breakpoints and stack in LSS

Ask for Help on Using the Language With Memory Hacking Software

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

breakpoints and stack in LSS

Postby mezzo » Fri Nov 23, 2007 5:46 am

hey all,
I'm playing around with the ping.exe binary and I would like to trap the 6th item on the stack when the IcmpSendEcho2 is called.

Do I best set my breakpoint on the actual push and work from there or do I breakpoint the call to IcmpSendEcho2 and then start getting stuff off the stack until I get the 6th item ?

manually it's easy, cuz you can simply click on the stack, but how do I best tackle this with LSS and an ON_BP_ script ? any hints would be great.
(I have no idea how to get things off the stack in LSS....)
- No thanks, I already have a penguin -
User avatar
mezzo
El Mariachi
 
Posts: 739
Joined: Mon Apr 30, 2007 10:27 pm
Location: Antwerp

Postby L. Spiro » Fri Nov 23, 2007 9:56 am

The breakpoint must be after the
Code: Select all
ENTER
or
Code: Select all
PUSH EBP
MOV EBP, ESP
at the start of the function.


This goes into the breakpoint handler function and converts the X argument to an extern that allows you to easily use it.
Replace ITEM with the 0-based index of the arguement you want.
Code: Select all
extern DWORD e_dwArg = { "", lpProcInfo->pcContext->Ebp+(8+ITEM*4) };


So argument 6 is index 5.


To get locals from inside the function:
Code: Select all
extern DWORD e_dwLocal = { "", lpProcInfo->pcContext->Ebp-(4+ITEM*4) };



Again, by 0-based index, obtain any DWORD local from inside the function.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan


Return to Help

Who is online

Users browsing this forum: No registered users and 0 guests