|
|
#4
05-14-2004, 02:50
|
|||
|
|||
|
What are the values
Thanks for the replies.
I'm trying to add a kind of tracer to GT (or maybe it will be separate - don't know yet). But currently I have the problem that I donÄt know how to start. I'm just talking 'bout 32-Bit Windows, anything else is postponed  I used OllyDbg to show me some initial values but especially the ebp and esp values are not clear. eax seems to be 0 ecx seems to be an odd combination of 4 times (01) or (00) edx seems to be 0xffffffff ebx seems to be 0x7ffdf000 esp seems to be (stack commit + stack reserve + 0x00010000) - anything ebp like esp + 0x2c esi random edi random Also OllyDbg (or Windows?) already pushed something on the stack. There is something like an SEH chain and some crude return address (resolves to ProcessIDToSessionID in my kernel32.dll) Any ideas??? regards PHaX 
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| need help register in www.aoreteam.com/vb | cxj98 | General Discussion | 2 | 09-14-2014 21:25 |
| Hex values for jumps and thier functions please? VB? | CrAcKaHoLic | General Discussion | 4 | 01-10-2004 02:54 |
Threaded Mode