How do you find a functions virtual call address in assembly?
Posted
by Daniel
on Stack Overflow
See other posts from Stack Overflow
or by Daniel
Published on 2010-05-24T01:33:07Z
Indexed on
2010/05/24
1:41 UTC
Read the original article
Hit count: 412
I've googled around but i'm not sure i am asking the right question or not and i couldn't find much regardless, perhaps a link would be helpful.
I made a c++ program that shows a message box, then I opened it up with Ollydbg and went to the part where it calls MessageBoxW.
The call address of MessageBoxW changes each time i run the app as windows is updating my Imports table to have the correct address of MessageBoxW. So my question is how do i find the virtual addres of MessageBoxW to my imports table and also how can i use this in ollydbg?
Basically I'm trying to make a code cave in assembly to call MessageBoxW again.
I got fairly close once by searching the executable with a hex editor and found the position of the call, and I think I found the virtual address. But when i call that virtual address in olly and saved it to the executable, the next time i opened it the call was replaced with a bunch of DB xyz
(which looked like the virtual address but why did the call
get removed?
Sorry if my terminology is off as i'm new to this so i'm not quite sure what to call things.
© Stack Overflow or respective owner