Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Followed istruction but line code not found #13

Open
pinkfloyd11 opened this issue Dec 6, 2023 · 7 comments
Open

Followed istruction but line code not found #13

pinkfloyd11 opened this issue Dec 6, 2023 · 7 comments

Comments

@pinkfloyd11
Copy link

Hi
my dll version end with 6062.0

With IDA I have search "lic_call_1812CE870" but nothing has been found. Why??
@sl4v3k
Copy link
Owner

sl4v3k commented Dec 6, 2023

because "lic_call_" is name i added locally to mark the function, You are not going to have it in Your IDA decompilation

@pinkfloyd11
Copy link
Author

And what I should search?

@sl4v3k
Copy link
Owner

sl4v3k commented Dec 6, 2023

send me dll i will find right place or You can find by searching surrounded bytes as signature

@pinkfloyd11
Copy link
Author

Shapr3D.zip
This is my file.
But how you understand which line of code must be changed??
And still more incredible how understand which will be the new line code??

@sl4v3k
Copy link
Owner

sl4v3k commented Dec 7, 2023
edited
Loading

In Your case, the function is here, 0000000181B49289 in IDA view:

.text:0000000181B49276 C6 45 00 00                             mov     byte ptr [rbp+0], 0
.text:0000000181B4927A 48 8D 0D 2F A4 A2 FE                    lea     rcx, off_1805736B0
.text:0000000181B49281 4C 8D 45 00                             lea     r8, [rbp+0]
.text:0000000181B49285 49 8B 57 18                             mov     rdx, [r15+18h]
.text:0000000181B49289 E8 22 FD 78 FF                          call    lic_call_1812D8FB0
.text:0000000181B4928E 48 8B F8                                mov     rdi, rax
.text:0000000181B49291 48 8B 8D B0 00 00 00                    mov     rcx, [rbp+0B0h]
.text:0000000181B49298 4C 8B 71 20                             mov     r14, [rcx+20h]
.text:0000000181B4929C 48 8D 0D ED E8 4E FE                    lea     rcx, unk_180037B90
.text:0000000181B492A3 FF 15 17 9D 28 FF                       call    cs:RhpNewFast

plese send me exact version of shapr You use in format "5.493.5987.0 #f98b370b", I will update github entry

@sl4v3k
Copy link
Owner

sl4v3k commented Dec 7, 2023

But how you understand which line of code must be changed??
And still more incredible how understand which will be the new line code??

just debug the app and first check functionality and see memory it uses

@spiontengah
Copy link

hi, pardon me.. i don't know bout code. just try from other issue but still didnt get to change function.. could you tell the step ??
cc @sl4v3k thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pinkfloyd11 @sl4v3k @spiontengah