Uridium
October 8th, 2009, 01:18
Hi,
i want to multiply EBX register with 0x0C by code injection. I jump with a CALL to the end of code section (free space). The code looks like this:
Is there an easier way to multiply EBX by 12? Is it a safe/correct injection? By my knowledge MUL only uses EAX, EDX and CF, OF flags. I think the flags aren't used at the code section where i injected so i hope i can just ignore them.
i want to multiply EBX register with 0x0C by code injection. I jump with a CALL to the end of code section (free space). The code looks like this:
Code:
00460030 50 PUSH EAX ;save EAX
00460031 52 PUSH EDX ;save EDX
00460032 B8 0C000000 MOV EAX,0C ;clear DWORD EAX, set 1st operand
00460037 89DA MOV EDX,EBX ;set 2nd operand
00460039 F7E2 MUL EDX ;multiply (EDX*EAX), write to EAX
0046003B 89C3 MOV EBX,EAX ;move final product to EBX
0046003D 5A POP EDX ;restore EDX
0046003E 58 POP EAX ;restore EAX
0046003F (code that was removed for injection CALL)
00460042 (code that was removed for injection CALL)
00460046 C3 RETN
Is there an easier way to multiply EBX by 12? Is it a safe/correct injection? By my knowledge MUL only uses EAX, EDX and CF, OF flags. I think the flags aren't used at the code section where i injected so i hope i can just ignore them.