I guys ,i wanted to learn asm and samedays ago i tryed to move this piece of code :

004075AD \> C3 RETN
004075AE /$ 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
004075B2 |. 0FAF4424 08 IMUL EAX,DWORD PTR SS:[ESP+8]
004075B7 |. 50 PUSH EAX ; /HeapSize
004075B8 |. 6A 08 PUSH 8 ; |Flags = HEAP_ZERO_MEMORY
004075BA |. FF15 18104000 CALL DWORD PTR DS:[<&KERNEL32.GetProcessHeap>] ; |[GetProcessHeap
004075C0 |. 50 PUSH EAX ; |hHeap
004075C1 |. FF15 14104000 CALL DWORD PTR DS:[<&KERNEL32.HeapAlloc>] ; \HeapAlloc
004075C7 \. C3 RETN

into this piece of NOP :

00407650 90 NOP
00407660 90 NOP
00407661 90 NOP
00407662 90 NOP
0040766F 90 NOP
00407670 90 NOP
00407672 90 NOP
0040767E 90 NOP
00407680 90 NOP
00407690 90 NOP
00407692 90 NOP
004076A2 90 NOP

I used first time the "JMP" jumping from here 004075AD to first NOP 00407650 adding under the same function but every time the exe crash ,if you can and have free time try to help me so i can undertand how to move function and structures ,thanks so much in advance

| Сообщение посчитали полезным:

1. 004075AD ?! maybe from 004075AE ?!
2. It more safety use piece with 00 for youre code, because this piece (with NOP) program can use for self.
3. what do you change in this code when moving it on new place, maybe the mistake is in it?

| Сообщение посчитали полезным:

Add to the end of your code RETN and look to the addres of return in the stack. Save them!

-----
radio uno in ibisa ...

| Сообщение посчитали полезным:

Yes sorry Halt i wanted to tell to JMP from 004075AE ,the RETN before i pasted for error , srry,then i tryed this:
If i make a JMP on the MOV it became like :
from:

004075AE /$ 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
004075B2 |. 0FAF4424 08 IMUL EAX,DWORD PTR SS:[ESP+8]
004075B7 |. 50 PUSH EAX ; /HeapSize
004075B8 |. 6A 08 PUSH 8 ; |Flags = HEAP_ZERO_MEMORY
004075BA |. FF15 18104000 CALL DWORD PTR DS:[<&KERNEL32.GetProcess>; |[GetProcessHeap
004075C0 |. 50 PUSH EAX ; |hHeap
004075C1 |. FF15 14104000 CALL DWORD PTR DS:[<&KERNEL32.HeapAlloc>>; \HeapAlloc
004075C7 \. C3 RETN

became:

004075AE E9 F8000000 JMP testing.00407650
004075B3 AF SCAS DWORD PTR ES:[EDI]
004075B4 44 INC ESP
004075B5 24 08 AND AL,8
004075B7 |. 50 PUSH EAX ; /HeapSize
004075B8 |. 6A 08 PUSH 8 ; |Flags = HEAP_ZERO_MEMORY
004075BA |. FF15 18104000 CALL DWORD PTR DS:[<&KERNEL32.GetProcessHeap>] ; |[GetProcessHeap
004075C0 |. 50 PUSH EAX ; |hHeap
004075C1 |. FF15 14104000 CALL DWORD PTR DS:[<&KERNEL32.HeapAlloc>] ; \HeapAlloc
004075C7 \. C3 RETN

and so i don't know well what can i change now because is changed the code down:
this the original :

004075AE /$ 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
004075B2 |. 0FAF4424 08 IMUL EAX,DWORD PTR SS:[ESP+8]

after added the JMP on the MOV:

004075AE E9 F8000000 JMP testing.00407650
004075B3 AF SCAS DWORD PTR ES:[EDI]
004075B4 44 INC ESP
004075B5 24 08 AND AL,8

there is too new code under the JMP ,is it normal ?

| Сообщение посчитали полезным:

Because you don't consider the size of original command and your's. It's should be equal. (sorry, i'am bad english men ). Look:
original - 004075B2 |. 0FAF4424 08 IMUL EAX,DWORD PTR SS:[ESP+8]
after you - 004075B3 AF SCAS DWORD PTR ES:[EDI]
You clear one byte of original code! This is a error.

Note:
004075AE E9 F8000000 JMP testing.00407650
004075B3 90 NOP
004075B4 90 NOP
004075B5 90 NOP
004075B7 |. 50 PUSH EAX ; /HeapSize
and add to end of you code before RETN this command:
4 04 MOV EAX,DWORD PTR SS:[ESP+4]
4424 08 IMUL EAX,DWORD PTR SS:[ESP+8]
Now, after the return to original code function with parametr /HeapSize will working normally.

PS Sorry about my english

-----
radio uno in ibisa ...

| Сообщение посчитали полезным:

And more.. If you use jmp, then use jmp for return. Else use CALL testing.00407650 and RET, but watch to the stack.

-----
radio uno in ibisa ...

| Сообщение посчитали полезным:

Icelot thank you so so so so so much ,don't worry about your english ,also my english isn't too good ;) ,so i understand perfect the JMP function and the return with the same JMP ,now i have to understand the CALL procedure and the RETN to came back on the stack
[quote]Else use CALL testing.00407650 and RET, but watch to the stack.[/quote]

can you explain me a little to use the CALL to move a piece of code ?
thanks in advance ;)

| Сообщение посчитали полезным:

Example. Original:
004075AE /$ 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
004075B2 |. 0FAF4424 08 IMUL EAX,DWORD PTR SS:[ESP+8]
004075B7 |. 50 PUSH EAX ; /HeapSize
004075B8 |. 6A 08 PUSH 8 ; |Flags = HEAP_ZERO_MEMORY
004075BA |. FF15 18104000 CALL DWORD PTR DS:[<&KERNEL32.GetProcess>; |[GetProcessHeap
004075C0 |. 50 PUSH EAX ; |hHeap
004075C1 |. FF15 14104000 CALL DWORD PTR DS:[<&KERNEL32.HeapAlloc>>; \HeapAlloc
004075C7 \. C3 RETN

If you want to use the CALL & RET:
004075AE /$ XXXXXXXXXX CALL 00407650
004075B4 |. 90 NOP
004075B5 |. 90 NOP
004075B6 |. 90 NOP
004075B7 |. 50 PUSH EAX ; /HeapSize
004075B8 |. 6A 08 PUSH 8 ; |Flags = HEAP_ZERO_MEMORY
004075BA |. FF15 18104000 CALL DWORD PTR DS:[<&KERNEL32.GetProcess>; |[GetProcessHeap
004075C0 |. 50 PUSH EAX ; |hHeap
004075C1 |. FF15 14104000 CALL DWORD PTR DS:[<&KERNEL32.HeapAlloc>>; \HeapAlloc
004075C7 \. C3 RETN

and here:
00407650 90 NOP <<you wrote your code here
00407660 90 NOP <<you wrote your code here
00407661 90 NOP <<...
00407662 90 NOP
0040766F 90 NOP
00407670 90 NOP
00407672 90 NOP
0040767E 90 NOP
00407680 90 NOP
00407690 90 NOP
00407692 90 NOP
004076A2 90 NOP
004076A3 /$ 8B4424 04 MOV EAX,DWORD PTR SS:[ESP+4]
004076A7 |. 0FAF4424 08 IMUL EAX,DWORD PTR SS:[ESP+8]
004076AC C3 RET

May be i confuse with addresses. But it's not your problem. Just edit original and write your code.

-----
radio uno in ibisa ...

| Сообщение посчитали полезным:

Thanks you soo much Icelot ;)

| Сообщение посчитали полезным: