|
for the stack everything follow my tut. except 12ffbc == 00000000 instead of ffffffff, but if you folllow the code ,it was there but just over written by:
mov dword ptr ss:[ebp-4],ebx; the ebp== 12ffc0 if you substract 4 from it, you will end up at 12ffbc, where ebx with value of 0 moved to it.
learn to use the stack with the trace, not the trace alone.
sorry I relied on lownoise first finding and it was wrong.
Last edited by britedream; 03-24-2004 at 16:14.
|