Hey there! Im facing a problem that i cant seem to solve by myself ...

Im searching for an IP adress in an executable with a Hex Editor and i get the adress "0x005826E8". But in olly in the CPU window when i go to that adress there is nothing. I then tried to find what i was looking for by opening the File window and go there to the adress "0x005826E8" and there it is ...

my question is now, how do i get from that adress in the File Window to the adress in the CPU window??

thanks in advance

greetz
LemoniscooL

you should read up about the PE format
( if you're working with an *.exe? )

many tools (other than olly?) have a feature that will convert between the two addresses

try:
CFF Explorer - www.ntcore.com
IDA Pro 4.9 Freeware - www.hex-rays.com/idapro/idadownfreeware.htm

yeah thx but i already solved it i just forgot to post ^^"
i had to add the base offset to the adress i got .. the base adress can be found with StudPE. thats really easy xD

You can do that using OllyDbg too, heck, you could even throw away your hex editor and search for the IP in Olly too, so then you wouldn't even have to convert the address as it'll be the proper format already.

hehe .. like i didnt try to search the ip in olly xD
i searched but it was in there like:

xxxxxxxx DB "1"
xxxxxxxx DB "2"
xxxxxxxx DB "3"
xxxxxxxx DB "."
xxxxxxxx DB "4"
xxxxxxxx DB "5"
xxxxxxxx DB "6"
xxxxxxxx DB "."
etc

Because it is pushing it one at a time, it's not always a string you can match with a simple search function.

thats why i searched it in a hex editor ^^

Then your searching for it wrong. ALT+M CTRL+B. It will show you where in memory the string is, rather than a file offset. No need for hex editor.