My English is poor.But please help me.

I want to dubug a MFC program.

It's WinProc started at Address 400000.
But the ollydbg Disasmed from 410000.

How can change it?

thanks.

right clik GOTO EXPRESSION in the list and put 400000.

Ricardo Narvaja

Firefox
winproc is at 400000 ?? are is the module loaded at 400000

if your module is loaded at 400000 then ollydbg disassembling at 401000
is probably right becuse a normal program starts only at
400000 + 1000 == 401000

if it is indeed 400000 how did you know that ?? what tools you used to find the winproc is at 400000

i dont think there is any debugger out there except may be ida which can
identify a winproc from a precompiled binary without manual intervention

if you really say that you identified winproc at 400000 can you
find what is the module base ??
view executable -->show memory and look at starting address it should show the address of pe header it should get you the module
base

also when you are there right click and do follow entry ??
and say where it jumps (what is the addresss is it 401000 ??)

Just because the Address is used as a parameter.I think it is a call back.

Thanks to everyone.