Need help [Archive] - RCE Messageboard's Regroupment

View Full Version : Need help

zyllion

November 26th, 2008, 08:28

Can some1 tell me how to disable this ExitProcess in this code?

Quote:

00502CB0 /$ 55 PUSH EBP
00502CB1 |. 8BEC MOV EBP,ESP
00502CB3 |. 51 PUSH ECX
00502CB4 |. E8 E7000000 CALL Ebenezer.00502DA0
00502CB9 |. 833D D04D6800 >CMP DWORD PTR DS:[684DD0],1
00502CC0 |. 75 11 JNZ SHORT Ebenezer.00502CD3
00502CC2 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00502CC5 |. 50 PUSH EAX ; /ExitCode
00502CC6 |. FF15 109A6800 CALL DWORD PTR DS:[<&KERNEL32.GetCurrent>; |[GetCurrentProcess
00502CCC |. 50 PUSH EAX ; |hProcess
00502CCD |. FF15 189B6800 CALL DWORD PTR DS:[<&KERNEL32.TerminateP>; \TerminateProcess
00502CD3 |> C705 CC4D6800 >MOV DWORD PTR DS:[684DCC],1
00502CDD |. 8A4D 10 MOV CL,BYTE PTR SS:[EBP+10]
00502CE0 |. 880D C84D6800 MOV BYTE PTR DS:[684DC8],CL
00502CE6 |. 837D 0C 00 CMP DWORD PTR SS:[EBP+C],0
00502CEA |. 75 47 JNZ SHORT Ebenezer.00502D33
00502CEC |. 833D 646A6800 >CMP DWORD PTR DS:[686A64],0
00502CF3 |. 74 2C JE SHORT Ebenezer.00502D21
00502CF5 |. 8B15 606A6800 MOV EDX,DWORD PTR DS:[686A60]
00502CFB |. 8955 FC MOV DWORD PTR SS:[EBP-4],EDX
00502CFE |> 8B45 FC /MOV EAX,DWORD PTR SS:[EBP-4]
00502D01 |. 83E8 04 |SUB EAX,4
00502D04 |. 8945 FC |MOV DWORD PTR SS:[EBP-4],EAX
00502D07 |. 8B4D FC |MOV ECX,DWORD PTR SS:[EBP-4]
00502D0A |. 3B0D 646A6800 |CMP ECX,DWORD PTR DS:[686A64]
00502D10 |. 72 0F |JB SHORT Ebenezer.00502D21
00502D12 |. 8B55 FC |MOV EDX,DWORD PTR SS:[EBP-4]
00502D15 |. 833A 00 |CMP DWORD PTR DS:[EDX],0
00502D18 |. 74 05 |JE SHORT Ebenezer.00502D1F
00502D1A |. 8B45 FC |MOV EAX,DWORD PTR SS:[EBP-4]
00502D1D |. FF10 |CALL DWORD PTR DS:[EAX]
00502D1F |>^EB DD \JMP SHORT Ebenezer.00502CFE
00502D21 |> 68 70CD6500 PUSH Ebenezer.0065CD70 ; /Arg2 = 0065CD70
00502D26 |. 68 68CB6500 PUSH Ebenezer.0065CB68 ; |Arg1 = 0065CB68
00502D2B |. E8 90000000 CALL Ebenezer.00502DC0 ; \Ebenezer.00502DC0
00502D30 |. 83C4 08 ADD ESP,8
00502D33 |> 68 7CD06500 PUSH Ebenezer.0065D07C ; /Arg2 = 0065D07C
00502D38 |. 68 74CE6500 PUSH Ebenezer.0065CE74 ; |Arg1 = 0065CE74
00502D3D |. E8 7E000000 CALL Ebenezer.00502DC0 ; \Ebenezer.00502DC0
00502D42 |. 83C4 08 ADD ESP,8
00502D45 |. 833D D44D6800 >CMP DWORD PTR DS:[684DD4],0
00502D4C |. 75 20 JNZ SHORT Ebenezer.00502D6E
00502D4E |. 6A FF PUSH -1 ; /Arg1 = FFFFFFFF
00502D50 |. E8 5B210000 CALL Ebenezer.00504EB0 ; \Ebenezer.00504EB0
00502D55 |. 83C4 04 ADD ESP,4
00502D58 |. 83E0 20 AND EAX,20
00502D5B |. 85C0 TEST EAX,EAX
00502D5D |. 74 0F JE SHORT Ebenezer.00502D6E
00502D5F |. C705 D44D6800 >MOV DWORD PTR DS:[684DD4],1
00502D69 |. E8 F22B0000 CALL Ebenezer.00505960
00502D6E |> 837D 10 00 CMP DWORD PTR SS:[EBP+10],0
00502D72 |. 74 07 JE SHORT Ebenezer.00502D7B
00502D74 |. E8 37000000 CALL Ebenezer.00502DB0
00502D79 |. EB 14 JMP SHORT Ebenezer.00502D8F
00502D7B |> C705 D04D6800 >MOV DWORD PTR DS:[684DD0],1
00502D85 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
00502D88 |. 51 PUSH ECX ; /ExitCode
00502D89 |. FF15 149B6800 CALL DWORD PTR DS:[<&KERNEL32.ExitProces>; \ExitProcess
00502D8F |> 8BE5 MOV ESP,EBP
00502D91 |. 5D POP EBP
00502D92 \. C3 RETN

Powered by vBulletin® Version 4.2.2 Copyright © 2020 vBulletin Solutions, Inc. All rights reserved.