Hi, is it possible to convert a label or a nother thing to a ret command? like this:

Hicks PROC
label1::
[...]
JMP labl1
ret
HICKS ENDP

A nother function. I neet do close Hicks. Bit how to realize that?
perhaps:

terminateHicks PROC
MOV ESI, label1:
MOV ESI,
RET
terminateHicks ENDP

Deep REgards Bang-FF
Posted on 2003-06-08 16:20:13 by Forginforcer
What do you mean?
Posted on 2003-06-08 16:51:46 by comrade
He means self-modifying code I'm guessing.

Labels aren't physical entities in code. They merely reference a point within it. Ergo you cannot turn a label into a ret. But you can change the 'jmp label1' to a ret, if your code segment is writable. But depending on what you've got on the stack, it might be more complicated than that. But unless it's absolutely necessary, you shouldn't be doing things this way. Use a conditional loop or something.

As for the second question, about Hicks, whatever that is, I have no idea what he's talking about. Big surprise. ;)
Posted on 2003-06-08 17:16:24 by iblis
what's with

label:

push offset label
ret

Hagen
Posted on 2003-06-08 18:06:37 by Hagen
hm...:confused:
Posted on 2003-06-09 01:24:38 by Forginforcer
Ok, as i assume You want that a RET returns to Your label, right ??

Then my hint does this. Push the address of Your Label on the stack and do a RET.

Hagen
Posted on 2003-06-09 04:21:17 by Hagen
a modification of the jump will suffice.
But Im not that good do relaize that in my own fist!
Posted on 2003-06-09 04:25:40 by Forginforcer
Or want you to patch the code on the address of Your Label to a RET Opcode ??
Then you should say this.

You need to work with VirtualProtect() on Windows, change the accessflags of the address on the label to PAGE_READWRITE and put in $C3 for your RET, then change back the original protectionflag.

But, I suggest you to use a global variable instead of codepatching.


Hagen
Posted on 2003-06-09 04:26:04 by Hagen
Ok, I'm not a C fan so I write it in PASCAL

<pre>

procedure Patch(Addr: PChar);
var
Protect: DWord;
begin
if VirtualProtect(Addr, 1, PAGE_READWRITE, @Protect) then
try
PByte(Addr)^ := $C3;
finally
VirtualProtect(Addr, 1, Protect, nil);
FlushInstructionCache(GetCurrentProcess, Addr, 1);
end;
end;


PROC PATCH

push eax
push eax
push 1
push PAGE_READWRITE
push 0
call VirtualProtect
test eax,eax
pop edx
jz PatchFails
mov byte ptr ,0C3h

ENDP

</pre>

above small assembler part shows the first call to virtualprotect.

Hagen
Posted on 2003-06-09 04:32:17 by Hagen
codepatching is a little but to complicatet for that small thing.

could i do use folowing code?

mov edi, label
ADD edi,
MOV edi,
Posted on 2003-06-09 04:32:38 by Forginforcer
thanks for the fast answer!
Posted on 2003-06-09 04:34:15 by Forginforcer
Or use the stack. Save your trouble.
Posted on 2003-06-09 06:58:48 by roticv
but how???:confused: :confused: :confused:
Posted on 2003-06-09 07:11:17 by Forginforcer
Something like


sub esp, 32
mov edi,esp
mov al, ffh
stosb
mov al, d3h
stosb
mov al,c3h
stosb
mov al,cch
call esp
add esp,32
Posted on 2003-06-09 07:18:20 by roticv

what's with

label:

push offset label
ret

Hagen


It will do eternal jump. Ret are Pop stack and then jump to it.




push 2000
ret

same with:

Jmp 0000:2000

Posted on 2003-06-10 05:55:03 by realvampire