I am new to reversing. My apologies if question sounds to beginer-ish :) I have created simple code in Visual Studio C++ 2010 on XP SP3:
int main()
{
return 0;
}
Whenever I open it in Olly it shows the following state of the stack with execution paused:
0012FFC4 7C817077 RETURN to kernel32开发者_JAVA技巧.7C817077
0012FFC8 7C910228 ntdll.7C910228
0012FFCC FFFFFFFF
0012FFD0 7FFD5000
0012FFD4 80544CFD
0012FFD8 0012FFC8
0012FFDC 82537DA8
0012FFE0 FFFFFFFF End of SEH chain
0012FFE4 7C839AD8 SE handler
0012FFE8 7C817080 kernel32.7C817080
0012FFEC 00000000
0012FFF0 00000000
0012FFF4 00000000
0012FFF8 004012A0 Reversin.<ModuleEntryPoint>
0012FFFC 00000000
I can see end of SEH chain and SE handler the rest of it just doesn't make sense to me. I have found the following stack layout for the functions with exception handler installed:
Function_Local_Variables
Exception_Registration_Record
Exception_Handler
Callers_EBP
Return_Address_in_Caller
Function_Arguments
It does not seem to apply in my case. I need help trying to understand what's been stored in stack please.
Thank you.
If you're trying to learn the stack convention by looking at hex in Olly, you should consider which stack convention your code is following. By default, most C++ code follows the __cdecl convention. Check out this link: http://en.wikipedia.org/wiki/X86_calling_conventions#cdecl
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论