Results 1 to 3 of 3

Thread: hex dump, or register?

  1. #1
    jose barroca
    Guest

    hex dump, or register?

    Hello all,

    I'm puzzled with something here. I'm reading a tutorial, where a program executes the following:

    :005F6F7D lea ecx, [ebp+var_280]
    :005F6F83 push ecx <-- Vendor code structure
    :005F6F84 mov edx, [ebp+arg_0]
    :005F6F87 add edx, 30Ch
    :005F6F8D push edx <-- Vendor name
    :005F6F8E mov eax, [ebp+arg_0]
    :005F6F91 push eax <-- Job structure
    :005F6F92 call _l_sg

    then, it instructs the reader to "note a copy of the vendor structure":

    04 00 00 00 19 59 D5 7A ED A3 2D 80 ED 11 A0 18
    97 E1 4B 27 A8 21 6A E2 41 04 58 52 09 00 00 00

    My question is exactly here: is this the contents of the ECX register, or something that has been pushed onto the stack? And, in either case, how can we actually see it? Is it in some way related to the bottom right sub-window of the CPU window?

    Regards,

    JB
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    xcracx
    Guest

    hex dump, or register?

    ok if i got you write you wanna dupe or something like that
    by vendor as i see here you just need to copy the push ecx and note it
    for using the address in another process

    for your information you can view ECX's content in the Register window(top right one) by setting a bp for example and you can also changing it by the register window While process

    good luck,

    SasukeHa
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    xcracx
    Guest

    hex dump, or register?

    sorryyyy Not SasukeHa but xcracx, that is my other nickname
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. zero register
    By cse_india in forum OllyDbg Support Forums
    Replies: 0
    Last Post: August 19th, 2006, 09:53
  2. Need help on finding a register location...
    By RecklessYouth in forum OllyDbg Support Forums
    Replies: 12
    Last Post: June 7th, 2004, 13:39
  3. AL register - How do I modify it?
    By Anonymous in forum OllyDbg Support Forums
    Replies: 2
    Last Post: June 25th, 2003, 07:58
  4. Replies: 0
    Last Post: June 4th, 2001, 11:31
  5. Registering an app with no register dialog
    By SirLeechaLot in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: January 25th, 2001, 16:09

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •