Thread: Initial Register values
View Single Post
  #2  
Old 05-14-2004, 02:50
phax
 
Posts: n/a
What are the values
Thanks for the replies.
I'm trying to add a kind of tracer to GT (or maybe it will be separate - don't know yet). But currently I have the problem that I donÄt know how to start.
I'm just talking 'bout 32-Bit Windows, anything else is postponed
I used OllyDbg to show me some initial values but especially the ebp and esp values are not clear.

eax seems to be 0
ecx seems to be an odd combination of 4 times (01) or (00)
edx seems to be 0xffffffff
ebx seems to be 0x7ffdf000
esp seems to be (stack commit + stack reserve + 0x00010000) - anything
ebp like esp + 0x2c
esi random
edi random

Also OllyDbg (or Windows?) already pushed something on the stack. There is something like an SEH chain and some crude return address (resolves to ProcessIDToSessionID in my kernel32.dll)

Any ideas???

regards
PHaX
Reply With Quote