jingjang
June 1st, 2004, 01:23
00B5DDBC 891F MOV DWORD PTR DS:[EDI],EBX <<<last execption
00B5DDBE 64:EB 02 JMP SHORT 00B5DDC3 ; Superfluous prefix
00B5DDC1 CD 20 INT 20
00B5DDC3 67:64:8F06 0000 POP DWORD PTR FS:[0]
00B5DDC9 36:EB 01 JMP SHORT 00B5DDCD ; Superfluous prefix
00B5DDCC 6983 C4048D7C 4B>IMUL EAX,DWORD PTR DS:[EBX+7C8D04C4],2EB>
00B5DDD6 CD 20 INT 20
00B5DDD8 52 PUSH EDX
00B5DDD9 F2: PREFIX REPNE: ; Superfluous prefix
00B5DDDA EB 01 JMP SHORT 00B5DDDD
00B5DDDC 9A 515355F3 EB02 CALL FAR 02EB:F3555351 ; Far call
00B5DDE3 CD 20 INT 20
00B5DDE5 F2: PREFIX REPNE: ; Superfluous prefix
00B5DDE6 EB 01 JMP SHORT 00B5DDE9
00B5DDE8 69EB 019A8D94 IMUL EBP,EBX,948D9A01
00B5DDEE 0FDC02 PADDUSB MM0,QWORD PTR DS:[EDX]
00B5DDF1 97 XCHG EAX,EDI
00B5DDF2 4C DEC ESP
00B5DDF3 2BD1 SUB EDX,ECX
00B5DDF5 2BD7 SUB EDX,EDI
00B5DDF7 81D5 D4705CF4 ADC EBP,F45C70D4
00B5DDFD 52 PUSH EDX
00B5DDFE 83DD BB SBB EBP,-45
00B5DE01 BD 2E234100 MOV EBP,41232E
00B5DE06 5D POP EBP
00B5DE07 C1CD 7C ROR EBP,7C ; Shift constant out of range 1..31
00B5DE0A 55 PUSH EBP
00B5DE0B F3: PREFIX REP: ; Superfluous prefix
00B5DE0C EB 02 JMP SHORT 00B5DE10
00B5DE0E CD 20 INT 20
00B5DE10 81DB 0F5439DB SBB EBX,DB39540F
00B5DE16 5B POP EBX
00B5DE17 C1C3 9A ROL EBX,9A ; Shift constant out of range 1..31
00B5DE1A 53 PUSH EBX
00B5DE1B 0BC9 OR ECX,ECX
00B5DE1D 59 POP ECX
00B5DE1E EB 01 JMP SHORT 00B5DE21
00B5DE20 C7C1 C14B87D1 MOV ECX,D1874BC1
00B5DE26 2E:EB 01 JMP SHORT 00B5DE2A ; Superfluous prefix
00B5DE29 C781 EADBB805 2E>MOV DWORD PTR DS:[ECX+5B8DBEA],3DAF72E
00B5DE33 FA CLI
00B5DE34 64:EB 02 JMP SHORT 00B5DE39 ; Superfluous prefix
00B5DE37 CD 20 INT 20
00B5DE39 5D POP EBP
00B5DE3A 5B POP EBX
00B5DE3B 59 POP ECX
00B5DE3C 5A POP EDX
00B5DE3D 5F POP EDI
00B5DE3E 833D 683BB600 00 CMP DWORD PTR DS:[B63B68],0
00B5DE45 74 14 JE SHORT 00B5DE5B
00B5DE47 6A 0C PUSH 0C
00B5DE49 B9 683BB600 MOV ECX,0B63B68
00B5DE4E 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
00B5DE51 BA 04000000 MOV EDX,4
00B5DE56 E8 8536FFFF CALL 00B514E0
00B5DE5B A1 4016B600 MOV EAX,DWORD PTR DS:[B61640]
00B5DE60 C700 E1000000 MOV DWORD PTR DS:[EAX],0E1
00B5DE66 8BC3 MOV EAX,EBX
00B5DE68 E8 474CFEFF CALL 00B42AB4
00B5DE6D A1 C415B600 MOV EAX,DWORD PTR DS:[B615C4]
00B5DE72 8B00 MOV EAX,DWORD PTR DS:[EAX]
00B5DE74 E8 5B67FFFF CALL 00B545D4
00B5DE79 A1 4016B600 MOV EAX,DWORD PTR DS:[B61640]
00B5DE7E C700 E3000000 MOV DWORD PTR DS:[EAX],0E3
00B5DE84 FF75 FC PUSH DWORD PTR SS:[EBP-4]
00B5DE87 EB 01 JMP SHORT 00B5DE8A
00B5DE89 E8 8B45F88B CALL 8CAE2419
00B5DE8E 0085 C07525FF ADD BYTE PTR SS:[EBP+FF2575C0],AL
00B5DE94 ^75 F4 JNZ SHORT 00B5DE8A
00B5DE96 EB 01 JMP SHORT 00B5DE99
00B5DE98 -E9 FF75F0EB JMP ECA6549C
00B5DE9D 01C7 ADD EDI,EAX
00B5DE9F FF75 EC PUSH DWORD PTR SS:[EBP-14]
00B5DEA2 68 3CB0B500 PUSH 0B5B03C
00B5DEA7 EB 01 JMP SHORT 00B5DEAA
00B5DEA9 E8 FF75F0FF CALL 00A654AD
00B5DEAE ^75 E8 JNZ SHORT 00B5DE98
00B5DEB0 68 8CB4B500 PUSH 0B5B48C
00B5DEB5 EB 01 JMP SHORT 00B5DEB8
00B5DEB7 9A FF75E4EB 019A CALL FAR 9A01:EBE475FF ; Far call
00B5DEBE 09C0 OR EAX,EAX
00B5DEC0 74 01 JE SHORT 00B5DEC3
00B5DEC2 50 PUSH EAX
00B5DEC3 FF75 E0 PUSH DWORD PTR SS:[EBP-20]
00B5DEC6 EB 01 JMP SHORT 00B5DEC9
00B5DEC8 -E9 FF75DCC3 JMP C49254CC
00B5DECD 5F POP EDI
00B5DECE 5E POP ESI
00B5DECF 5B POP EBX
00B5DED0 8BE5 MOV ESP,EBP
00B5DED2 5D POP EBP
00B5DED3 C3 RETN
From Labba tut it say we need to get to the last exception and break on RET.
I did this but the prog ran.
00B5DDBE 64:EB 02 JMP SHORT 00B5DDC3 ; Superfluous prefix
00B5DDC1 CD 20 INT 20
00B5DDC3 67:64:8F06 0000 POP DWORD PTR FS:[0]
00B5DDC9 36:EB 01 JMP SHORT 00B5DDCD ; Superfluous prefix
00B5DDCC 6983 C4048D7C 4B>IMUL EAX,DWORD PTR DS:[EBX+7C8D04C4],2EB>
00B5DDD6 CD 20 INT 20
00B5DDD8 52 PUSH EDX
00B5DDD9 F2: PREFIX REPNE: ; Superfluous prefix
00B5DDDA EB 01 JMP SHORT 00B5DDDD
00B5DDDC 9A 515355F3 EB02 CALL FAR 02EB:F3555351 ; Far call
00B5DDE3 CD 20 INT 20
00B5DDE5 F2: PREFIX REPNE: ; Superfluous prefix
00B5DDE6 EB 01 JMP SHORT 00B5DDE9
00B5DDE8 69EB 019A8D94 IMUL EBP,EBX,948D9A01
00B5DDEE 0FDC02 PADDUSB MM0,QWORD PTR DS:[EDX]
00B5DDF1 97 XCHG EAX,EDI
00B5DDF2 4C DEC ESP
00B5DDF3 2BD1 SUB EDX,ECX
00B5DDF5 2BD7 SUB EDX,EDI
00B5DDF7 81D5 D4705CF4 ADC EBP,F45C70D4
00B5DDFD 52 PUSH EDX
00B5DDFE 83DD BB SBB EBP,-45
00B5DE01 BD 2E234100 MOV EBP,41232E
00B5DE06 5D POP EBP
00B5DE07 C1CD 7C ROR EBP,7C ; Shift constant out of range 1..31
00B5DE0A 55 PUSH EBP
00B5DE0B F3: PREFIX REP: ; Superfluous prefix
00B5DE0C EB 02 JMP SHORT 00B5DE10
00B5DE0E CD 20 INT 20
00B5DE10 81DB 0F5439DB SBB EBX,DB39540F
00B5DE16 5B POP EBX
00B5DE17 C1C3 9A ROL EBX,9A ; Shift constant out of range 1..31
00B5DE1A 53 PUSH EBX
00B5DE1B 0BC9 OR ECX,ECX
00B5DE1D 59 POP ECX
00B5DE1E EB 01 JMP SHORT 00B5DE21
00B5DE20 C7C1 C14B87D1 MOV ECX,D1874BC1
00B5DE26 2E:EB 01 JMP SHORT 00B5DE2A ; Superfluous prefix
00B5DE29 C781 EADBB805 2E>MOV DWORD PTR DS:[ECX+5B8DBEA],3DAF72E
00B5DE33 FA CLI
00B5DE34 64:EB 02 JMP SHORT 00B5DE39 ; Superfluous prefix
00B5DE37 CD 20 INT 20
00B5DE39 5D POP EBP
00B5DE3A 5B POP EBX
00B5DE3B 59 POP ECX
00B5DE3C 5A POP EDX
00B5DE3D 5F POP EDI
00B5DE3E 833D 683BB600 00 CMP DWORD PTR DS:[B63B68],0
00B5DE45 74 14 JE SHORT 00B5DE5B
00B5DE47 6A 0C PUSH 0C
00B5DE49 B9 683BB600 MOV ECX,0B63B68
00B5DE4E 8D45 E4 LEA EAX,DWORD PTR SS:[EBP-1C]
00B5DE51 BA 04000000 MOV EDX,4
00B5DE56 E8 8536FFFF CALL 00B514E0
00B5DE5B A1 4016B600 MOV EAX,DWORD PTR DS:[B61640]
00B5DE60 C700 E1000000 MOV DWORD PTR DS:[EAX],0E1
00B5DE66 8BC3 MOV EAX,EBX
00B5DE68 E8 474CFEFF CALL 00B42AB4
00B5DE6D A1 C415B600 MOV EAX,DWORD PTR DS:[B615C4]
00B5DE72 8B00 MOV EAX,DWORD PTR DS:[EAX]
00B5DE74 E8 5B67FFFF CALL 00B545D4
00B5DE79 A1 4016B600 MOV EAX,DWORD PTR DS:[B61640]
00B5DE7E C700 E3000000 MOV DWORD PTR DS:[EAX],0E3
00B5DE84 FF75 FC PUSH DWORD PTR SS:[EBP-4]
00B5DE87 EB 01 JMP SHORT 00B5DE8A
00B5DE89 E8 8B45F88B CALL 8CAE2419
00B5DE8E 0085 C07525FF ADD BYTE PTR SS:[EBP+FF2575C0],AL
00B5DE94 ^75 F4 JNZ SHORT 00B5DE8A
00B5DE96 EB 01 JMP SHORT 00B5DE99
00B5DE98 -E9 FF75F0EB JMP ECA6549C
00B5DE9D 01C7 ADD EDI,EAX
00B5DE9F FF75 EC PUSH DWORD PTR SS:[EBP-14]
00B5DEA2 68 3CB0B500 PUSH 0B5B03C
00B5DEA7 EB 01 JMP SHORT 00B5DEAA
00B5DEA9 E8 FF75F0FF CALL 00A654AD
00B5DEAE ^75 E8 JNZ SHORT 00B5DE98
00B5DEB0 68 8CB4B500 PUSH 0B5B48C
00B5DEB5 EB 01 JMP SHORT 00B5DEB8
00B5DEB7 9A FF75E4EB 019A CALL FAR 9A01:EBE475FF ; Far call
00B5DEBE 09C0 OR EAX,EAX
00B5DEC0 74 01 JE SHORT 00B5DEC3
00B5DEC2 50 PUSH EAX
00B5DEC3 FF75 E0 PUSH DWORD PTR SS:[EBP-20]
00B5DEC6 EB 01 JMP SHORT 00B5DEC9
00B5DEC8 -E9 FF75DCC3 JMP C49254CC
00B5DECD 5F POP EDI
00B5DECE 5E POP ESI
00B5DECF 5B POP EBX
00B5DED0 8BE5 MOV ESP,EBP
00B5DED2 5D POP EBP
00B5DED3 C3 RETN
From Labba tut it say we need to get to the last exception and break on RET.
I did this but the prog ran.