Quote:
Originally Posted by Naides
Well, taking a look at the Actual BP in your code
Code:
77D1872A or byte ptr [eax+FB4], 1
Here77D18731 call [ebp+8] There
77D18734 mov ecx, fs:[18]
In Here ESP+4 Is indeed pointing at the right address but when you are at There, ESP has changed because the call instruction pushes the return address into the stack.
So the question is, and I DO NOT know the answer off hand, does the Conditional gets evaluated before, during or after the call instruction??
I know that by design, 'Break on Read' or 'Break on Write' are evaluated AFTER the instruction at the bp has executed. . . |
I do not think I am
There when I set the
breakpoint at +77D18731, because if I change the condition to
[esp+4] ==SomeHandle
that breakpoint will always be triggered.
So the problem is actually concerned with the condition
[SomeAddress]==SomeValue
for example
[401000] == 12345678
Whether the above condition is satisfied or not when I reach
the breakpoint, OllyDbg does not stop.