  db 90 90

foo.dll+B18C:
  db 90 90

[DISABLE]
// restore whatever the original bytes are... or don't and delete everything beyond this
foo.dll+538A:
  db CC CC

foo.dll+7190:
  db CC CC

foo.dll+B18C:
  db CC CC

If you want to change the dll itself, CE can attach to files on disk. I'm not terribly familiar with it but I can't imagine it would be much different.
Thac0-Guest
PostPosted: Wed Aug 05, 2020 1:03 pm    Post subject: Trying to create table to NOP out address from .dll
First, thanks for having & reading a no-account subforum here. I super appreciate not having to make an account for what will likely be a one time thing.

I've been suggested to make a CE table for some DLL edits to a game. I know the 7 addresses I need to modify. Each address needs 2 bytes of NOP to skip a function call. I was modifying the dll directly in a hex editor, but I'd like to share it in a more friendly way.

I've tried searching for the answer and I've not come up with the answer in the past 30 min. Any help with search terms or a link to an example would be great. Thanks for your time!

Powered by phpBB © 2001, 2005 phpBB Group