Results 1 to 9 of 9

Thread: How to change far Jump in P-Code ??

  1. #1
    brainstorm44
    Guest

    How to change far Jump in P-Code ??

    ╠ would like to change a long distance jump ,and don't know how to calculate it.
    There are a few tools out for changing short branch jumps . But i never read something about long jumps . For example:

    763CE1: 00 LargeBos
    763CE3: 0a ImpAdCallFPR4: 575738
    763CE8: 00 LargeBos
    763CEA: Lead1/c8 End
    763CEC: 00 LargeBos
    763CEE: 04 FLdRfVar local_0148

    i like to change the jump at 763ce3 to another location.
    Please Help !!
    thanx
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    If you look at the raw opcodes you will either find an offset or a virtual address for the jump. Simply patch this one to your liking.


    Btw, I think one of the other forums are better suited for this question...

  3. #3
    Registered User cRk's Avatar
    Join Date
    Apr 2003
    Location
    out of hell
    Posts
    152
    read this tuto --> http://www.learn2crack.com/218.zip

    explain how to change jumps for P-code , long jmp in pcode are 1E

    please read and post any comments about

    regards!

  4. #4
    brainstorm44
    Guest
    Hi Delta, you wrote:
    >If you look at the raw opcodes you will either find an offset or a virtual address for the jump. Simply patch this one to your liking.

    This doesn't work . There's no jump to patch.

    Hi Crk
    I know this tut , but there's only explained to jump inside a proc.
    I need to jump from one procedure to another (far Jump) , and i don't think that i can use branch ( 1E) for it.

    thanx guys!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Registered User cRk's Avatar
    Join Date
    Apr 2003
    Location
    out of hell
    Posts
    152
    as josephco Explains -->>

    "Here I need to explain how jumps work in pcode. The beginning of the procedure is the BASE of all jump operations. Lets say you have 0x1C 0x02 0x00 in this procedure. 0x1C = Branch if False, and 0x0002 is the distance from the start of the procedure to jump... NOT the distance from the current location (unlike ASM). So when we want to make our own jumps, we need to calculate the distance to jump ourselves (which isn't very hard). We just take the destination and stubract the starting point from it.. and we get our distance
    1C = BranchF
    1D = BranchT
    1E = Branch"


    P-code is the same everywhere.. maybe you're missing something?? isn't this telling you how to do it?

    Regards
    Last edited by cRk; December 19th, 2003 at 09:36.

  6. #6
    Brainstorm:

    Here's a copy of the response I posted in the other current thread about P-Code.

    Learning how to search IS one of the most important functions of reverse engineering. In a folder labeled P-Code on my HD, I have a small program called JumpGen, which appears to generate a P-Code jump instruction from one address to another. I've never used it, so I can't confirm if it works or if it will do what you want. Search for "jumpgen.exe" on the net. If you can't find it after some searching on your own, I'll attach it here.

    Regards,
    JMI

  7. #7
    brainstorm44
    Guest
    Hi JMI
    i know this program called Jumpgen, but you can only calculate near jumps
    like brancht, branchf and so on , but i like to jump from one proc to another
    and l read a lot of p-code tuts , but theres no answer to MY question.
    I played around with wktdbg but i don't understand the function:
    763CE3: 0a ImpAdCallFPR4: 575738
    I changed the bytes after the 0A function , but it screwed up the hole program. So again the question: How to calculate LONG JUMPS !
    thanx
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    Registered User cRk's Avatar
    Join Date
    Apr 2003
    Location
    out of hell
    Posts
    152
    ok... now i know what you mean.. but i'm not sure if that is possible in P-code

    try this --> http://www.vb-decompiler.com

    and see the attached file from some of the P-code instructions/descripcion like ASM way

    btw 0A is not a jump .. i think you're wrong by trying to make this a jump
    1A is a jump but not 0A
    Attached Files Attached Files
    Last edited by cRk; December 20th, 2003 at 11:16.

  9. #9
    0A is not a jump, it's a call. Think "gosub".

    Sarge

Similar Threads

  1. Jump tables
    By Hex Blog in forum Blogs Forum
    Replies: 0
    Last Post: January 31st, 2008, 11:30
  2. Jump to address
    By monu in forum OllyDbg Support Forums
    Replies: 0
    Last Post: August 29th, 2006, 14:37
  3. Jump to <&MSVBVM60.#100> ??
    By 99bobster99 in forum OllyDbg Support Forums
    Replies: 19
    Last Post: September 6th, 2003, 06:58
  4. Jump analysis
    By peterg70 in forum Plugins (General)
    Replies: 7
    Last Post: February 13th, 2003, 22:57
  5. Jump if not below | another question to moderators
    By __DuDu__ in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: February 17th, 2001, 02:05

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •