assembly - How to view the value located in the DS segment via OllyDbg -


i'm debugging 1 dll via ollydbg , found following command:

lea ecx,dword ptr ds:[ecx+edx+8771f681]

ecx 90c85fff , edx 13f5a9ce, final address 0x90c85fff + 0x13f5a9ce + 0x8771f681 = 0x12c30004e. unfortunately, don't know how view value located @ address. ctrl-g in fpu window says "no memory on specified address".

thanks in advance.

remember lea can used used calculation, not address (the actual result of calculation never accessed / dereferenced). also, segment override has no effect on calculation.

  • ecx = 0x402000 ; ebx = 0x20 ; fs segment prefix override (fs base = 0x7ffdd000)
  • mov ecx, [ecx+ebx-4] ; result = ecx = 0x40201c

to check address mapped, in ollydbg, can stop @ instruction , check mini-window between cpu windows , dump window:

enter image description here

the address=xxxx line indicates result of calculation (before executing instruction). if right click line, might see popup window:

  • if address mapped in process address space, you'll see follow in dump entry on popup-menu.
  • if address not mapped, popup-menu doesn't display follow in dump entry.

note: ollydbg (at least v2) consider mapped kernel addresses mapped, although not accessible userland. if msb set in address, consider not mapped.


Comments

Post a Comment

Popular posts from this blog

php - failed to open stream: HTTP request failed! HTTP/1.0 400 Bad Request -

this code i'm using find latitude , longitude of place: function coords($address){ echo $url="http://maps.googleapis.com/maps/api/geocode/json?address=".$address; $json = file_get_contents(urlencode($url)); $data = json_decode($json, true); print_r($data['results'][0]['geometry']['location']['lat']); print_r($data['results'][0]['geometry']['location']['lng']); } however returns warning: failed open stream: http request failed! http/1.0 400 bad request if use above code in simple procedure works fine not in function. note: have tried curl_init()... method produced same result? instead of encoding whole url encode address part. following code work fine $add='jamshoro phase 2'; $url="http://maps.googleapis.com/maps/api/geocode/json?address=".urlencode($add); $json = file_get_contents($url); $data = json_decode($json, true); print_r($data['r
Read more

java - How to filter a backspace keyboard input -

i have code gives message when key number pressed: txtvalueofclause.addeventfilter(keyevent.key_typed, new eventhandler<keyevent>() { @override public void handle(keyevent t) { char ar[] = t.getcharacter().tochararray(); char ch = ar[t.getcharacter().tochararray().length - 1]; if (!(ch >= '0' && ch <= '9')) { system.out.println("the char entered not number"); t.consume(); } } }); now if press on wrong button , press backspace remove it, error message. how can add backspace input if statement? i have found answer: txtvalueofclause.addeventfilter(keyevent.key_typed, new eventhandler<keyevent>() { @override public void handle(keyevent t) { char ar[] = t.getcharacter().tochararray(); char ch = ar[t.getcharacter().tochar
Read more

java - Show Soft Keyboard when EditText Appears -

i have code in android app, alert dialog , keyboard, , when dialog shown want keyboard appear. not , not sure why? here code: final alertdialog.builder alert = new alertdialog.builder(this); alert.settitle("title"); alert.setmessage("message"); final edittext input = new edittext(this); input.setinputtype(inputtype.type_class_number); alert.setview(input); input.setonfocuschangelistener(new view.onfocuschangelistener() { @override public void onfocuschange(view v, boolean hasfocus) { if (hasfocus) { log.i(tag, "in focus"); inputmethodmanager inputmethodmanager = (inputmethodmanager) getsystemservice(context.input_method_service); inputmethodmanager.showsoftinput(input, inputmethodmanager.show_implicit); } } }); but keyboard not appear though edit text in focus, , tell appear why, doesn't come up? thanks in advance.
Read more