| View previous topic :: View next topic |
| Author |
Message |
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
 Posted: Sun Mar 15, 2009 6:09 pm Post subject: Getting stack data |
 |
|
Like..
| Code: |
push 4000
call Whatever
|
And I put a jmp from the call to my memory space(codecave). How would I get the stack info?
|
|
| Back to top |
|
 |
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Sun Mar 15, 2009 6:17 pm Post subject: |
|
|
| Grr! I want to get the stack data, how would I do it?
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Sun Mar 15, 2009 6:32 pm Post subject: |
|
|
| ESP
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Sun Mar 15, 2009 6:40 pm Post subject: |
|
|
not sure what you mean.. but stack is just a block of memory. two ways you can do it. you could pop it all off into a big array. but it would be quicker to get pointer to top and base of stack ( esp and ebp respectively), this is assuming that you did not just set up stack frame then do MOV instead. since move is a lot faster than push + pop
bear in mind the 'top' of the stack, ie. esp is actually at a lower virtual address than the 'base'
|
|
| Back to top |
|
|
oib111
I post too much
 Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Sun Mar 15, 2009 7:37 pm Post subject: |
|
|
| Slugsnack wrote: |
bear in mind the 'top' of the stack, ie. esp is actually at a lower virtual address than the 'base' |
Depends on what kind of processor he's using, but since he's probably using Intel or AMD then yes it will be like that.
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Sun Mar 15, 2009 7:52 pm Post subject: |
|
|
| I'm using AMD Athlon 64 X2 Processor.
|
|
| Back to top |
|
|
oib111
I post too much
Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Sun Mar 15, 2009 7:58 pm Post subject: |
|
|
Don't worry, the stack will work the way Slugsnack described. You really shouldn't worry about what I said since no one uses motorola or MIPS processors anymore.
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Mon Mar 16, 2009 6:10 am Post subject: |
|
|
| wait.. re-reading OP.. what are you trying to do ? copy entire stack ? or read off parameters that a function takes by an inline hook ? ( in this case 0x4000 )
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Mon Mar 16, 2009 8:45 am Post subject: |
|
|
| Params.
|
|
| Back to top |
|
|
BanMe
Master Cheater
![]() Reputation: 0
Joined: 29 Nov 2005
Posts: 375
Location: Farmington NH, USA
|
| Posted: Mon Mar 16, 2009 2:46 pm Post subject: |
|
|
yay this is so fucking hard to comprehend..(all this "i dont understand" crap is useless..if you dont understand then dont post..)
original code
| Code: |
push param
call function
|
hooked code
| Code: |
push param
jmp myfunction
|
myfunction code
| Code: |
pop TempParam//this the param
push TempParam
jmp function
|
maybe i'm stupid...but slug could've just said its a FIFO stack.. and S3NS4 coulda googled it..maybe learning a bit more then Slug let on 
regards BanMe
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Mon Mar 16, 2009 5:06 pm Post subject: |
|
|
| FILO not FIFO surely ? o_O
|
|
| Back to top |
|
|
DoomsDay
Grandmaster Cheater
 Reputation: 0
Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
|
| Posted: Mon Mar 16, 2009 5:21 pm Post subject: |
|
|
| FILO
|
|
| Back to top |
|
|
iNoobHacker
Advanced Cheater
![]() Reputation: 0
Joined: 05 Nov 2006
Posts: 99
|
|
| Back to top |
|
|
BanMe
Master Cheater
![]() Reputation: 0
Joined: 29 Nov 2005
Posts: 375
Location: Farmington NH, USA
|
| Posted: Mon Mar 16, 2009 5:54 pm Post subject: |
|
|
yes yes acronym semantics it would've lead the OP to a better understanding of stacks...FILO is the correct acronym..yet none of you could come up with the code... hmm why is that?
_________________
don't +rep me..i do not wish to have "status" or "recognition" from you or anyone.. thank you. |
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Mon Mar 16, 2009 6:02 pm Post subject: |
|
|
| perhaps because i have him on msn and helped him there instead ? why you being a dick all of a sudden.. just because irwin was an asshole to you doesn't mean you have to vent your frustration on everyone else
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
