[Question] : Breakpoint at packet send

Submit Tutorials Related to Memory Hacking Software

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

Postby mezzo » Tue Nov 27, 2007 9:42 pm

fabsyi wrote:This is actually the eip of the instruction following the call, it is pushed onto the stack automatically as part of the 'call' instruction.

Yes, that's the one :-) I knew what it did, just couldn't think of the correct name for the Instruction Pöinter, lol

I've installed WinAsm studio, to brush up on my assembler..
Long gone are the days that I used inline assembler in turbo pascal to make DOS protected mode grafix faster :P
Since I spend my days in unix, with more shellscripts and perl code then I care for, I keep forgetting dumb things that I used to know.
At home, my 24 inch is always filled with win32.hlp, mhs_help.chm, pcasm-book.pdf, ARteam's win32 assembly tut, MHS and whatever program I'm currently (ab)using.

I have so much to learn :)
- No thanks, I already have a penguin -
User avatar
mezzo
El Mariachi
 
Posts: 739
Joined: Mon Apr 30, 2007 10:27 pm
Location: Antwerp

Postby Shynd » Wed Nov 28, 2007 2:11 am

You can, of course, just breakpoint the function and use ESP instead of EBP, but be careful when doing so. Also, the first parameter is ESP+0x4 instead of +0x8, because EBP hasn't been pushed onto the stack yet.
User avatar
Shynd
Acker
 
Posts: 68
Joined: Fri Jan 05, 2007 2:11 am

Previous

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 0 guests

cron