📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.





About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

 Forums >>  IDA Pro  >>  hello how can i find inside dll a function return address?

Topic created on: August 4, 2008 16:12 CDT by nah .

Like the title says i want to know how to find function return address. Help is greatly appriciated thnx.

  Soul12     August 5, 2008 06:57.35 CDT
look at the stack

  nah   August 5, 2008 11:40.20 CDT
can u be more specific i didnt get it mybe a screenshot could help thnx

  pon     August 16, 2008 11:33.12 CDT
[esp]?

  nezumi     August 20, 2008 11:27.25 CDT
do you mean debugger or disassembler? debuggers are able to trace stack. for IDA-Pro this is Debugger -> Tracing -> Stack Trace, but quite often IDA-Pro does this wrong, so you must to trace ESP value manually, looking for ESP memory dump.

for disassembler - see cross reference, however, this is not reliable way. IDA-Pro gives you no guarantee she finds them all. try to find direct function address in hex-dump. for example, for sub_406090 you have to find 90 60 40 00. it helps to find calls from unrecognized code. however, it works only for fair programs. if a programmer wants to hide calls, he can crypt pointers. btw, some compilers crypt pointers to prevent buffer overflow attacks.

plz, clarity your question if you want to get an answer.

Note: Registration is required to post to the forums.

There are 31,328 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Question about memor...
Dec/12


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...
djnemo on:
Nov/17
Kernel debugger vs user mod...
acel on:
Nov/14
Kernel debugger vs user mod...
pedram on:
Dec/21
frida.github.io: scriptable...
capadleman on:
Jun/19
Using NtCreateThreadEx for ...
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit