![]() Later on we have some MOVs to and from that address, where ECX is used to access memory. Of course, there's no way to know for sure. It is used for unsigned arithmetic and compilers like to use it when doing pointer arithmetic and adding offsets - so whenever you see this instruction, you should be alarmed that whatever it operates on might be a pointer to a structure. Note that this is done by the LEA instruction, which is shorthand for "Load Effective Address". Then an offset of 4 is added to that argument and moved into ECX. ![]() The first instruction moves the first argument into EAX. It traces registers, recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines from object files and libraries. Based on the code you posted, I think the data structure might be pointed to by the first parameter. OllyDbg (named after its author, Oleh Yuschuk) is an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. the last parameter is pushed first), and the called function uses EBP to access them. With this convention, the parameters are passed on the stack in reverse order (e.g. There's hardly anything "undocumented" about it.ĮBP is most often used as the stack frame pointer in functions, most notably in the C calling convention (also known by the name cdecl). ![]() ![]() What kind of "undocumented functions" do you mean? Assembly is just compiled high-level code most of the time. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |