What would be the command to change the last 5 characters of the register esp to 0f49c ???

You cant have esp hold 5 characters. 4 at the most, and its not used for that.

ok. then im lost...whats it used for?

Stack pointer. You should probably read an assembly language tutorial.

oh... so when you cmp esp , 00000001
It looks to the location that esp points to? and then
compares that to 1?

No, it compares whatever is in esp to 1.

You want
cmp [esp], 1

I looked through the faq, and most of the tutorials are not working links.

So can you take a bit of you time and pls explain this to me.
What does esp and the rest of the registers actually do. When you compare esp and 1, what is it comparing 1 to???

What im trying to do is cheat at a game. I found a tool called softice, and I thought I had a basic idea of asm to use it. But it turns out I just know what the operations do. I dont understand the rest of it.

Heres the code Im going though...


:0049E0D0 81EC94000000 sub esp, 00000094
:0049E0D6 56 push esi
:0049E0D7 57 push edi
:0049E0D8 8BBC24A0000000 mov edi, dword ptr [esp+000000A0]
:0049E0DF 8BF1 mov esi, ecx
:0049E0E1 83FF01 cmp edi, 00000001
:0049E0E4 0F8C3D010000 jl 0049E227
:0049E0EA 8B0D8C477600 mov ecx, dword ptr [0076478C]
:0049E0F0 53 push ebx
:0049E0F1 E89ACEFAFF call 0044AF90
:0049E0F6 8B96D4A20700 mov edx, dword ptr [esi+0007A2D4]
:0049E0FC 8BD8 mov ebx, eax
:0049E0FE A128487600 mov eax, dword ptr [00764828]
:0049E103 57 push edi
:0049E104 8B8818100000 mov ecx, dword ptr [eax+00001018]
:0049E10A 51 push ecx
:0049E10B 8B0A mov ecx, dword ptr [edx]
:0049E10D E86E61FCFF call 00464280
:0049E112 3BD8 cmp ebx, eax
:0049E114 A19C477600 mov eax, dword ptr [0076479C]
:0049E119 5B pop ebx
:0049E11A 7C7B jl 0049E197
:0049E11C 85C0 test eax, eax
:0049E11E 7477 je 0049E197
:0049E120 C786A000000000000000 mov dword ptr [esi+000000A0], 00000000
:0049E12A C786B80E000001000000 mov dword ptr [esi+00000EB8], 00000001
:0049E134 A19C477600 mov eax, dword ptr [0076479C]
:0049E139 8B1570477600 mov edx, dword ptr [00764770]
:0049E13F 6A01 push 00000001
:0049E141 6A14 push 00000014
:0049E143 8B8880000000 mov ecx, dword ptr [eax+00000080]
:0049E149 894C2410 mov dword ptr [esp+10], ecx
:0049E14D 8B8280000000 mov eax, dword ptr [edx+00000080]
:0049E153 660FBE8E38AC0700 movsx cx, byte ptr [esi+0007AC38]
:0049E15B 89442414 mov dword ptr [esp+14], eax
:0049E15F 8B8694000000 mov eax, dword ptr [esi+00000094]
:0049E165 8D542410 lea edx, dword ptr [esp+10]
:0049E169 40 inc eax
:0049E16A 52 push edx
:0049E16B 6835200000 push 00002035
:0049E170 6844897200 push 00728944
:0049E175 66894C2424 mov word ptr [esp+24], cx
:0049E17A 897C2428 mov dword ptr [esp+28], edi
:0049E17E 898694000000 mov dword ptr [esi+00000094], eax
:0049E184 E807600A00 call 00544190
:0049E189 83C414 add esp, 00000014
:0049E18C 5F pop edi
:0049E18D 5E pop esi
:0049E18E 81C494000000 add esp, 00000094
:0049E194 C20400 ret 0004


I understand that it used esp alot to determine the jump that is on EIP 0049E11A. I want it to NOT jump there.

THe problem is, all the registers are the same ever time (When it jumps and when it doesnt). I thought they were quick access varibles, but I guess not.

Can you explain a bit pls?

No, just go to a search engine and look up a tutorial. Once you know some of the assembly langauge, come back and ask some questions and ill be happy to help. But this isnt the place to lean asm from the bottom up.