From 2d56fa70044148270318b40aa19f451492250016 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcus=20Andr=C3=A9?= Date: Sun, 15 Jul 2018 16:10:54 -0300 Subject: [PATCH] Update README.MD --- README.MD | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.MD b/README.MD index 455f341..fe05b8e 100644 --- a/README.MD +++ b/README.MD @@ -62,22 +62,22 @@ After some problems with games that reload string inside a loop I created the Ge call @Nxt ;Call the label Nxt @Nxt: ;Declare the Nxt label pop EAX ;Catch the EIP :) - cmp dword [EAX+0x1D], 0;Verify if already have the Address + cmp dword [EAX+0x21], 0;Verify if already have the Address jne @Finish push EAX ;Backup NXT Address sub EAX, 0x2050 ;Subtract the Difference from the EIP and Import Address mov EAX, [EAX] ;Read the import table call EAX ;Calls the GetDirectProcess pop EBX ;Recovery NXT Address - mov [EBX+0x24], EAX ;Save the Process Address + mov [EBX+0x21], EAX ;Save the Process Address mov EAX, EBX ;Prepare to Finish @Finish: - add EAX, 0x1D ;Ajust Pointer + add EAX, 0x21 ;Ajust Pointer mov EAX, [EAX] ;Read the Process Address ret @Ptr: - dd 0 ;Here is the @Nxt: + 0x1D + dd 0 ;Here is the @Nxt: + 0x21 ``` You don't give pass nothing to this method, just call and catch the EAX, the EAX is a pointer to the Process function, using this pointer will be more fast to call the function, Keep in mind, the pointer given by the GetDirectProcess, is a STDCall function, so, you don't need pop the pointer given to the Process before