This is probaly as newbie as it gets but i am having a problem trying to find out how to write to code using SI, you know JNZ to JZ... I read Sandmans excellent tut but i didnt see anything refering to that.

Also on the web the other day i downloaded a already cracked version of Win32dasm8.9, my copy is at home and i want it at work to, does anyone know where this possibly came from.

thanx
goat

Let me see if i understood your ??
First do a d eip on the line that you want to change and look at the top you will see the same line Example your at 00123456789 and at the top you will see 00123456789 0F 75 34 54 65 77 and try and change the first or second numbers like 75 to 74 and press return you will see the change but this will change it only in memory to permently change it use your Hex editor.

i hope this helped you..

pupp

Another posibility is to use the Sice command A(ssemble):
If you want to change the current instruction just type A
Otherwise type A cs:xxxxxxxx where xxxxxx is the address of the instruction you want to change.
Then write the FULL opcode you want in that position ie: JMP 0045232A or XOR eax,eax
-then click enter. SI will translate the opcode to Hex and give you the option to assemble the next instruction(s) (perhaps to add the nops to compensate for a change in the instruction lenght). Caviat emptor: look at the Hex translation of whatever you typed (in the field to the left of the instructions). If your new instruction translation is longer than the original instruction, you may overwrite the following instruction bytes and obtain unpedictable results. Also, I have seen Sice make mistakes when the jump you are changing is a Far jump.
When you are done assembling click escape and you are back to Sice in regular mode.

Bratsch

Hi, If you are a real newbie then maybe you did not RTFM
and so cannot see the hex code refered to above. You should alter the [CTRL+F1] macro (init string ?) in 'winice.dat' - with registered UltraEdit 7.20 like this :-

CF1="altscr off; lines 60; wc 30; wd 10;code on; set font 2;;"

the 'code on' command shows the hex/opcode equivalents.

Hope this helps.