hi

this is a very simple problem i think... but i need somebody who gives me a push in the right direction ...

I try to implement some bof -protection, and so i will try too hook NtResumeThread and some other apis, and trace the call back to the first caller and check if the memory is writeable.....

But it is possible to trace the call back in a fast way ??
can you give me some hints ? or links ??
how manage a debugger like olly this ??

thanks a lot .....

There is no easy solution for this. You have to analyze the code to be able to back trace. Because of the dynamic nature of execution, you can't
back trace 100% accurately.

Hi, guy11, that's not a very simple problem, as homersux pointed out.
Read for some problems you may experience the article at http://developer.novell.com/research/appnotes/1999/june/05/02.htm

You can eventually use the StackWalk API inside DBGHELP.DLL or IMAGEHLP.DLL. An example of its use is at http://win32.mvps.org/misc/stackwalk.html

Regards, bilbo