finding the "map ping" function in SC

[indulgence]

How do you nop a function and what program do you use to do it?

The literal way is to replace all the contents of the function except the return statement with nops. You'd probably do it using whatever debugger you're using on the program.

An easier way to "nop" a function is to insert a ret at the start.

Heh, never thought of inserting a ret at the start. I'd just assume start typing out 90's

You wouldnt want to NOP the WHOLE function -- youd at least want to leave the return... otherwise you'd have some major issues

[iago]

mov BYTE PTR [FunctionAddr], 0C3h
; Assume the code segment area you write to has been protected w/  VirtualProtect
; Also assume you are in the processes address space...

That won't always work, if it's a __stdcall or __fastcall function with stack parameters.  You'd want C4xx to clear the stack.

[Kp]

mov BYTE PTR [FunctionAddr], 0C3h
; Assume the code segment area you write to has been protected w/  VirtualProtect
; Also assume you are in the processes address space...

That won't always work, if it's a __stdcall or __fastcall function with stack parameters.  You'd want C4xx to clear the stack.

Why would he want to use les (load es segment register)?  That's at best useless and at worst might cause the program to crash later.

[iago]

mov BYTE PTR [FunctionAddr], 0C3h
; Assume the code segment area you write to has been protected w/  VirtualProtect
; Also assume you are in the processes address space...

That won't always work, if it's a __stdcall or __fastcall function with stack parameters.  You'd want C4xx to clear the stack.

Why would he want to use les (load es segment register)?  That's at best useless and at worst might cause the program to crash later.

Ok, my bad, it's C2 xx.  Boo