#1
|
|||
|
|||
n00b Quest II(tm)
Hello again.
I've collected the next batch of stupid questions i hope someone could help me shed some light on. Basicly im trying to enterpret some very helloworld'ish basic code written in c++ code(vs2005, console app). http://www.geocities.com/iamasciiart/hellow.JPG Truth be told, im fiddling with some codeinjection, evaluating different approaches, but i figure i'd get a little better at reading asm first. The idea of this statement "cout<<"address :"<<IAmMethodOne<<endl;" was to print the address entry point of the function (the function i would later try to hook). However a few shots of this code in olly shows http://www.geocities.com/iamasciiart/olly_page1.jpg http://www.geocities.com/iamasciiart/olly_page2.jpg http://www.geocities.com/iamasciiart/olly_page3.jpg now, take the first two breakpoints in olly_page1. They're never hit! However the "cout<<"address :"<<IAmMethodOne<<endl;" statements prints those two address points, that is 401000 and 401030. Why is that? You'll also see that 4012D0 is called from these two places(and others), wich is the code that actually prints the characters to the console. I assume 401080 is the 'real' entrypoint of my code/main. Comments ? |
#2
|
|||
|
|||
n00b Quest II(tm)
I am wrote next code in VC6:
#include <iostream> using namespace std; int total=0; void metodOne(){ //__asm int 3; cout<<"first "<<endl; } void metodtwo() { cout<<"second "<<endl; for(int i=0;i<10000;i++){total+=1;} } int main(int argc, char* argv[]) { cout<<"addres: "<<metodOne<<endl; cout<<"addres: "<<metodtwo<<endl; metodOne(); metodtwo(); return 0; } OUtput: ------------------- addres: 00401080 addres: 004010F0 first second ------------------- Where 00401080 and 004010F0 really entry of metodOne() and metodtwo(). Try set __asm int 3; (and disable in Olly INT 3 breaks )to get 'real' entry point of your code/main or other. And all breakpoint worked perfeckt. |
#3
|
|||
|
|||
Thanks man, but its excatly the same... perhaps i should try a different compiler just to compare!
I sure has hell would like to know _why_ its looking like it do! (and sorry for the late reply ) edit ; in fact, i can nop the entire 401000 -> 401080 and it will have no consequence on the process.. weird Last edited by abitofboth; 01-18-2006 at 22:08. |
#4
|
|||
|
|||
well i know c but c++ im still have no mood to learn it,for me really suxx those classes ,cout and other crap, maybe you should try in pure c and use printf there you know what you do just use &methodone and you will know it will use address, but cout who knows what it will mean on different compiler(address,or call function and print returned value), same bugs we can find on anticrack board where was topic about something like 4+3*5 different compiler different numbers
|
#5
|
|||
|
|||
hmm it looks to me like some weird compiler optimization your functions are never called when you check the adresses... seems like the compiler just put the stuff from the functions into the main function routine that starts at 401080 like you said
|
#6
|
|||
|
|||
Human -> good idea too .. ill test it out, and hopefully find that topic you're reffering to!
riotz -> indeed. How that accounts for optimization on any account is what i'd like to know Ill give it a run and get back to you guys edit, update ; printf with msvc2005 prints the exact same address as with cout. However i tried it out with bloodshed(gcc3.4.2) and of course this produces at completely different binary BUT.. the cout methods is reported to be at address 1.. like wtf? .. however the PRINTF actually prints the right address here! Human? good idea. Last edited by abitofboth; 01-19-2006 at 20:52. Reason: update |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Likely N00b question - Bassmod.dll | Stingered | General Discussion | 6 | 01-16-2018 02:23 |
N00b : help ? | abitofboth | General Discussion | 11 | 05-05-2005 15:12 |