Foone🏳️⚧️ on Nostr: there's definitely some way to make ghidra tell you the fill offset of the current ...
there's definitely some way to make ghidra tell you the fill offset of the current instruction, but I can't remember it, so I go to Bytes view, select the next 32 bytes or so, and search the EXE in a hex editor:
Bingo, at 0x882B. Change to EB & save it out to BBCRACKD.EXE
Published at
2025-02-08 07:15:43Event JSON
{
"id": "7c97c52f6c01848bca6b95932f4b423eb4d5032381bb584214087d446f708fb2",
"pubkey": "8d0c6793de7edd25b3e6fcfd2e4e9b301cec2c7e577a9dcf0247e64d7c3c737e",
"created_at": 1738998943,
"kind": 1,
"tags": [
[
"e",
"26e4a352ad105311f8d7066fea1d323bae0d48e1f67c812b103603ff1a17aa68",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://digipres.club/users/foone/statuses/113967034773463004",
"activitypub"
]
],
"content": "there's definitely some way to make ghidra tell you the fill offset of the current instruction, but I can't remember it, so I go to Bytes view, select the next 32 bytes or so, and search the EXE in a hex editor: \n\nBingo, at 0x882B. Change to EB \u0026 save it out to BBCRACKD.EXE",
"sig": "8237c2ce1563298ffb2b7fefe5a240e8dfb15ce06fe37c86abfd210646b1abf33cf5ff71edf1062ca34d5e2fad15611c5a670c728205a95a3de0841f44ab3557"
}
