solvman
03-11-2011, 11:57 PM
Hi,
I am new to reversing. My apologies if question sounds to beginer-ish :) I have created simple code in Visual Studio C++ 2010:
int main()
{
return 0;
}
Whenever I open it in Olly it shows the following state of the stack for main() function:
0012FFC4 7C817077 RETURN to kernel32.7C817077
0012FFC8 7C910228 ntdll.7C910228
0012FFCC FFFFFFFF
0012FFD0 7FFD5000
0012FFD4 80544CFD
0012FFD8 0012FFC8
0012FFDC 82537DA8
0012FFE0 FFFFFFFF End of SEH chain
0012FFE4 7C839AD8 SE handler
0012FFE8 7C817080 kernel32.7C817080
0012FFEC 00000000
0012FFF0 00000000
0012FFF4 00000000
0012FFF8 004012A0 Reversin.<ModuleEntryPoint>
0012FFFC 00000000
I've being trying to figure out layout of what it is in the stack without any luck. I understand it has to be activation record for main(). I understand what <ModuelEntryPoint> and SEH chain are. What is the rest of it? Please help new bee to understand what's been stored here. Thank you in advance.
I am new to reversing. My apologies if question sounds to beginer-ish :) I have created simple code in Visual Studio C++ 2010:
int main()
{
return 0;
}
Whenever I open it in Olly it shows the following state of the stack for main() function:
0012FFC4 7C817077 RETURN to kernel32.7C817077
0012FFC8 7C910228 ntdll.7C910228
0012FFCC FFFFFFFF
0012FFD0 7FFD5000
0012FFD4 80544CFD
0012FFD8 0012FFC8
0012FFDC 82537DA8
0012FFE0 FFFFFFFF End of SEH chain
0012FFE4 7C839AD8 SE handler
0012FFE8 7C817080 kernel32.7C817080
0012FFEC 00000000
0012FFF0 00000000
0012FFF4 00000000
0012FFF8 004012A0 Reversin.<ModuleEntryPoint>
0012FFFC 00000000
I've being trying to figure out layout of what it is in the stack without any luck. I understand it has to be activation record for main(). I understand what <ModuelEntryPoint> and SEH chain are. What is the rest of it? Please help new bee to understand what's been stored here. Thank you in advance.