Results 1 to 5 of 5

Thread: [.NET] Nopping out an instruction

  1. #1

    Question [.NET] Nopping out an instruction

    Hi,

    I'm busy learning basic .NET reversing. Today I've coded a little crackme to practice byte patching. I nopped out a jump (2C0C => 0000), but whenever that method gets executed, it crashes.

    Some tutorial stated something about '.newbies not getting why nopping out a jump doesn't work'. Unfortunately it was not explained WHY. Some tutorial huh :P

    Anyone who can enlighten me on this? Thx!

    Gr,
    B.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Next time try Google. I found this in less than 10 seconds: http://www.atrevido.net/blog/CommentView,guid,8315fa01-0286-47ce-a20b-fcc15eb297c3.aspx - "The first instinct is to say, hey, let's change IL_0000 to a br to IL_0035, and NOP out the remainder of the try block. However, that'd create illegal code, since you can't branch out from a try block, you must use the leave opcode instead."

  3. #3
    I tried Google. I asked a friend - a professional .net-programmer - to look for it as well. We couldn't find it. It happens. I don't post here if I can easily find something myself.

    The article you refer to mentions a try-block. My code doesn't have one:

    Code:
      .method private hidebysig void btnRegister_Click(class System.Object sender, class [mscorlib]System.EventArgs e)
                                            // DATA XREF: InitializeComponent+132r
      {
        ldarg.0
        ldfld class [System.Windows.Forms]System.Windows.Forms.TextBox Crackme.Form1::txtPassword
        callvirt class System.String [System.Windows.Forms]System.Windows.Forms.Control::get_Text()
        ldstr "password"
        call bool [mscorlib]System.String::op_Equality(class System.String, class System.String)
        brfalse.s loc_233
        ldstr "Registered!"
        call value class [System.Windows.Forms]System.Windows.Forms.DialogResult [System.Windows.Forms]System.Windows.Forms.MessageBox::Show(class System.String)
        pop
        ret
    
    loc_233:                                // CODE XREF: btnRegister_Click+15j
        ldstr "Wrong password"
        call value class [System.Windows.Forms]System.Windows.Forms.DialogResult [System.Windows.Forms]System.Windows.Forms.MessageBox::Show(class System.String)
        pop
        ret
      }
    There must be something else. Or not, but then again, I'm a beginner what .NET concerns.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    A branch instruction pops a value off the stack. If you just nop it out, the stack will be misaligned. Try patching with 00 26 (nop; pop) to keep the stack orderly.

  5. #5
    Quote Originally Posted by Extremist View Post
    A branch instruction pops a value off the stack. If you just nop it out, the stack will be misaligned. Try patching with 00 26 (nop; pop) to keep the stack orderly.
    Thanks. That worked (and made sense) ;-)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Beware of int 2c instruction
    By ZaiRoN in forum Blogs Forum
    Replies: 3
    Last Post: December 24th, 2007, 09:21
  2. How to edit instruction in IDA pro
    By viewer in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: December 31st, 2004, 18:51
  3. In IDA Pro, how can I modify a instruction?
    By flexlm in forum The Newbie Forum
    Replies: 1
    Last Post: March 19th, 2003, 10:52
  4. <b>Question about ASM instruction?</b>
    By xOptiMus in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: November 17th, 2000, 13:10
  5. How to know what a ASM instruction is in HEX
    By -[Z]- in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: November 16th, 2000, 16:40

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •