|
|
#7
06-04-2005, 18:57
|
|||
|
|||
|
One Possibility is that the call to your code is generated dynamically at runtime, something like:
call [EAX +50] under those circumnstances disassembly listings from WDASM or IDA cannot cross reference the caller code. You need to see it in live tracing. . . One very useful resource is the call stack window. In SoftIce type: WS. In Olly: View -> Call Stack (Alt-K) You will see a list of addresses with modules: A called B that Called C that Called D that called your code. The actual addresses you see in the list are the return address, which is the next instruction after the call was made. By placing breakpoints or examining the code around each call you will be able to locate, at each deeper layer, the chain of events that resulted on calling your "bad boy" "key not found" routine. One problem: If there is one or more Structured Exception Handlers (SEH) frames set up during the chain of calls (CALL STACK) the order of call and return may change, depending on an exception being generated and handled, so the flow of the code stack is not as linear as I described, but it "branches". Hope I did not confuse you more. 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| OllyDbg + Registry question | sTfN0X | General Discussion | 4 | 07-12-2004 19:18 |
| PELOCK Question again--.w.--Ollydbg | boya | General Discussion | 0 | 06-10-2004 12:38 |
| OllyDbg question | butter | General Discussion | 2 | 05-07-2004 10:30 |
| Quick sice question | mical | General Discussion | 3 | 09-16-2003 02:06 |
Threaded Mode