I am trying to patch a CD-ROM check of a Telephone directory CD.
I almost done it through Soft Ice.But i cant make it a Permanent One.Next time when i starts. it was again as Old.
How i will find the Offset of that code in Soft Ice it self, so that i could Use HIEW and Goto that Offset then patch my program..
How i could find the offset of that code in Soft Ice.

Simple Way:

Make sure you have CODE ON in SoftIce

Write down 10 to 20 bytes around the area you want to patch. try to include bytes corresponding to stuff that is unique (call to an discreet address in your program, read an absolute reference in memory), not repetitive( the push ebp, mov ebp, esp stuff wich occurs 1000's of times inside the code).


Then in Hiew use the search (F7) command and type in the bytes you noted around your key instruction. Remeber to have HIEW in decode mode, so you will recognize your asm code.


More convoluted way:

Learn the concept of ImageBase, physical offset versus memory offset and the PE header structure. you will find that the address you see in Sice MINUS the ImageBase is usually the address you have to GOTO (F5) in HIEW.

There are other solutions to this minor problem, but my favorite is 'Simple Way '
above

You could also use a tool like "RVA to offset" which is attached to this post. Push the button "File" and select the file you want the offset from, and put the address you got from sice into the "Memory Address" text field and press "Do it". If the target is packed, "RVA to offset" won't help you.

Personally i use the search method in Hview, which i edit almost everything in, great tool.

JohnWho.

and the Simplest Way:

press F5 in Hiew and put address from SICE preceeded with dot; like .480064

Wow!!..Great...
This was my first Post to this forum.I thought everybody will ignore me...B'cze i have no answer if somebody would come and say "Hey Dood u don't even know how to Find an Offset and u trying to Reverse Engineer"?!!..
But the Posts are Excellent..
Thanx a Lot