The trivial differences are in choice of registers
and semantics.
Figure 11-1
Stack layout of
function call
References
Information on /Gs[-] flag http://msdn2.microsoft.com/en-gb/library/8dbf701c.aspx
Compiler Flags http://msdn2.microsoft.com/en-gb/library/fwkeyyhe.aspx
Debugging on Windows with OllyDbg
A popular user-mode debugger is OllyDbg, which can be found at www.ollydbg.de. As
can be seen in Figure 11-2, the OllyDbg main screen is split into four sections. The Code
section is used to view assembly of the binary. The Registers section is used to monitor
the status of registers in real time. The Hex Dump section is used to view the raw hex of
the binary. The Stack section is used to view the stack in real time. Each section has context-
sensitive menus available by right-clicking in that section.
You may start debugging a program with OllyDbg in three ways:
??? Open OllyDbg program; then select File | Open.
??? Open OllyDbg program; then select File | Attach.
??? Invoke from command line, for example, from a Metasploit shell as follows:
$Perl ??“e "exec '
', 'program to debug', ''"
Gray Hat Hacking: The Ethical Hacker??™s Handbook
254
Figure 11-2 Main screen of OllyDbg
For example, to debug our favorite meet.
Pages:
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471