|
|
#27
05-01-2004, 02:06
|
|||
|
|||
|
Can anyone confirm my observation of the difference between the last exception routine code when there are stolen bytes and when there are none? I've only seen this one target without stolen bytes. Just to recap, those I've had time to play with or have read tuts about with stolen bytes seem to have the last part of the last exception routine in the form:
00D23D38 FF30 PUSH DWORD PTR DS:[EAX] 00D23D3A FF75 F0 PUSH DWORD PTR SS:[EBP-10] 00D23D3D FF75 EC PUSH DWORD PTR SS:[EBP-14] 00D23D40 C3 RETN 00D23D41 5F POP EDI 00D23D42 5E POP ESI 00D23D43 5B POP EBX 00D23D44 8BE5 MOV ESP,EBP 00D23D46 5D POP EBP 00D23D47 C3 RETN and this one without stolen bytes ends with: 00A10050 FF75 F0 PUSH DWORD PTR SS:[EBP-10] 00A10053 FF65 EC JMP DWORD PTR SS:[EBP-14] 00A10056 5F POP EDI 00A10057 5E POP ESI 00A10058 5B POP EBX 00A10059 8BE5 MOV ESP,EBP 00A1005B 5D POP EBP 00A1005C C3 RETN Regards,
__________________
JMI 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Aspr anyone know this one? | hobferret | General Discussion | 16 | 05-13-2015 22:54 |
| ASPR, ARMA question | sgdt | General Discussion | 3 | 04-09-2006 03:38 |
| More Aspr 1.31 | SvensK | General Discussion | 0 | 06-09-2004 22:52 |
| Newbie question ASPR 1.23 RC4 (long!) | Wurstgote | General Discussion | 126 | 02-27-2004 11:41 |
Threaded Mode