Perhaps because the codes around the one you’re injecting are SSE ASM codes ? Maybe that is the reason those question marks came up...
To make a far jump, the injection code needs 5 bytes which are in your case here would have to reside in: 0x5F8A91 to 0x5F8A95. Since MHS has not yet able to translate SSE ASM, the OverwrittenCode part were failed to translate the bytes in 0x5F8A93 to 0x5F8A95.
To make it work try to change those question marks into the bytes they are suppose to be. This steps may work:
- Open MHS Hex Editor and Note the 3 bytes within 0x5F8A93 to 0x5F8A95.
- Replace the “??” into “db 0xXX 0xYY 0xZZ” where XX, YY, ZZ are those bytes you get from the first step.
By seeing your screen shot you may want to replace those question mark to:
- Code: Select all
db 0xF3 0x11 0x0F
or
- Code: Select all
db 0xF3 0x0F 0x11
Either one of them should works...
Correct me if i’m wrong... (whoa, my 700th posts)..
.. to boldly go where no eagle has gone before...