tag:blogger.com,1999:blog-5036198523690297182.post5256491328260144455..comments2024-02-05T00:25:13.117-08:00Comments on waliedassar: Catch Debuggers With The Step Over Trapwaliedhttp://www.blogger.com/profile/18278414703959705421noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-5036198523690297182.post-44410929871553644392012-02-09T00:20:39.431-08:002012-02-09T00:20:39.431-08:00Very nice tut!! Thanks a lot!!Very nice tut!! Thanks a lot!!Civahttps://www.blogger.com/profile/01896940447729049120noreply@blogger.comtag:blogger.com,1999:blog-5036198523690297182.post-31853548791990248792012-01-28T05:02:29.086-08:002012-01-28T05:02:29.086-08:00First, thanks for leaving me comments. I completel...First, thanks for leaving me comments. I completely understand your point. Anyway, the example above is only for demonstration. It is up to the developer to make his/her own custom macro and add it to proper functions e.g. ebp-based ones. Again, i just wrote the above post only for demonstration.waliedhttps://www.blogger.com/profile/18278414703959705421noreply@blogger.comtag:blogger.com,1999:blog-5036198523690297182.post-29343688632388475172012-01-28T02:52:30.436-08:002012-01-28T02:52:30.436-08:00Well, my point is that your macro might work or mi...Well, my point is that your macro might work or might not work without using the intrinsic. Regardless of the compiler options, you have no guarantee that ebp+4 is *always* the return address. For instance, imagine the compiler inlines your function, then ebp+4 might point to something entirely different.newgrenoreply@blogger.comtag:blogger.com,1999:blog-5036198523690297182.post-83371222343110212932012-01-26T13:31:30.034-08:002012-01-26T13:31:30.034-08:00It is up to the developer to choose the proper mac...It is up to the developer to choose the proper macro depending on the chosen compiler options.<br /><br />_ReturnAddress is not used in the source code above, since i am using VC++ 6.0, which seems to lack this compiler intrinsic.<br /><br />When using the "Step over" trap with the "rep movsb" instructions, you don't have to care that much about compiler options.waliedhttps://www.blogger.com/profile/18278414703959705421noreply@blogger.comtag:blogger.com,1999:blog-5036198523690297182.post-28546818075177578672012-01-26T12:56:44.967-08:002012-01-26T12:56:44.967-08:00Won't work in general since you can't know...Won't work in general since you can't know how the compiler sets up the stack or which registers are live at function entry (when, e.g., link time code optimization are enabled). If you assume VC++ you can use the compiler intrinsic "_ReturnAddress" to obtain the return address of the current function.newgrenoreply@blogger.comtag:blogger.com,1999:blog-5036198523690297182.post-26465176515498894512012-01-26T11:40:15.547-08:002012-01-26T11:40:15.547-08:00nice tut bro...
I may need a lot to learn about O...nice tut bro...<br /><br />I may need a lot to learn about OllyDbg from you bro... :D<br /><br />visit to my blog bro...<br />belajar-cracking.blogspot.comkhonelhttps://www.blogger.com/profile/12238438689890343197noreply@blogger.com