assembly - How do I attach to a process and read from specific instruction? -


i'm trying write "shunt" existing application spew out data can integrate analysis i'm trying perform, i've hit dead end. i've isolated instruction want read from, i'm not sure how accomplish this.

this instruction set i'm trying isolate (specifically value 00412159):

00412153 - mov [eax+04],edx 00412156 - fld dword ptr [ecx+08] 00412159 - fstp dword ptr [eax+08] 0041215c - ret 0041215d - int 3

results of 3 memory scans same variable resulted in following results:

eax=1798b4e0 ecx=0018d5c0 edx=00000016  eax=18d96298 ecx=0018d5c0 edx=00000016  eax=18d3dca8 ecx=0018d5c0 edx=00000016

if attach debugger running program, value want @ eax, value of eax changes each time target process restarted.

evidently i'm running dma (dynamic memory access) aka heap-based memory allocation , causing pointer mapping generated @ runtime. brief research subject revealing 2 components need figure out static base pointer, , offset used reach runtime pointer.

i've spent total of 4 hours experiance asm, may problem, or i'm tackling problem out of league. ideas on best way read value instruction @ 00412159 or suggestion on how find base pointer , offset?

sorry late answer.

basically application dynamically allocates memory when starts. (think malloc or in high-level programming)

if find allocation code, can find address of start of memory allocated , it's size think important variables know.

then need debugger put breakpoint @ 00412159 trace backward going in code manually , find eax has been initialized dynamic address.

other that, defeating dma has been matter of experience , debugging skills each programs different. if post assembly listing here might able in right direction.


Comments

Post a Comment

Popular posts from this blog

asp.net - repeatedly call AddImageUrl(url) to assemble pdf document -

i'm using abcpdf , i'm curious if can recursively call addimageurl() function assemble pdf document compile multiple urls? something like: int pagecount = 0; int theid = thedoc.addimageurl("http://stackoverflow.com/search?q=abcpdf+footer+page+x+out+of+", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetochain(theid); } pagecount = thedoc.pagecount; console.writeline("1 document page count:" + pagecount); //flatten document (int = 1; <= pagecount; i++) { thedoc.pagenumber = i; thedoc.flatten(); } //now try again theid = thedoc.addimageurl("http://stackoverflow.com/questions/1980890/pdf-report-generation", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetoc
Read more

java - Android recognize cell phone with keyboard or not? -

in android app, want detect user's device if device has keyboard(like motorola milestone) , show corresponding user interface. guys know how that? ! regards justicepenny http://developer.android.com/reference/android/content/res/configuration.html public int keyboard the kind of keyboard attached device. 1 of: keyboard_nokeys, keyboard_qwerty, keyboard_12key. that's it!
Read more

iphone - How would you achieve a LED Scrolling effect? -

how achieve led scrolling effect example below? led sign - led ticker emulator iphone , ipad http://img.skitch.com/20101201-rsfh4p1bajb1wp94k466pdpiuj.preview.jpg sometimes remunerates comment in other posts :) have put code you, should implement font '8pin matrix' realistic feeling. uilabel *label; - (void)viewdidload { [super viewdidload]; label = [[uilabel alloc]initwithframe:cgrectmake(10, 50, 300, 20)]; label.font = [uifont fontwithname:@"courier-bold" size:16.0]; label.backgroundcolor = [uicolor blackcolor]; label.textcolor = [uicolor greencolor]; label.linebreakmode = uilinebreakmodecharacterwrap; // otherwise "…" label.text = @"this led text scrolled "; // blanks space between [self.view addsubview:label]; [nstimer scheduledtimerwithtimeinterval:0.12f target:self selector:@selector(scrolllabel) use
Read more