Gonzalez Posted December 16, 2006 Report Posted December 16, 2006 "Theory on reversing jumpers" by: MiStEr_XJumpers comes in many different forms, but we are more interested in simple jne, je conditional jumps. Conditional jump means that the jump is taken on certain conditions, for example: JNZ = JNE = Jump if not zero, JZ = JE = Jump if zero. Let's see a simple piece of asm code:.00450212 call 00460588.00450213 test eax, eax.00450214 jnz "7501" 004851B3Let's traduce this asm code, on the address .450212 there is a call, after the calculations into this call the eax register will receive a value or will remain zero, we see that we have a conditional jump at address .450214 JNZ (jump if not zero), so the jump will be taken only if the eax register value will not be 0. The same thing is for the JZ (jump if zero) but it will jump if the value of eax register will be 0.In certain cases, when we need to patch a jump we nop it, in our case, we nop our jump by replacing it with 9090. In other cases we need to force that jump to be taken, so to convert it in unconditional jump. We can do this by replacing bytes from 7501 to EB01. EB is the instruction for the unconditional jump. Our code will have this look:.00450212 call 00460588.00450213 test eax, eax.00450214 jmp "EB01" 004851B3Whatever will be the value of EAX register the jump at .450214 will be taken. Quote
