View Single Post
  #13  
Old 08-22-2002, 08:10
NE1
 
Posts: n/a
I think you just didn't understand the wording I used.

Quote:
the offset is stored at the address in ESP
ESP is a pointer to the top of the stack. This means it holds the address of the stack, not the data that is on the stack (just the location where the data is). So to get the address you are looking for, you would type d esp, and in the data window you would see the address you need. It will be written from right to left. So you would read the first 4 bytes listed in the data window from right to left. So if the data window listed say E0 C8 53 00 as the first four bytes. the actual address would be 0053C8E0.

Also, don't forgot that this is what F11 does for you in Softice. So the easier way to do it would be to set your breakpoint on getwindowtexta. When softice pops up, hit F11, and you will land on that address (the address that was in ESP). Then you can manually set the bpx on the current address (type it in or double click on the line), if you need to use it again (as F11 just sets a one shot breakpoint). Then next time you choose your menu item, you will skip that call to getwindowtexta, and softice will popup on the line right after that call.


EDIT: Oops, just noticed the you were the person that originally started this thread, and thus F11 may not be working for you. If it is not, then just ignore the second part of this message and do it the way I explained in the first paragraph. (Also double check the the F11 key is setup correctly in winice.dat. One again it should read F11="^G @SS:ESP;" with the quotes. Winice.dat should be in your WINDOWS/SYSTEM32/DRIVERS folder and can be edited with any text editor.)

Last edited by NE1; 08-22-2002 at 08:26.
Reply With Quote