Quote:
Originally Posted by Spirit_12
All I'm doing to NOP is changing the first byte of the instruction to 90. Am I supposed to change all the bytes?
|
Thank you for the explanation.
Yes; NOP consumes no other bytes, so it reads the next byte as an instruction.
Also, since I cracked open IDA to see what you're actually looking at,
patch 007F39F8 to use an unconditional jump and skip all three event calls. Pretty sure you can do one of the following:- NOP the first byte then JMP on second
- Patch the near jump to use JNO so it always jumps (only requires modification of the second byte)
Spoke too soon; didn't see the entity check after the second branch. Unless you want to do a jump straight to that branch, just NOP the jumps.
__________________