Hi,
I got a little problem to find the right complex address. Ok here is the problem:
- In use ollydbg to trace down some routing of a game
- after some pointers the value I need to find out is stored in the spackpointer(esp)
How can I find the root, where esp is set?
Greetz Tobi.
How to find out what sets the ESP-Register, please HELP!!!
Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo
8 posts • Page 1 of 1
How to find out what sets the ESP-Register, please HELP!!!
by Steiner » Sun Jul 20, 2008 11:26 pm
- Steiner
- I Ask A Lot Of Questions
- Posts: 19
- Joined: Thu Jul 10, 2008 7:17 pm
by L. Spiro » Mon Jul 21, 2008 9:33 am
Why do you need to know how ESP is set? There is no reason for knowing this.
It is set by every PUSH, POP, CALL, RET, and RETN in the code, and sometimes MOV and SUB.
It is impossible to use this information constructively; find another path for whatever you are trying to do.
L. Spiro
It is set by every PUSH, POP, CALL, RET, and RETN in the code, and sometimes MOV and SUB.
It is impossible to use this information constructively; find another path for whatever you are trying to do.
L. Spiro
Our songs remind you of songs you’ve never heard.
-
L. Spiro - L. Spiro
- Posts: 3129
- Joined: Mon Jul 17, 2006 10:14 pm
- Location: Tokyo, Japan
by Steiner » Mon Jul 21, 2008 4:45 pm
I'm trying to find a complex address, but I must pause my work, because I can't going on. This is my current result:
[[[[ESP]+0x28]+0x14]+0x78]+0x04
I believe there is no other way, because I watch the value in memory dump, it's change only when this path was taken.
Greetz Tobi.
[[[[ESP]+0x28]+0x14]+0x78]+0x04
I believe there is no other way, because I watch the value in memory dump, it's change only when this path was taken.
Greetz Tobi.
- Steiner
- I Ask A Lot Of Questions
- Posts: 19
- Joined: Thu Jul 10, 2008 7:17 pm
by L. Spiro » Mon Jul 21, 2008 6:27 pm
ESP is on the stack. The stack is a pile of temporary constantly changing data. At any given time, any value on the stack may be anything and have been set by any function. All functions on the thread use the stack, and they all share it for all of their temporary data.
Imagine a pile of garbage with things constantly being added to the top and things constantly rolling down the side. At one position on the heap, at one time, you may find what you want, but it is quickly covered by something else rolling down the hill. It may appear and reappear, but it may not be at the same location, and it will always disappear.
You can not use anything on the stack for any purpose. It is garbage.
There is only one exception, that being a “CGame” class declared on the stack, or a pointer to such a class declared on the stack, as is done with Nintendo DS games. For example:
But you really need to verify yourself whether this is the case, and whether it is or not does not matter; you have no reliable way of getting the offset into the stack of the object.
L. Spiro
Imagine a pile of garbage with things constantly being added to the top and things constantly rolling down the side. At one position on the heap, at one time, you may find what you want, but it is quickly covered by something else rolling down the hill. It may appear and reappear, but it may not be at the same location, and it will always disappear.
You can not use anything on the stack for any purpose. It is garbage.
There is only one exception, that being a “CGame” class declared on the stack, or a pointer to such a class declared on the stack, as is done with Nintendo DS games. For example:
- Code: Select all
int main() {
CGame * pgGame = new CGame();
pgGame->Run();
return 0;
}
But you really need to verify yourself whether this is the case, and whether it is or not does not matter; you have no reliable way of getting the offset into the stack of the object.
L. Spiro
Our songs remind you of songs you’ve never heard.
-
L. Spiro - L. Spiro
- Posts: 3129
- Joined: Mon Jul 17, 2006 10:14 pm
- Location: Tokyo, Japan
8 posts • Page 1 of 1
Return to Bugs/Problems/Suggestions
Who is online
Users browsing this forum: No registered users and 0 guests