tachyon
October 2nd, 2009, 20:33
Maybe someone can help me.... I'd like to alter some code on the fly
in a program, but anything I try kicks me to ntdll. For instance, executing
51403 instantly kicks me to ntdll.... why ???
00514DFD CALL app.00514E02
00514E02 POP EAX
00514E03 MOV BYTE PTR DS:[EAX+10],90
00514E07 NOP
I always get kicked out to 7C90EAF0 inside ntdll here:
7C90EAF0 MOV EBX,DWORD PTR SS:[ESP]
7C90EAF3 PUSH ECX
7C90EAF4 PUSH EBX
7C90EAF5 CALL ntdll.7C9377C1
7C90EAFA OR AL,AL
7C90EAFC JE SHORT ntdll.7C90EB0A
7C90EAFE POP EBX
7C90EAFF POP ECX
7C90EB00 PUSH 0
7C90EB02 PUSH ECX
7C90EB03 CALL ntdll.ZwContinue
7C90EB08 JMP SHORT ntdll.7C90EB15
7C90EB0A POP EBX
7C90EB0B POP ECX
7C90EB0C PUSH 0
7C90EB0E PUSH ECX
7C90EB0F PUSH EBX
7C90EB10 CALL ntdll.ZwRaiseException
Thanks !
in a program, but anything I try kicks me to ntdll. For instance, executing
51403 instantly kicks me to ntdll.... why ???
00514DFD CALL app.00514E02
00514E02 POP EAX
00514E03 MOV BYTE PTR DS:[EAX+10],90
00514E07 NOP
I always get kicked out to 7C90EAF0 inside ntdll here:
7C90EAF0 MOV EBX,DWORD PTR SS:[ESP]
7C90EAF3 PUSH ECX
7C90EAF4 PUSH EBX
7C90EAF5 CALL ntdll.7C9377C1
7C90EAFA OR AL,AL
7C90EAFC JE SHORT ntdll.7C90EB0A
7C90EAFE POP EBX
7C90EAFF POP ECX
7C90EB00 PUSH 0
7C90EB02 PUSH ECX
7C90EB03 CALL ntdll.ZwContinue
7C90EB08 JMP SHORT ntdll.7C90EB15
7C90EB0A POP EBX
7C90EB0B POP ECX
7C90EB0C PUSH 0
7C90EB0E PUSH ECX
7C90EB0F PUSH EBX
7C90EB10 CALL ntdll.ZwRaiseException
Thanks !