Name: Anonymous 2008-11-25 15:35
Hey
A few basic questions:
- Opening the executable directly in OllyDbg doesn't work, I have to launch the program and then attach to the process. Not really a problem, but is this some sort of lame anti-debugging feature or something else?
- In Windows, arguments are passed on the registers, on the stack or what? I'm guessing registers.
- In the main executable, how can I search for calls to the DLL? I can set breakpoints in the DLL's functions, but that doesn't let me see where in the original exe they were called.
- How can I figure out the types a function is expecting/returns (and the number of arguments when there's no RETN at the end)? I realize the answer to this is ``Go read the disassembly, you dumbass,'' but are there any basic pointers that might make this easier?
Basically, any input related to disassembly and reverse engineering that isn't "how 2 insert NOPs 4 n00bz" or "how2make a keygen if upay me enouhg ;)" is highly appreciated.
/prog/, here's my problem. I have a dll with a couple of functions that I'm currently attempting to figure out what they do, but the fact that I seem to be completely lost at this, plus the fact that Windows crap is alien to me and all the tutorials/FAQs/etc I find in Google are all about ``cracking r3gg3d warez appz'' isn't helping. All I have is that dll and an executable that calls functions from that dll. I obviously already have the names of the dll's functions and how many arguments they take for all but one function (OllyDbg's ``Call DLL Export'' was able to guess from the RETNs, but even I could have done that).A few basic questions:
- Opening the executable directly in OllyDbg doesn't work, I have to launch the program and then attach to the process. Not really a problem, but is this some sort of lame anti-debugging feature or something else?
- In Windows, arguments are passed on the registers, on the stack or what? I'm guessing registers.
- In the main executable, how can I search for calls to the DLL? I can set breakpoints in the DLL's functions, but that doesn't let me see where in the original exe they were called.
- How can I figure out the types a function is expecting/returns (and the number of arguments when there's no RETN at the end)? I realize the answer to this is ``Go read the disassembly, you dumbass,'' but are there any basic pointers that might make this easier?
Basically, any input related to disassembly and reverse engineering that isn't "how 2 insert NOPs 4 n00bz" or "how2make a keygen if upay me enouhg ;)" is highly appreciated.