1.Modify before func.0048b410
Code: Select all
[offset] [modified bytes] [instruction]
8b403 8b 45 04 mov eax,dword ptr[ebp+0x4]
8b406 83 f8 01 cmp eax,1
8b409 74 05 je 0048b410
8b40b eb 29 jmp 0048b436
Code: Select all
[offset] [modified bytes] [instruction]
8b436 68 65 47 63 00 push 00634765 ;jump to case 11 to continue without crash
8b43b c2 08 00 retn 8
Code: Select all
[offset] [modified bytes] [instruction]
2340ab e8 53 73 e5 ff call ;modify call to func.0048b410 so it goes to 0048b403 instead
//the func call, and push inst needed to be modified.