Hi all,
I am (essentially) writing a debugger (of sorts, long story). I am most interested in memory locations of the debugee. I have gotten as far as reading the relevant DOS/PE headers and using this information I can correctly calculate the location of the start of writeable memory (global variables), but I am lost on calculating the location of the stack. Is it a constant? I debugged several applications with Olly and they all had an EBP of 0012FFF0, and ESP of 0012FFC4.
Any info appreciated.
Regards,
Tom
Don't hardcode any values/addresses like ESP/EBP, use GetThreadContext to retrieve the context (state) of the thread and then inside this structure will be the EBP/ESP register values. Imho if writing a debugger you need to be able to get and set the thread(s) context(s) to be able to handle events such as software breakpoints (read: Int3).
HR,
Ghandi
Hi Ghandi,
That helps me very much, thankyou. As of yet, have not loaded the target binary as a child process so have not looked at this method, although I was aware I could extract the register values from a child process. I was hoping I could somehow tease it out of the headers, as I could find most of the information I needed there (as I said, for instance, the RVA of data section once loaded).
Thankyou for your 'englightening' me :U
Tom