About Code Caving?

[sylvanus]

Speed:

00400019:
fmul qword ptr [00400108]
jmp 005eea87

Go to 5EEA81
Change EIP to 00400019
Add manually 00400108 and set it to 125 (default)

CASE 1 ---------------------------- how interprete this? ---------------------
1) ctrl + g : put 00400019
2) right button --> assemble : put fmul qword ptr [00400108]
3) y next line right button --> assemble : jmp 005eea87
4) Go to 5EEA81
Change EIP to 00400019
Add manually 00400108 and set it to 125 (default)


CASE 2 --------------------------other says ------------------------------
1) ctrl + g : put 00400019
2) press ctrl + A (autoassemble)
3) paste :

00400019:
fmul qword ptr [00400108]
jmp 005eea87

4) Go to 5EEA81
Change EIP to 00400019
Add manually 00400108 and set it to 125 (default)


WHAT IS STEP CORRECT?? (case 1, case 2, dont work for me)

case 1) error : The generated code is 6 byte(s) long, but the selectd opcode is 2 byte(s) long! dow you want the incomplete opcodes(s) whit nops?

CASE 2) error : not all code can injected

[N3Wl3]

Case 2 is correct, but the addresses are outdated. The reason not all code can be injected is cause you're probably using TE.

[sylvanus]

Quote:

Case 2 is correct, but the addresses are outdated. The reason not all code can be injected is cause you're probably using TE.

i am using DISK DROVE, i can use DUPEXVAC (INJECTION CODE)

but... don't me function with this injection

00400019:
fmul qword ptr [00400108]
jmp 005eea87