windowsdllassemblyreverse-engineeringollydbg
How to change a call with Reverse engineering
I have an example program test1.exe that uses an example library test2.dll.
test.dllcontains the functionsA()andB()of the same type.test1.execallsAand then exits.
Here I've found the call to A():
(https://i.sstatic.net/5W9Jd.jpg)
Now, if i'm not mistaken, I need to replace 88FDFFFF with the correct offset of B(), but how can I calculate it so that B() will be invoked instead of A()?
Solution
If this in an x86 call-relative instruction, the offset value is computed by subtracting the address of the instruction following the call (= call instruction location + 5 bytes), from the address of the target. So, you need to patch the offset to be address(B)-address(callinstruction+5).
- Windows Task Scheduler Doesn't Run VBScript
- How can I get mod_rewrite and mod_alias to work together?
- Difference between 'strcpy' and 'strcpy_s'?
- Is there any way to create an shortcut desktop to a Node.js (npm) application?
- Windows Form Foreach remove only removes half Form.Control elements
- command line tool text output
- Authenticate from Linux to Windows SQL Server with pyodbc
- How assign the current day to a batch file variable and change the date?
- Select many files for installation using wildcard in Inno Setup and install/rename them with an extension appended
- Windows Powershell policy execution bypass
- Why is "MINGW64" appearing on my Git bash?
- Echoing a variable with a greater than sign (>) in a Windows command prompt causes a file creation, even after using the escape caret (^)
- Unrecognized command after poetry's installation on Windows 11
- Poetry installation with Windows WSL not working, ignoring $HOME
- Why does my compiler not accept fork(), despite my inclusion of <unistd.h>?
- Start menu folder created by Inno Setup is not showing
- Why isn't git bash transforming the path to *nix notation for my python installation?
- vlc python bindings - how to receive keyboard input?
- How to update a GitHub access token via command line
- How to automate "Retry" on error when copying a file with the Windows Explorer COM model?
- Task manager - c/c++ application - address space allocated vs used memory
- Where is the private key stored for an IIS CSR request?
- How to run multiple Python versions on Windows
- NVM for Windows not working?
- Converting the physical RT dose to EQD2
- Why is git showing line endings change although there should be none?
- Is environ available on Windows?
- SSL error when with git submodules on windows runner
- How to register electron app for 'tel' protocol at the time of installation?
- Windows Command Line History