Problem with Return Address

		Exetools > General > General Discussion
Problem with Return Address

08-03-2003, 16:13

ArC

VIP

Join Date: Jan 2003

Location: NTOSKRNL.EXE

Posts: 172

Rept. Given: 0

Rept. Rcvd 1 Time in 1 Post

Thanks Given: 5

Thanks Rcvd at 17 Times in 12 Posts

Sorry, everything is ok:
Inside that call there's a pointer pointing
to the return address.
However, there's an AND [pointer],0 executed
which causes that the return address is "removed"

However, it's still a bit strange, cause the return address
is duplicated on the stack. You can say that it is stored
twice.
But when we come to the RET of the call, the stack points
to the old return address which was removed with the AND
I mentioned above....

However, thx for your reply

« Previous Thread | Next Thread »

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is Off HTML code is Off Forum Rules

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
How do I know what information return this address?	byvs	General Discussion	5	11-20-2015 20:57
Can we hook some func in another process then change return address?	Teerayoot	General Discussion	5	09-21-2004 11:12
Softice - how do I return to calling code?	sync	General Discussion	16	08-22-2002 20:02

All times are GMT +8. The time now is 16:45.