Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-06-2006, 20:37
abitofboth
 
Posts: n/a
n00b Quest II(tm)

Hello again.
I've collected the next batch of stupid questions i hope someone could help me shed some light on.

Basicly im trying to enterpret some very helloworld'ish basic code written in c++ code(vs2005, console app).

http://www.geocities.com/iamasciiart/hellow.JPG

Truth be told, im fiddling with some codeinjection, evaluating different approaches, but i figure i'd get a little better at reading asm first.
The idea of this statement "cout<<"address :"<<IAmMethodOne<<endl;" was to print the address entry point of the function (the function i would later try to hook).
However a few shots of this code in olly shows

http://www.geocities.com/iamasciiart/olly_page1.jpg
http://www.geocities.com/iamasciiart/olly_page2.jpg
http://www.geocities.com/iamasciiart/olly_page3.jpg

now, take the first two breakpoints in olly_page1. They're never hit! However the "cout<<"address :"<<IAmMethodOne<<endl;" statements prints those two address points, that is 401000 and 401030.
Why is that?
You'll also see that 4012D0 is called from these two places(and others), wich is the code that actually prints the characters to the console.
I assume 401080 is the 'real' entrypoint of my code/main.

Comments ?
Reply With Quote
  #2  
Old 01-08-2006, 23:34
Inv
 
Posts: n/a
n00b Quest II(tm)

I am wrote next code in VC6:
#include <iostream>
using namespace std;
int total=0;
void metodOne(){
//__asm int 3;
cout<<"first "<<endl;
}
void metodtwo()
{
cout<<"second "<<endl;
for(int i=0;i<10000;i++){total+=1;}
}

int main(int argc, char* argv[])
{

cout<<"addres: "<<metodOne<<endl;
cout<<"addres: "<<metodtwo<<endl;
metodOne();
metodtwo();
return 0;
}


OUtput:
-------------------
addres: 00401080
addres: 004010F0
first
second
-------------------
Where 00401080 and 004010F0 really entry of metodOne() and metodtwo().
Try set __asm int 3; (and disable in Olly INT 3 breaks )to get 'real' entry point of your code/main or other.
And all breakpoint worked perfeckt.
Reply With Quote
  #3  
Old 01-18-2006, 22:05
abitofboth
 
Posts: n/a
Thanks man, but its excatly the same... perhaps i should try a different compiler just to compare!
I sure has hell would like to know _why_ its looking like it do!
(and sorry for the late reply )

edit ; in fact, i can nop the entire 401000 -> 401080 and it will have no consequence on the process.. weird

Last edited by abitofboth; 01-18-2006 at 22:08.
Reply With Quote
  #4  
Old 01-19-2006, 01:30
Human
 
Posts: n/a
well i know c but c++ im still have no mood to learn it,for me really suxx those classes ,cout and other crap, maybe you should try in pure c and use printf there you know what you do just use &methodone and you will know it will use address, but cout who knows what it will mean on different compiler(address,or call function and print returned value), same bugs we can find on anticrack board where was topic about something like 4+3*5 different compiler different numbers
Reply With Quote
  #5  
Old 01-19-2006, 06:27
riotz
 
Posts: n/a
hmm it looks to me like some weird compiler optimization your functions are never called when you check the adresses... seems like the compiler just put the stuff from the functions into the main function routine that starts at 401080 like you said
Reply With Quote
  #6  
Old 01-19-2006, 15:32
abitofboth
 
Posts: n/a
Human -> good idea too .. ill test it out, and hopefully find that topic you're reffering to!

riotz -> indeed. How that accounts for optimization on any account is what i'd like to know

Ill give it a run and get back to you guys

edit, update ;

printf with msvc2005 prints the exact same address as with cout.
However i tried it out with bloodshed(gcc3.4.2) and of course this produces at completely different binary BUT.. the cout methods is reported to be at address 1.. like wtf? .. however the PRINTF actually prints the right address here! Human? good idea.

Last edited by abitofboth; 01-19-2006 at 20:52. Reason: update
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Likely N00b question - Bassmod.dll Stingered General Discussion 6 01-16-2018 02:23
N00b : help ? abitofboth General Discussion 11 05-05-2005 15:12


All times are GMT +8. The time now is 15:06.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )