Lodrik wrote:How did you find 'EBP+0x00;
EBP+0x04;
EBP+0x08;
EBP+0x0c;
EBP+0x10;
EBP+0x14'?
This is how you get the parameters to any function.
They are in the same order as they are passed to the function, so all you need is to know the parameters, which are listed on the MSDN.
Lodrik wrote:Is it the same in sendto, recvto and WSASend functions?
The same on any function.
Lodrik wrote:How did you find out where the breakpoint has to be set?
Did you look for a specific piece of code or is it just random?
The breakpoint has to be set at the start of the function as soon as the stack has been realigned.
Lodrik wrote:How do we know when the stack gets realigned?
When you see a line containing SUB ESP or ENTER.
L. Spiro