CFSworks
May 6th, 2005, 14:56
I need to find an ADD where one of the numbers being added is '84'. How do I do that? Could someone give an example, please? Thanks in advance.
View Full Version : How to find specific instruction?
haggar
May 6th, 2005, 15:09
You can writte script for OllyScript plugin that will find first such opcode or all ADD opcodes and wrote their addresses in log window.
You said that added number is 84. To what is added? To register, memory address...?
This is one example; if you want to find:
0040170B 05 84000000 ADD EAX,84
then script goes (search in whole code section where, for example, code section starts from 401000)
findop 401000,#0584000000#
msg $RESULT
ret
This script will find first ADD EAX,84 opcode starting from 401000 address and it will display in MessageBox it's offset.
Read readme.txt which comes with Script plugin and ou will very fast learn how to write scripts.
You said that added number is 84. To what is added? To register, memory address...?
This is one example; if you want to find:
0040170B 05 84000000 ADD EAX,84
then script goes (search in whole code section where, for example, code section starts from 401000)
findop 401000,#0584000000#
msg $RESULT
ret
This script will find first ADD EAX,84 opcode starting from 401000 address and it will display in MessageBox it's offset.
Read readme.txt which comes with Script plugin and ou will very fast learn how to write scripts.
blabberer
May 7th, 2005, 06:36
right click --> search for constant -- type 84 press ok it will show the
first occurance keep pressing ctrl+ L for all other occurances or till the memory blaock ends
first occurance keep pressing ctrl+ L for all other occurances or till the memory blaock ends
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.