Книга: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
Назад: Breakpoints
Дальше: Tracing
. Next, OllyDbg will pause, and you can call specific exports with arguments and debug them by selecting Debug ▶ Call DLL Export from the main menu., we have loaded ws2_32.dll into OllyDbg and called the ntohl function at ❶, which converts a 32-bit number from network to host byte order. On the left, we can add any arguments we need. Here, we add one argument, which is 127.0.0.1 (0x7F000001) in network byte order at ❷. The boxes on the left are checked only where we are supplying arguments., you see the result of the function stored in EAX, which is 127.0.0.1 (0x0100007F) in host byte order shown at ❸.
Назад: Breakpoints
Дальше: Tracing
Войти в систему
Войти с помощью соц. сетей:
ntohl function at ❶, which converts a 32-bit number from network to host byte order. On the left, we can add any arguments we need. Here, we add one argument, which is 127.0.0.1 (0x7F000001) in network byte order at ❷. The boxes on the left are checked only where we are supplying arguments., you see the result of the function stored in EAX, which is 127.0.0.1 (0x0100007F) in host byte order shown at ❸.
Назад: Breakpoints
Дальше: Tracing
Войти в систему
Войти с помощью соц. сетей: